Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices

Check these out next

FIDO Masterclass
FIDO Masterclass
FIDO Alliance
Solving the IoT Challenge
Solving the IoT Challenge
FIDO Alliance
50 Shades of cloud licensing
50 Shades of cloud licensing
team-WIBU
CIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight Logger
protect724rkeer
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
FIDO Alliance
Fast IDentity Online New wave of open authentication standards
Fast IDentity Online New wave of open authentication standards
.NET Crowd
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance
Siprotec 5 - Expanded Cyber Security Capabilities
Siprotec 5 - Expanded Cyber Security Capabilities
Ryan O'Mara
1 de 24

Authenticate and authorize your IIoTdevices

25 de Oct de 2022
Baixar para ler offline
Software

“Who’s who” is an important question, not just for the publishers of biographical encyclopedias. Identities and reliable ways to identify people, devices, and real or virtual objects have become more important than ever before as much of our lives, including the industrial world, has gone digital. The new opportunities coming from this also contain new challenges: From biometric passports making travel safer and more secure to eID technologies facilitating virtual transactions and digital certificates establishing themselves as the technology of choice to authenticate devices and actors in the industrial IoT, the tech world is exploring how identity can be represented both online and offline. Digital certificates are a great tool to uniquely identify people or devices with the tried-and-tested reliability and security of a pair of cryptographic keys acting as the currency of trust: One key is public and confirmed by a neutral authority, the Certificate Authority, to belong to the person, device, or digital object, and the other is private and secure. With a certificate signed with that private key and the private key stored safely away from prying eyes, there should be no way to tamper with or steal the identity it confirms. CodeMeter Certificate Vault is our answer: The keys are kept safe and the necessary cryptographic operations handled in the smart card chips embedded in our secure hardware elements, our CmDongles. But CodeMeter Certificate Vault is more than that: It acts as a PKCS#11-compliant token provider, acts as a go-between when keys need to be accessed, e.g. through the OpenSSL API, it works perfectly in the important M2M communication standard OPC UA, and it simplifies the often laborious process of distributing and managing certificates by bringing the whole comfort and great performance of CodeMeter License Central to the certificate world. Key pairs are created, bound to their intended container, and packaged in a secure file that can simply be shipped over to their destination. With CodeMeter’s award-winning encryption, the entire process is safe from theft and tampering. In his talk, Guenther Fischer will look at three use cases that show the power of CodeMeter Certificate Vault in action.

team-WIBU
Perfection in Protection, Licensing and Security em Wibu-Systems

Recomendados

Embedded devices - Big opportunities in tiny packagesEmbedded devices - Big opportunities in tiny packages
Embedded devices - Big opportunities in tiny packagesteam-WIBU62 visualizações31 slides
Unleash the Power of CodeMeterUnleash the Power of CodeMeter
Unleash the Power of CodeMeterteam-WIBU81 visualizações28 slides
Your CODESYS Applications, Protected and LicensedYour CODESYS Applications, Protected and Licensed
Your CODESYS Applications, Protected and Licensedteam-WIBU138 visualizações36 slides
Who are you? Authentication by certificatesWho are you? Authentication by certificates
Who are you? Authentication by certificatesteam-WIBU116 visualizações33 slides
Licensing in virtual environmentsLicensing in virtual environments
Licensing in virtual environmentsteam-WIBU404 visualizações49 slides
Creating, delivering, and managing licenses made easyCreating, delivering, and managing licenses made easy
Creating, delivering, and managing licenses made easyteam-WIBU167 visualizações20 slides

Mais conteúdo relacionado

Similar a Authenticate and authorize your IIoTdevices(20)

