On-premise or cloud-based digital certificate lifecycle management for embedded devices
BlackBerry Certicom’s managed PKI and certification authority services enable certified device identity, component authentication, and certificate life cycle management for automotive OEMs, IoT device manufacturers, and service providers.
Secure and robust self-hosted PKI deployments require specialized infrastructure, specialist expertise, and high start-up and operational costs. BlackBerry Certicom offers an easy and cost-effective alternative to issue, renew and manage certificates on a device manufacturer or service provider’s behalf.
Developed to BlackBerry’s stringent security standards, our PKI service platform enables outsourced manufacturing while protecting the supply chain from device counterfeit, re-manufactured or stolen components.
Product Features and Benefits
Blackberry Certicom’s Managed PKI addresses device security requirements with a full-featured, highly scalable PKI and key provisioning solution. It is a secure, cost effective way to enhance the security of the IoT or automotive supply chain with traceable device provenance. It facilitates the secure exchange of keys and sensitive information using certificate-based authentication to solve the problem of inadequate security commonly associated with password-based authentication.
Secures tens of millions of devices in high production volume environments such as BlackBerry and high profile automotive OEMs globally.
Reduces or eliminates the burden of developing, deploying and hosting an in-house PKI and the costs associated with ongoing maintenance and security administration.
BlackBerry Certicom follows robust security development lifecycle and deployment methodologies to ensure that our PKI services help protect customer devices, and the services they access, from compromise.
BlackBerry Certicom’s PKI’s registration authority function accepts certificate signing requests (CSRs) in real-time or in batch mode and provides ways to integrate root of trust provisioning and device PKI enrolment, leveraging IC-based key stores, TPMs, Trust Zone, secure device memory or software based keystores.
- BlackBerry Certicom offers both standard X.509 and highly customized PKI solutions, with a range of choices in certificate lifecycle management, from custom root and end-entity certificate profiles to custom registration and validation techniques with signature algorithms and key strengths as well as audit regime options.
- Certificates can be issued one at a time or processed in batches, supporting use case for bulk device manufacturing flows or for on-demand certificate issuance. Non-standard, quantum resistant or size optimized certificates for IoT applications can also be supported.
Managed PKI Service
BlackBerry Certicom’s managed PKI service is a customizable PKI service which enables customers to specify their requirements for certificate life cycle management, from CA hierarchies and standard certificate profiles or custom formats to distinct enrolment and validation schemes. Customization can enhance assurance in the trust model or simplify certificate enrolment and lifecycle management processes for IC vendors, device manufacturers and service providers.
Zigbee Smart Energy
Blackberry Certicom provides a trust anchor for all ZigBee Smart Energy devices using ECQV-based size- optimized certificates. This allows end user networks to authenticate genuine smart energy products during key establishment operations, thereby enhancing out-of-the-box compatibility and security, lowering the total cost of ownership for utilities and metering companies while ensuring the integrity of the utility network.
V2X for Intelligent Transportation
BlackBerry Certicom provides a Security Credential Management System (SCMS) for securing vehicle-to-vehicle and vehicle-to-infrastructure, or V2X, communication. ECQV-based pseudonym certificates serve as credentials to authenticate intra-vehicle communications while protecting the privacy of vehicle owners. The SCMS was built to IEEE 1609.2 and CAMP specifications and offers trusted security credentials to OEMs, Tier 1s, road operators and specialty service vehicles from secure BlackBerry infrastructure. A service designed to scale to the highest performance levels, it is also designed such that some components can be deployed in on-premise environment for high volume OEMs.