On-premise or cloud-based digital certificate lifecycle management for embedded devices
Replace weak passwords with highly secure identity credentials to ensure only authorized devices can access sensitive services. Reduce risk of counterfeit or rouge devices attacking your cloud or back-end systems. Support automated negotiation of secure communication parameters. Encrypt sensitive information for a target device, ensuring no other devices have access. These are all capabilities enabled by Public Key Infrastructure (PKI) and digital certificates.
Secure and robust self-hosted PKI deployments require specialized infrastructure, specialist expertise, and high start-up and operational costs. BlackBerry Certicom offers an easy and cost-effective alternative to issue, renew and manage certificates on a device manufacturer or service provider’s behalf. Our managed PKI and Certification Authority (CA) services enable certified device identity, component authentication, and certificate life cycle management for automotive OEMs, IoT device manufacturers, and service providers.
Developed to BlackBerry’s stringent security standards, our PKI service platform enables outsourced manufacturing while protecting the supply chain from device counterfeit, re-manufactured, or stolen components.
Product Features and Benefits
Blackberry Certicom’s Managed PKI addresses device security requirements with a full-featured, highly scalable certificate management and key provisioning solution. PKI facilitates the secure exchange of keys and sensitive information using certificate-based authentication. This addresses the problem of inadequate security commonly associated with password-based authentication. It is a secure, cost-effective way to enhance the security of the automotive or IoT supply chain with traceable device provenance to mitigate the risk of device counterfeiting or remanufacturing fraud.
Blackberry Certicom can support both low and high-volume applications depending on customer requirements. With our unique expertise and history supporting Elliptic Curve Cryptography (ECC), we can offer high performance solutions for demanding high volume production requirements.
We can offer fully hosted or on-premise deployments with business models and processes tailored to meet industry requirements.
Secures tens of millions of devices in high volume production
environments such as mobile device, automotive, and smart meter manufacturing.
Reduces or eliminates the burden of developing, deploying and hosting an in-house PKI and the costs associated with ongoing maintenance and security administration
BlackBerry Certicom follows robust security development lifecycle and deployment methodologies to ensure that our PKI services help protect customer devices and the services they access from compromise.
BlackBerry Certicom’s PKI’s registration authority function accepts certificate signing requests (CSRs) in real-time or in batch mode and provides ways to integrate root of trust provisioning and device PKI enrolment, leveraging IC-based key stores, TPMs, Trust Zone, secure device memory or software based keystores.
- BlackBerry Certicom offers both standard X.509 and highly customized PKI solutions, with a range of choices in certificate lifecycle management, from custom root and end-entity certificate profiles to custom registration and validation techniques with signature algorithms and key strengths as well as audit regime options.
- Certificates can be issued one at a time or processed in batches, supporting use case for bulk device manufacturing flows or for on-demand certificate issuance. Non-standard, quantum resistant or size optimized certificates for IoT applications can also be supported.
Managed PKI Service
BlackBerry Certicom’s managed PKI service is a customizable PKI service which enables customers to specify their requirements for certificate life cycle management, from CA hierarchies and standard certificate profiles or custom formats to distinct enrolment and validation schemes. Customization can enhance assurance in the trust model or simplify certificate enrolment and lifecycle management processes for IC vendors, device manufacturers and service providers.
Zigbee Smart Energy
Blackberry Certicom provides a trust anchor for all ZigBee Smart Energy devices using ECQV-based size-optimized certificates. This allows end user networks to authenticate genuine smart energy products during key establishment operations, thereby enhancing out-of-the-box compatibility and security, lowering the total cost of ownership for utilities and metering companies while ensuring the integrity of the utility network.
V2X for Intelligent Transportation
BlackBerry Certicom provides a Security Credential Management System (SCMS) for securing vehicle-to-vehicle and vehicle-toinfrastructure, or V2X, communication. ECQVbased pseudonym certificates serve as credentials to authenticate intra-vehicle communications while protecting the privacy of vehicle owners. The SCMS was built to IEEE 1609.2 and CAMP specifications and offers trusted security credentials to OEMs, Tier 1s, road operators and specialty service vehicles from secure BlackBerry infrastructure. A service designed to scale to the highest performance levels, it is also designed such that some components can be deployed in onpremise environment for high volume OEMs.