Eurotech, Infineon, Microsoft and GlobalSign are working together to simplify large scale, secure roll outs of connected devices. This collaboration extends the secured device identity chain from the edge to the cloud.

Building on industry standards, the offering starts the chain-of-trust at Infineon’s Optiga TPM trusted platform module, which is installed in all Eurotech IoT edge gateways. As a platform manufacturer, Eurotech extends this trust to a secure initial device identifier, an IEEE 802.1AR certificate-based identity that is cryptographically bound and uniquely assigned to the device.

This identity attests the integrity of the platform supply chain and provides the necessary baseline for zero touch onboarding.

As part of this collaboration, Italian firm Eurotech has worked with security certificate authority GlobalSign and Microsoft, with its IoT identity service security subsystem of the Azure IoT Edge, to extend the chain-of-trust to cloud connectivity.

This is achieved through the enrolment of additional local certificates confirming device ownership to a user and using these identities for automatic provisioning of Azure IoT Hub operational identities by the Azure device provisioning service.

“IoT is changing the way businesses think and operate, allowing them to optimise existing processes and opening the door for new business models and revenue streams,” said Sam George, corporate vice president for Azure IoT at Microsoft. “Streamlining the process of creating a chain of trust reduces the risk of supply chain tampering and device attacks that stem from compromised device identities. By helping to mitigate these risks, we’re enabling organisations to build more durable and resilient IoT to innovate on a foundation of trust.”

The offering reduces the complexity of embedding strong certificate identities in cloud connected device architectures. It delivers a blueprint for the management of standard-based digital identities over the life-cycle of the device from manufacturing, provisioning and maintenance to decommissioning.

“We are very proud of partnering with industry leaders Infineon, GlobalSign and Microsoft to lower the barriers of adoption of best practices for hardware-anchored digital device identities,” said Marco Carrer, CTO at Eurotech. “This partnership reflects Eurotech’s commitment to cyber security and supporting its customers to reduce device complexity and management.”

Juergen Rebel, vice president at Infineon Technologies, added: “Security remains the key enabler for cloud service adoption. The necessary level of protection can only be achieved by combining software security mechanisms with robust hardware-based security capabilities based on globally accepted industrial and IT security standards. A chain of trust from the node to the cloud using hardware-based security anchors allows to securely identify each IoT and edge device, to protect sensitive data as well as the integrity of the cloud.”

And Lancen LaChance, vice president with GlobalSign, said: “Secure, zero-touch onboarding of IoT devices to the cloud is an important solution that realises immediate value through its security and efficiency. It’s a solid blueprint that benefits the broader IoT industry by providing a proven, best practice solution to a common IoT device identity management challenge. Our collaboration with notable experts Infineon, Eurotech and Microsoft has enabled the entire IoT industry to take one secure leap forward.”