Security-solutions provider Kyrio, a subsidiary of CableLabs, has been named the Public Key Infrastructure (PKI) Management Authority for the Open Connectivity Foundation (OCF), an Internet of Things (IoT) standards body that has created specifications dealing with device identity and access, among others. Kyrio also has been chosen as a Registration Authority provider with Comodo CA as a certificate authority to provide digital keys to the OCF's qualifying members.
"OCF was looking for suppliers of certificates, but also looking for a company to manage the process and act on behalf of OCF," said Mitch Ashley, president and general manager, Kyrio.
As such, Kyrio will be responsible that anyone contributing to the OCF ecosystem is in compliance with standards to make sure that high levels of security are delivered through PKI. In addition to audits, Kyrio will coordinate timelines so that IoT device manufacturers, which require a long lead time, can have PKI delivered on the line at the right time. Ongoing will be how to manage an ecosystem of devices and ensure certificates can be and are upgraded.
"Things happen, and (companies or technology) are bought and sold all the time. If there is a new company or product line, how can it be subsumed into the PKI (authority)?" Ashley said.
The goal is to make sure different IoT devices interoperate with other products and can communicate securely. "Communications is what the OCF standard is about. PKI is one aspect of how it is implemented," Ashley said.
In other words, a thermostat might need to talk with outdoor sensors, and must know that they are what they say they are and that they are authorized to have access to the smart home network. The OCF specification helps the devices understand each other even if they are from different manufacturers, and the PKI certificates help authenticate the products.
As a registration authority, Kyrio, with Commodo, assigns and manages the process for getting certificates. It helps businesses get inventory and makes sure that the device certification is passed and that it can be part of the OCF ecosystem.
Kyrio was selected by OCF because through its parent company it operated one of the largest global multivendor PKI ecosystems and has issued more than half a billion certificates to devices that go into homes and businesses globally.
"That is a (great) deal of experience we bring to the manufacturers," Ashley said. "How do they get certificates into the manufacturing environment."