You control the level of security suitable for your application: from unencrypted firmware delivery to unique keys using Hardware Security Modules (HSMs) for highest security needs.
Digital Log Book
Capture all events regarding a specific device (from manufacturing, operations and maintenance to disposal and recycling) to ensure complete traceability.
Due to its modularity, the Device Management Server can easily be tailored to your specific needs.
Device Management Server
The DMS is a lean solution for firmware distribution and device management. It automates the firmware distribution process and delivery of updates in the most convenient manner. With this, DMS makes these critical processes secure, reliable and predictable.
To manage devices in the field they can easily be grouped in Firmware Channels to deliver updates to specific devices or device groups only.Furthermore, as the firmware is exclusively delivered through the DMS, every interaction with each device can be logged: from initial programming and functional test results throughout the whole lifecycle. Hence, the DMS offers a plugin called “robo.log” which is a Digital Log Book for each device creating a digital twin of every device. This data is the foundation for all kind of analytics and predictive maintenance.
Facts to Remember
- Encryption: You choose, you control, you decide on the level of security suitable for your application: from unencrypted firmware delivery to unique keys using Hardware Security Modules (HSMs) for highest security needs.
- API - integrates seamlessly with your infrastructure: mobile applications, your web applications, your ERP systems, your MDM solution, …
- Device Management: monitor and control your devices using Firmware Channels.
- Bootloader – use your own or get up and running within hours using the ConceRTOS bootloader (www.concertos.io).
- Digital Log Book (digital twin) – Capture all events regarding a specific device (from manufacturing, operations and maintenance to disposal and recycling) enabling analytics and predictive maintenance).
- Flexibility – can be tailored to your specific needs.
IoT and Security
SFOTA - Secure Firmware over the Air Updates
The (missing) “S” in IoT stands for security. Therefore, security is a number one concern in IoT applications. One of the best security strategies for devices is not to connect them to the internet – however, this is inherently not possible for IoT applications. That is why other strategies are needed. While absolute security is impossible, being able to securely (encrypted, authenticated, signed and validated) update the firmware and fix security issues is essential: The “S” in SFOTA stands for security in Firmware Over-the-Air programming.
What problems does the DMS solve?
Keep your devices up to date
Secure Firmware Over the Air updates (SFOTA) are an integral part of any secure IoT solution. Imagine thousands or even millions of deployed devices which contain a newly discovered security vulnerability. Not being able to update those devices remotely would be a disaster (as it either means the security issue will not be fixed leaving the devices vulnerable or every device must be accessed physically to be updated). Insecure IoT devices are not only a threat to the owner and user but also to the whole internet (e.g. DoS attacks from insecure IP-cams) and therefore to the reputation of the manufacturer.
Protect your Devices
Is your device part of a safety critical application? You probably want to make sure (or even have to), that your firmware has not been tampered or altered in any way when being deployed to your devices. Encrypt and sign your firmware right after compilation. With the help of a specialized bootloader, the firmware can be tested and checked for integrity before it is being installed on your devices.
Protect your Intellectual Property
Does your firmware contain IP you want to protect? Be it proprietary algorithms or the implementation of specific functionality: if you don’t want to present them to competitors or suppliers on the silver tablet it is a good idea to encrypt your binaries right after compilation. The DMS allows delivering firmware securely as it is kept encrypted all the way to the device. Depending on the level of security your application demands, there are different encryption possibilities ranging up to unique keys per device and using a hardware security module (HSM) on the server to handle the encryption. On the device, the decryption takes place after integrity checks. This procedure significantly increases the barriers to reverse engineer your firmware and effectively eliminates attack vectors.
Ship Earlier - Fix Later
Ship Earlier - Fix Later
SFOTA can significantly reduce your time to market if it is integrated with your supply chain. Parallelization of hardware production and firmware development buys you time which allows to ship products earlier. It also allows to start with a minimal viable product, gradually adding features.
Think of the DMS as an insurance which can protect you from the impact of bugs: Having a SFOTA setup ready from the beginning, allows you to fix bugs later. However, the setup must be ready from the beginning because once the devices are out in the field it becomes extremely costly to adjust the bootloader. Thinking about FOTA in the beginning will potentially save you a lot of pain, time and money.
Software built in product variability
Additional to the security issues addressed by SFOTA it also unlocks new business opportunities: software built in product variability is an enabler for various business models.
From freemium plans to feature based pricing models or firmware with runtime limitations: software built in product variability allows to sell different products using the same hardware. Hence you can serve different use cases, clients and applications with a tailored experience. Moving product variability to the software significantly reduces complexity of the supply chain and cost as it leverages economy of scale. For flexibility, the DMS allows you to target specific devices or channels (device groups) for firmware updates.