skip to Main Content

Longview™ Partners with GlobalSign and Intrinsic ID to Deliver Robust and Comprehensive IoT Security for Industrial Asset Management

Challenge

Carnegie Technologies delivers end-to-end IoT solutions, pre-configured for various industries and designed to work right out of the box. Carnegie Technologies’ Longview IoT was purposfully developed as a full set of IoT technologies to provide their customers with a single, secure, and optimized IoT solution to monitor and manage industrial assets.

As a startup employing LoRaWAN network architecture on AWS services, Longview was uniquely positioned to employ best practices when it came to incorporating security into their software development process. Longview considered security issues from the onset to ensure they were baked into their solution, not bolted-on as an afterthought. Their triple-layer security framework, built from the ground up with integrated security, is a complete IoT solution and a key selling feature.

Their challenge was finding the right partner with a suitable IoT security platform to build out their triple-layer security framework and secure their device supply chain. They sought a scalable, automated platform that would minimize manual management of CA and RA services. They were looking for an easy-to-use API that would lessen the integration burden on their development team. They wanted in-field sensor identification agility and they needed a flexible company that could collaborate to deliver a comprehensive solution.

“We have made IoT security the utmost priority with Longview throughout the entire solution, from our sensors to the cloud, and into the field,” said Brad Bush, managing director of Internet of Things for Carnegie Technologies. “Working with GlobalSign and their partner Intrinsic ID ensures that businesses and users are protected by best-in-class technologies at every point in the system, ensuring that our solution is secure and future proof for enterprises of any size.”

Solution Requirements

  • Scalable certificate provisioning to future proof growth
  • Private and Public CA and RA services with automated provisioning
  • Ability to provision device certificates during manufacturing (Birth Certificates)
  • Ability to identify in-field sensors
  • Easy and fast integration

Solution

Longview’s triple-layer security framework consists of LoRaWAN’s native 128-bit encryption, SRAM PUF technology for device specific key generation, and Certificate Authority (CA) backed certificate provisioning to protect each device in the supply chain as well as the data transmitted on the network.

LoRa technology secures the LPWAN network. GlobalSign collaborated with our partner, Intrinsic ID to secure individual sensors using SRAM PUF technology with unique identities. Longview partnered with GlobalSign for certificate provisioning at the gateway and protected data transmission.

PUF technology (Physical Unclonable Function) allows generation of device-specific keys based on minuscule anomalies of each semiconductor, similar to a human fingerprint, to uniquely identify each of Longview’s sensors.

To secure the supply chain of the Longview gateway and sensor devices (manufactured by an EMS) during manufacturing and through deployment, digital certificates were needed. The Longview Private CA set up by GlobalSign allows them to issue IDevID certificates (aka Birth certificates or shelf  certificates) for each IoT gateway device at the EMS manufacturer’s facility. Longview uses GlobalSign’s IoT Edge Enroll integration on its IoT Identity Platform to manage their Private CA and encrypt data communication.

IoT Edge Enroll delivers Identity Lifecycle Management to Longview, enabling secure connectivity to their AWS cloud.

  • For gateway birth certificate provisioning at the point of EMS manufacture (IDevIDs)
  • For automated local certificate provisioning during gateway deployment (LDevIDs)
  • To renew local certificates (device identity management)

Result

  • Optimized Longview’s security development and integration by using the IoT Edge Enroll RESTful API, saving unnecessary development costs and reducing time to market
  • Automated certificate provisioning streamlined the private CA and RA functions, reducing internal management costs
  • In-field device identity enrollment allows any existing asset to be tracked and monitored
  • Secured the supply chain from device build/manufacturing through to in-field deployment/operation

Globalsign Figure

PPC RT 2019.001.02 Dim.728x90 WP Economic Advantage 1

Back To Top