FIDO MasterclassFIDO Masterclass
FIDO Masterclass
FIDO Alliance4.4K visualizações
Solving the IoT ChallengeSolving the IoT Challenge
Solving the IoT Challenge
FIDO Alliance573 visualizações
50 Shades of cloud licensing50 Shades of cloud licensing
50 Shades of cloud licensing
team-WIBU41 visualizações
CIP for PCI 4.0 Solution Guide for ArcSight LoggerCIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight Logger
protect724rkeer536 visualizações
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
FIDO Alliance2.2K visualizações
Fast IDentity Online New wave of open authentication standardsFast IDentity Online New wave of open authentication standards
Fast IDentity Online New wave of open authentication standards
.NET Crowd289 visualizações
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance2.6K visualizações
Siprotec 5 - Expanded Cyber Security CapabilitiesSiprotec 5 - Expanded Cyber Security Capabilities
Siprotec 5 - Expanded Cyber Security Capabilities
Ryan O'Mara867 visualizações
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
ControlCase562 visualizações
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
Onward Security121 visualizações
Mobile Licenses in the CloudMobile Licenses in the Cloud
Mobile Licenses in the Cloud
team-WIBU103 visualizações
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community2.7K visualizações
Protection and monetization of 3D printed objects in the spare parts business...Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...
team-WIBU87 visualizações
App viewx cert+App viewx cert+
App viewx cert+
AppViewX85 visualizações
What’s New in WSO2 IoT Server 3.1.0What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0
WSO2796 visualizações
Customer Centric View of Best Practices in Software MonetizationCustomer Centric View of Best Practices in Software Monetization
Customer Centric View of Best Practices in Software Monetization
team-WIBU567 visualizações
The Dongle is Dead. Long Live the Dongle.The Dongle is Dead. Long Live the Dongle.
The Dongle is Dead. Long Live the Dongle.
team-WIBU301 visualizações
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
MOnCloud194 visualizações
Wildix German Convention 2017 | Frankfurt am MainWildix German Convention 2017 | Frankfurt am Main
Wildix German Convention 2017 | Frankfurt am Main
Wildix324 visualizações
How and Why to Create and Sell Consumption-Based LicensesHow and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based Licenses
team-WIBU21 visualizações

Mais de team-WIBU(20)

Security and Protection for Machine Learning.pptxSecurity and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptx
team-WIBU24 visualizações
Managing entitlements through the product lifecycleManaging entitlements through the product lifecycle
Managing entitlements through the product lifecycle
team-WIBU117 visualizações
Everything You Always Wanted to Know About CodeMeter FSBsEverything You Always Wanted to Know About CodeMeter FSBs
Everything You Always Wanted to Know About CodeMeter FSBs
team-WIBU79 visualizações
Lost Licenses - The Fine Balance of TrustLost Licenses - The Fine Balance of Trust
Lost Licenses - The Fine Balance of Trust
team-WIBU134 visualizações
Wer bin ich? Authentifizierung durch ZertifikateWer bin ich? Authentifizierung durch Zertifikate
Wer bin ich? Authentifizierung durch Zertifikate
team-WIBU87 visualizações
Entfesseln Sie die Macht von CodeMeterEntfesseln Sie die Macht von CodeMeter
Entfesseln Sie die Macht von CodeMeter
team-WIBU163 visualizações
Mobile Lizenzen in der CloudMobile Lizenzen in der Cloud
Mobile Lizenzen in der Cloud
team-WIBU126 visualizações
Best Practice für LizenzmanagementBest Practice für Lizenzmanagement
Best Practice für Lizenzmanagement
team-WIBU114 visualizações
Best Practices for License ManagementBest Practices for License Management
Best Practices for License Management
team-WIBU50 visualizações
Ganz neu, aber doch vertraut: Einheitliche Abläufe für Online- und Offline-Li...Ganz neu, aber doch vertraut: Einheitliche Abläufe für Online- und Offline-Li...
Ganz neu, aber doch vertraut: Einheitliche Abläufe für Online- und Offline-Li...
team-WIBU76 visualizações
Feeling Right at Home: Uniform Processes for Online and Offline LicensesFeeling Right at Home: Uniform Processes for Online and Offline Licenses
Feeling Right at Home: Uniform Processes for Online and Offline Licenses
team-WIBU47 visualizações
Integration von Schutz und Lizenzierung einfach gemachtIntegration von Schutz und Lizenzierung einfach gemacht
Integration von Schutz und Lizenzierung einfach gemacht
team-WIBU315 visualizações
Total control over your protection and licensing processTotal control over your protection and licensing process
Total control over your protection and licensing process
team-WIBU136 visualizações
Benutzerfreundlichkeit und Bedienbarkeit von automatischen LizenzupdatesBenutzerfreundlichkeit und Bedienbarkeit von automatischen Lizenzupdates
Benutzerfreundlichkeit und Bedienbarkeit von automatischen Lizenzupdates
team-WIBU118 visualizações
Automatic License Updates: Usership and UsabilityAutomatic License Updates: Usership and Usability
Automatic License Updates: Usership and Usability
team-WIBU107 visualizações
Plattformunabhängige Anwendungen mit Python, PHP und JavaScript lizenzierenPlattformunabhängige Anwendungen mit Python, PHP und JavaScript lizenzieren
Plattformunabhängige Anwendungen mit Python, PHP und JavaScript lizenzieren
team-WIBU297 visualizações
Licensing for cross-platform applications made with Python, PHP, and JavaScriptLicensing for cross-platform applications made with Python, PHP, and JavaScript
Licensing for cross-platform applications made with Python, PHP, and JavaScript
team-WIBU544 visualizações
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
team-WIBU210 visualizações
Die hohe Kunst Tretminen in Ihrer Software zu versteckenDie hohe Kunst Tretminen in Ihrer Software zu verstecken
Die hohe Kunst Tretminen in Ihrer Software zu verstecken
team-WIBU232 visualizações
Perfecting the Art of Unmasking the HackersPerfecting the Art of Unmasking the Hackers
Perfecting the Art of Unmasking the Hackers
team-WIBU72 visualizações

