Security Lifecycle Management with UNiD

A lifecycle defines the states of an object through its lifetime. Each security state in the security lifecycle of a device defines the security properties in that state. Security state can depend on:

• Software versions
• Run-time statuses such as data measurements, hardware configuration, and status of debug ports
• Product lifecycle phase, for example, development, deployment, returned to the manufacturer, or end-of-life

UNiD defines the security lifecycle that is shown in the above figure as intended to capture the minimum set of lifecycle states and transitions. Noted: our security lifecycle is not in a form that conflicts with or compromises the security requirements of the Platform Root of Trust (PRoT) security lifecycle.

UNiD’s decentralized identity technology changes the PRoT security lifecycle provisioning process: UNiD EDGE deployed devices do not need a traditional manual key and certificate writing during the provisioning phase. Instead, UNiD will take care of the following items during the provisioning lockdown phase:

UNiD EDGE will

• generate multiple key pairs
• register the public key in the DPKI network
• obtain a globally unique identifier
• build an E2E secure connection with the device management system; and
• enroll the device instance on the device management system

After the transition to the secured state, the PRoT lifecycle management starts. The PRoT and Non-PRoT debug processes are complicated. I will blog about it the next time.

UNiD EDGE is available on our GitHub. Please come and visit if you want a deep dive into it.