UNiD Security Lifecycle

by masa256k1 in October 18th, 2021

A lifecycle defines the states of an object through its lifetime. Each security state in the security lifecycle of a device defines the security properties in that state. Security state can depend on:

  • Software versions
  • Run-time statuses such as data measurements, hardware configuration, and status of debug ports
  • Product lifecycle phase, for example, development, deployment, returned to the manufacturer, or end-of-life

UNiD defines the security lifecycle that is shown in the above figure as intended to capture the minimum set of lifecycle states and transitions. Noted: our security lifecycle is not in a form that conflicts with or compromises the security requirements of the Platform Root of Trust (PRoT) security lifecycle.

UNiD's decentralized identity technology changes the PRoT security lifecycle provisioning process: UNiD EDGE deployed devices do not need a traditional manual key and certificate writing during the provisioning phase. Instead, UNiD will take care of the following items during the provisioning lockdown phase:

UNiD EDGE will

  • generate multiple key pairs
  • register the public key in the DPKI network
  • obtain a globally unique identifier
  • build an E2E secure connection with the device management system; and
  • enroll the device instance on the device management system

After the transition to the secured state, the PRoT lifecycle management starts. The PRoT and Non-PRoT debug processes are complicated. I will blog about it the next time.

UNiD EDGE is available onĀ our GitHub. Please come and visit if you want a deep dive into it.

Your cart