Security Lifecycle Management with UNiD
A lifecycle defines the states of an object through its lifetime. Each security state in the security lifecycle of a device defines the security properties in that state. Security state can depend on:
- Software versions
- Run-time statuses such as data measurements, hardware configuration, and status of debug ports
- Product lifecycle phase, for example, development, deployment, returned to the manufacturer, or end-of-life
UNiD defines the security lifecycle that is shown in the above figure as intended to capture the minimum set of lifecycle states and transitions. Noted: our security lifecycle is not in a form that conflicts with or compromises the security requirements of the Platform Root of Trust (PRoT) security lifecycle.
UNiD’s decentralized identity technology changes the PRoT security lifecycle provisioning process: UNiD EDGE deployed devices do not need a traditional manual key and certificate writing during the provisioning phase. Instead, UNiD will take care of the following items during the provisioning lockdown phase:
UNiD EDGE will
- generate multiple key pairs
- register the public key in the DPKI network
- obtain a globally unique identifier
- build an E2E secure connection with the device management system; and
- enroll the device instance on the device management system
After the transition to the secured state, the PRoT lifecycle management starts. The PRoT and Non-PRoT debug processes are complicated. I will blog about it the next time.
UNiD EDGE is available on our GitHub. Please come and visit if you want a deep dive into it.