SixIoT is a PKI based product which enables IoT devices and users to be issued with a digital identity (technically a “digital certificate” comes with a public key and a “private key”). Sixscape’s IRP (Identity Registration Protocol allows SixIoT to deploy millions or billions of IoT devices distributed across in different domains (with each domain served by a domain IDCentral server), to be issued with client certificates, avoiding a traditional PKI scenario issuing all client certificates all from a centralized location with potential bottlenecks. This automated cert management is enabled by Sixscape new cert management protocol called Identity Registration Protocol (IRP), which the Internet Assigned Number Authority (IANA) has assigned port 4604. IRP can automate certificate issuing and renewal without the need for human intervention to manually install the certificates. In a growing large scale network like IoT, it is extremely dicult and time consuming to install a cert in each device manually or to renew one when the cert is due to expire. IRP hides the complexity of handling digital certs and make it simple to maintain a unique digital identity for all devices in the network. For example, a smart video camera could be issued a cert (tied to the camera’s serial number) that could be used for authentication and even encryption when it connects to a central server.
Once IoT devices and users have been assigned a unique digital identity, it can be used for authentication and enabling encryption on communications between other users and services. SixWallet is an IRP client application which needs to be installed on each IoT device. In some cases, the IRP functionality could be added to a device’s firmware. When a new device with SixWallet is installed in an IoT network, it will connect to IRP to obtain its unique digital identity, based on some unique identifier in the device such as its serial number.
IoT Challenges & How SixIoT Addresses These Challenges
- There are few standards around IoT, making each manufacturer and deployment unique. IRP addresses this challenge in providing a mechanism to deliver PKI key material onto the IoT nodes and base stations (where applicable) through the use of Sixscape’s IRP and SDK.
- Sixscape’s IRP and SDK not only deliver security at scale across IoT deployments but also scalability across most manufacturers without the need for bespoke development.
- Most IoT nodes require low payload (usually between 1-12 bytes) and are hampered by AES256 encryption overhead, Sixscape deploys IRP using ECC160 to create a lower overhead on the IoT networks payload
- IRP can securely obtain and deploy not only public certificates but more importantly can act as a CA in creating private hierarchy certificates resulting in a zero cost per certificate/node for all IoT deployments.