Securing Private Keys for IoT Deployments

Key management involves creating, renewing, accounting for, and managing private keys. Key management is a critical part of device security. Lost keys may compromise security. Expired certificates and keys may shut down device communications because once a certificate expires the key can no longer be used to create a secure connection. The first step to key management is deciding how to store the keys: hosted and managed by a public CA or on-premise and managed by the organization.

Leave the public key storage to us. As a publicly trusted CA, DigiCert is required to meet industry standards for private key storage. This means private keys should be stored on a FIPS 140-2 compliant device, such as an HSM.

DigiCert partners with the leading HSM manufacturers on strategic projects within the security industry. We aid in the planning and deployment of certificates and storage of their private key on HSMs. If interested, we can provide the pros and cons of having private keys stored and managed by DigiCert or stored on-premise and managed by the organization.

To talk to an expert, call 1-801-877-2119 »

Let Us Contact You

Key Management Strategy Guidelines

Key management is about the policies and practices for creating, developing, transferring, and accounting for cryptographic items (i.e., keys and certificates) for IoT devices and systems. Here are a few things to consider when creating a key management strategy.

Key and Certificate Management Platform

Organizations need to have an easy-to-use and comprehensive centralized management platform that is designed to monitor and control certificates and keys within the organization.

Access Control

The centralized management platform should have well-defined access control roles or features for the items and information within the system.

Key and Certificate Renewal

The centralized management platform should allow administrators to track certificate and key expiration dates for timely renewals.

Key and Certificate Generation

Establish a way for keys and certificates to be generated directly for distribution/provisioning to on-premise IoT devices.

Key and Certificate Discovery

The centralized management platform should allow administrators to check their network/infrastructure and identify all keys and certificates being used.

Key and Certificate Reporting

The centralized management platform should allow administrators to establish and track certificate and key lifetimes. The reporting feature should alert necessary parties before a certificate or key expires.

Key Escrow

IoT security administrators should be able to recover certificates and keys that are no longer operational for business purposes, analysis, and, in some cases, for forensics.

Key and Certificate Rollover

IoT security administrators should be able to distribute a new certificate and key to a device.

Key Destruction

IoT security administrators should be able to remotely destroy a compromised key.

Certificate Revocation

The CA (public or private) must have a robust certificate revocation service (i.e., certificate revocation list (CRL) or Online Certificate Status ProtocolĀ (OCSP)) for distributing certificate revocation notifications.

Talk to an IoT PKI Expert

If you have specific questions about our PKI solution for securing IoT devices, please enter your information in the form below, and an IoT security expert will contact you for a personal consultation.

Request More Information
Fill out this form to request more information or call an expert at 1-801-877-2119