Último(20)

MANUAL 1.pdfMANUAL 1.pdf
MANUAL 1.pdf
RAMIREZHERNANDEZNOEM0 visão
SE_RE-II-CH5 (3).pdfSE_RE-II-CH5 (3).pdf
SE_RE-II-CH5 (3).pdf
AZKANAAZ10 visão
Automatic System for Detection and Classification of Brain TumorsAutomatic System for Detection and Classification of Brain Tumors
Automatic System for Detection and Classification of Brain Tumors
Fatma Sayed2 visualizações
Object Oriented ProgrammingObject Oriented Programming
Object Oriented Programming
Muhammad Jahanzaib3 visualizações
Letters From Father Christmas, Centenary EditionLetters From Father Christmas, Centenary Edition
Letters From Father Christmas, Centenary Edition
megedwards52 visualizações
CLOUD_COMPUTING_AWS_TRAINING.pptxCLOUD_COMPUTING_AWS_TRAINING.pptx
CLOUD_COMPUTING_AWS_TRAINING.pptx
MohammadSamiuddin100 visão
Top 10 Unblocked Games by Ben.pptxTop 10 Unblocked Games by Ben.pptx
Top 10 Unblocked Games by Ben.pptx
Ali Raza2 visualizações
Micro Services.pdfMicro Services.pdf
Micro Services.pdf
ELHEITMohamedWassim0 visão
Asdialer | How to Choose the Right Auto Dialer for Your NeedsAsdialer | How to Choose the Right Auto Dialer for Your Needs
Asdialer | How to Choose the Right Auto Dialer for Your Needs
Aresync0 visão
MANUAL 1.pdfMANUAL 1.pdf
MANUAL 1.pdf
Nombre Apellidos0 visão
testing.pptxtesting.pptx
testing.pptx
jagadeeppapisettipal0 visão
7 Steps To Create A Cloud Strategy (1).pdf7 Steps To Create A Cloud Strategy (1).pdf
7 Steps To Create A Cloud Strategy (1).pdf
Polyxer Systems2 visualizações
DATA CENTERS.pdfDATA CENTERS.pdf
DATA CENTERS.pdf
CesarSanchez52310 visão
Normal PeopleNormal People
Normal People
megedwards52 visualizações
Production-ready GraphQL with CalibanProduction-ready GraphQL with Caliban
Production-ready GraphQL with Caliban
Pierre Ricadat4 visualizações
Fansportiz - Fantasy Sports app development companyFansportiz - Fantasy Sports app development company
Fansportiz - Fantasy Sports app development company
Fansportiz - Fantasy Sports app development company0 visão
reverse engineering.pptxreverse engineering.pptx
reverse engineering.pptx
alishahid2449861 visão
Orion Context Broker 20230606Orion Context Broker 20230606
Orion Context Broker 20230606
Fermin Galan6 visualizações
Growth Strategy Growth Strategy
Growth Strategy
Prasanna Hegde0 visão
L2-3.FA19.pptL2-3.FA19.ppt
L2-3.FA19.ppt
UbaidURRahman780 visão

