Validating Identity and Code Authenticity
Software on its own can have a variety of weaknesses because it is written code that can be read, analyzed, and rewritten. This makes securing devices in the Internet of Things more challenging. With Code Signing Certificates, a digital signature can be used to sign scripts to verify identity and ensure that the code has not been tampered with. Signing the code essentially “seals” it, identifies who the code is from and with the time-stamp feature, makes sure the code has not been modified.
DigiCert's signing services provide a way to verify that an IoT device configuration settings, software, firmware, etc. have not been modified during startup. During startup the secure boot process can use the code signing signatures to verify that the software installed on devices has not been changed. Additionally, once an IoT device is in the wild, vendors may also need to update the software/hardware on the device. Again, Code Signing Certificates provide a way for devices to verify that device firmware and software updates are from a trusted source.
To talk to an expert, call 1-801-877-2119 »Let Us Contact You
DigiCert Code Signing Certificates
In the Internet of Things, checks and balances are needed to make sure connected device code remains secure, to make sure only valid software or firmware updates are received, to make sure patches come from the proper source, etc. Code Signing Certificates are the solution to making sure code is secure.
Digital signatures provide a means to verify that device code has not been modified. Digital signatures also can identify who sends upgrades or patches, and verify that these messages have not been modified during transmission.
Code Signing Permissions
DigiCert Code Signing Certificates provide a way to manage internal and partner code signing permissions. Code Signing Certificates let you control what code is allowed to run on IoT devices and systems by providing a way to verify that the code internal developers, partners, and third parties share is legitimate. These certificates identify who provided the code and verifies that the code has not been altered.
DigiCert Code Signing Certificates will work with most chipsets. This includes the Secure Boot chipset—the one that runs at startup to verify device code has not been tampered with. DigiCert Code Signing Certificates can be used to sign application-level code along with code verification using common cryptographic libraries (e.g., OpenSSL).
DigiCert EV Code Signing Certificates
As a best practice for IoT implementations, DigiCert recommends using EV Code Signing Certificates for digitally signing code. Not only is the EV Code Signing Certificate verification process more rigorous, but private keys are stored on secure hardware tokens. For additional protection, DigiCert EV Code Signing Certificates support hardware security modules (HSM), which provide greater control for key management and key permissions.
Talk to an IoT PKI Expert
If you have specific questions about our PKI solution for securing IoT devices, please enter your information in the form below, and an IoT security expert will contact you for a personal consultation.
|Request More Information|
|Fill out this form to request more information or call an expert at 1-801-877-2119|