SORACOM Krypton (Krypton) is a secure provisioning service.
It is a service that securely realizes provisioning (initial setting) for connecting to various cloud services using SIM issued by SORACOM and SIM authentication platform built on the SORACOM platform.
Secure provisioning based on SIM authentication
In the IoT system collecting various information from many devices, in order to perform secure communication between the device and the system infrastructure and the cloud service, the authentication information specific to the IoT device is secured in a manner not to be stolen from the outside It must be embedded. However, in order to realize this, consideration is required from the manufacturing process and design stage of the device, and the manufacturing cost and parts cost increase.
With Krypton, you can provision the configuration information on-demand to the device by using the SIM provided from SORACOM without setting the setting information for each device at the time of device shipment. By using Krypton, you can securely provision authentication information of cloud services such as AWS and setting information such as connection destination settings to devices authenticated by SIM.
As a result, it is possible to use a common firmware image that does not include information unique to each device, such as authentication information, at the time of device manufacturing, so applying best practices of IoT security without increasing the manufacturing cost of the device I can do it.
Provisioning authentication method using cellular line and SIM authentication
Krypton offers two kinds of provisioning authentication methods. One is a provisioning API call using SORACOM Air's cellular line and the other is SIM authentication using SORACOM Endorse.
Provision with cellular line
When calling the provisioning API using SORACOM Air's cellular line, upon receiving the initial setting request from the device, Krypton uses the authentication information of the cloud service set in advance in Solacom to substitute the initial setting of the cloud service on behalf of the device Then it returns the obtained setting information and authentication information to the device.
Devices can access each service directly using the obtained information.
Provision with SIM authentication
SIM authentication using SORACOM Endorse can authenticate using arbitrary access line using confidential information stored in SIM card and SIM authentication infrastructure of SORACOM side. By utilizing this feature, Krypton can provision using Wi-Fi, Ethernet, etc., if available. (Provisioning using SIM authentication is available for Global SIM Air SIM.)
Benefits of using Krypton
The merits of using Krypton are as follows.
- You can provision setup information on demand by using Air SIM and Krypton without setting up the setting information for each device at the time of device shipment. This makes it possible to use a common firmware image that does not include authentication information at the time of device manufacturing, so that the manufacturing cost of the device can be suppressed and leakage of authentication information can be prevented.
- You can obtain the authentication information for the IoT device to access the cloud service. Access to the cloud service from the device will be possible without embedding authentication information for cloud service connection at the manufacturing stage of the device.
- Krypton does not need to use a cellular line. It is also possible to use cellular as a backup while using low cost WiFi or wired line as the main line. (However, it can be used only in the global SIM.)
* For more information, please refer toDeveloper guide
Please contact us if you have any questions.