Authenticate and authorize your IIoTdevices

  1. Günther Fischer WIBU-SYSTEMS AG guenther.fischer@wibu.com Authenticate and authorize your IIoT devices 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 1
  2. The CodeMeter® Technology 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 2
  3. CodeMeter Technology © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 3 Delivery to the user Integration into processes Integration into software Software Software CodeMeter Protection Suite Integrate Once Deliver Many ERP / CRM E-commerce CodeMeter License Central Software License Portal CodeMeter License Central 2022-10-20 ®
  4. Secure Key Store – Highest Security archived with Secure Module 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 4 Infineon SLE/SLM 97
  5. X.509v3 Certificate Added – CodeMeter Certificate Vault 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 5 =
  6. Content of an X.509v3 certificate 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 6 A X.509v3 certificate includes:  Version and serial number  Name of the issuer  Name of the subject  Period of validity  Information on the holder's public key  Information on the intended use of the certificate ("extensions")  Digital signature  Encryption algorithms used
  7. What does a digital Certificate contain? 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 7  Confirms the owner of a public key  Identity:  Person/Device  Organisation  Signed by an authority  Can contain additional attributes Certificate Issued for: Common name (CN): Günther Fischer/RFID Reader Company (O): WIBU-SYSTEMS AG Business unit (OU): PS Serial number: 1be10001000220613… Public key: 0x15, 0x3c, 0xd0, 0x26, 0xd6, 0x71, 0xfa, 0xae, 0x20, 0xa6, 0x15, 0x58, 0xea, 0x3d, 0xdd, 0x36, 0x89, … Issued by: Common name (CN): WIBU Root Company (O): WIBU-SYSTEMS AG .. Valid until: 31.12.2022
  8. Certificate Hierarchy / Certificate Chain (Trusted Root Chain) 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 8 Root Certificate CN: Root Certificate CN: Intermed. 2 Certificate CN: RFID D. 3 Certificate CN: RFID D. 4 Certificate CN: RFID D. 5 Certificate CN: RFID D. 6 Certificate CN: RFID D. 1 Certificate CN: RFID D. 2 Certificate CN: Intermed. 1 Certificate CN: Intermed. 3
  9. Special Role of Trusted Root Certificates 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 9
  10. What are Certificates? 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 10  Digital certificates are used to uniquely identify individuals or devices.  The person or device has a key pair consisting of a public and a secret private key.  An Authority (Certificate Authority or CA) confirms that the corresponding public key is assigned to this person or device.  This confirmation is available in the form of a certificate signed with a CA private key.  The high security of certificates is particularly evident in comparison to passwords.  Passwords can be given away or shared intentionally or accidentally.  Hackers can spy on passwords through phishing attacks.
  11. Major Disaster – Private Key Compromised 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 11
  12. Revocation Lists  CRL (Certificate Revocation List)  Includes invalid (withdrawn) certificates  Online query possible, Online Certificate Status Protocol (OCSP) 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 12
  13. Usage Scenarios 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 13
  14. Usage Scenarios  Server Certificates  Client Certificates  E-Mail Certificates / VPN Certificates  OPC UA Device Certificates  Code and Data Integrity of Software  … 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 14
  15. Storing Certificates and Private Keys 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 15
  16. Storing Certificates and private keys  As file in the file system (PEM-File)  In a Token/Secure Element  Certificate Store accessible via  OpenSSL  PKCS#11  Microsoft KSP API (Key Storage Provider) 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 16
  17. PKCS#11 / Microsoft KSP 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 17 PKCS#11 Microsoft KSP Token/Secure Element Internet Explorer Outlook Firefox OpenVPN Your Application
  18. Deployment of Certificates 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 18
  19. Licensor Licensee Cloud Secure key management and certificate distribution Ticket / Fingerprint Container 4 Ticket: ABCDE-FGHIJ-KLMNO-PQRST-UVWXY 3 License Update 5 Ticket 2 Item 1 19 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device
  20. Scenarios 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 20 Device 1 Create Key Pair CSR.PEM CSR.PEM PRIVKEY.PEM CA Identity Check Identity Create, sign, and register Certificate Certificate Import Certificate 2 Create Key Pair Create and sign Certificate Certificate + Privkey + Password Import Certificate + Privkey CERT.PEM PRIVKEY.PEM Genuine Receiver 3 Create RAC RAC Identity Check Identity Create RAU containing PEMs Import RAU Create Key Pair CERT.PEM PRIVKEY.PEM RAU FSB
  21. Authorized Service Technician  Securing the diagnostic software against unauthorized use  Authorizing advanced service functions  Encrypting documents for manuals and service information  Meeting PCI DSS requirements for unique identification  Support in collecting service-relevant system data (hardware inventory + flight records)  Interface to the training system and automatic assignment of access rights depending on the achieved learning success  Securing the component test systems in production Diebold Nixdorf CrypTA (Cryptographic Technician Authentification) © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 21 2022-10-20
  22. Balluff IUNO 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 22  OPC UAAscolab/Unified Communication  RFID Tags RFID D. 1 RFID D. 1
  23. Token/Secure Element Sample: CodeMeter Cerificate Vault 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 23
  24. https://www.wibu.com info@wibu.com Europe: +49-721-931720 USA: +1-425-7756900 China: +86-21-55661790 Japan: +81-3-43608205 Thank You very much! 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 24