Normally when you take a product to manufacture and production, you hand over all of your software design files, and that gets integrated into the end product by the manufacturer. Sounds like a simple process, doesn’t it? In most cases, it is a fairly simple process from this point, or at least it should be. But the big caveat here is that you must ensure the security of your software throughout this process.
In other words, you need to be sure that the software you send to the plant is exactly the same as the software that gets installed into the manufactured products. No exceptions. Any changes that occur at this point can be detrimental to both the functionality of the end product and of course its safety and security.
It’s imperative that you look closely at how you transmit those files, which are held at the plant, awaiting production, And when you are ready for your high-volume run to occur, you must ensure that those files are programmed into the device intact and securely, so you know exactly what went in and it’s exactly what and how you intended. Because getting things out of the factory intact and into customers hands without any inadvertent changes must be the number one priority for all developers. It’s needed for loyalty, for brand protection, and to keep the IoT safe and intact for all users.
Enter Secure Provisioning
The level of security described here is achieved through the use of secure provisioning. If implemented properly, provisioning software will help the manufacturer quickly and reliably manage all the required materials, which could include information about systems, users, and applications.
While we often just think of software provisioning in terms of the deployment part of software delivery, it’s actually much more than that. The full provisioning process could also include parts of the test, quality assurance, and reporting stages. Hence, the technology should be employed whenever software is delivered between these various environments.
Software updates are also a major concern, and a place where secure provisioning could play a role. How often do you get a consumer product out of the box, and the first thing you have to do is log in to see if any software updates are available? As the device OEM, you must have 100% confidence that the new software that’s being loaded as part of the update is your software and it’s being installed completely intact and in full.
For lots more information about secure provisioning and how it’s actually implemented, check out the webcast delivered by Clive Watts, the Vice President of Product Management for Secure Thingz. The webinar is titled Creating a Secure Device Through Provisioning. Using a simple demo board that serves as the end IoT device, you will witness the entire end-to-end development flow, getting the board programmed and coming up with the secure provision files that would be sent to the product manufacturer.
About the AuthorFollow on Twitter Follow on Linkedin Visit Website More Content by Rich Nass