Modern original equipment manufacturers (OEMs) face an assortment of cybersecurity concerns — from threats against confidential communication and internet security for shared databases, to challenges protecting customer information and trade secrets. OEMs are not only tasked with producing world-class components and parts, but also have to manage the security of sensitive information, financial information and production-line software. It’s a heavy burden to bear.
Compromised security during the operational phase can lead to inaccurate data and inventory missteps that can stymie production and place consumers at risk. Once deployed, effective management of in-field updates to the product line can mean the difference between securing a satisfied customer or embarking on a crisis-management campaign. Embedding security into device development should not be an afterthought – it should be “must have” from the start.
Keyfactor Control gives manufacturers a complete, efficient and effective solution for preventing the dangers posed by hacks of product-control systems and theft of personal customer information. A loss of fidelity has clear financial costs and impacts to the physical safety of workers and consumers alike. Keyfactor Control eliminates these risks, offering end-to-end security for connected devices protecting your line and the products you manufacture.
One company, a $3B global manufacturer of welding products, believed it was purchasing authentic robotic welding arms from resellers, along with service contracts from the manufacturer. With production issues increasing in frequency, service technicians were dispatched to the plant floor for a repair – only to discover that while the robotic arm looked like the genuine product, it was actually a fake.
The arm had been reversed-engineered with less expensive, non-supported parts by unregulated parties. Beyond the concerns related to tampering, these imposter robotic arms were faulty, creating additional costs to the companies and the welding product manufacturer as they responded to the service calls to repair fraudulent equipment.
Keyfactor worked with the manufacturer on this project to enable the installation of digital certificates on each robotic arm during the original equipment manufacturer’s development process. This allowed the manufacturer to authenticate each arm digitally prior to sending a technician to attempt repairs on unsupported robotic arms, reducing fraudulent claims and costs, and mitigating risk to end users and customers.
- Payment Card Industry Standards (PCI DSS)
- The International Organization for Standardization (ISO)
- Sarbanes-Oxley Act (SOX)
- ITAR (International Traffic in Arms Regulations)
- Ongoing Security Threats
- Unauthorized access to devices
- Interruption of Production
- Internal threats
- Advanced malware
- Stolen intellectual property
Keyfactor Control makes it easy and affordable to embed the high-assurance secure identity in every step of the manufacturing and IoT device lifecycle. Through design, manufacturing, deployment, and ongoing management, Keyfactor Control provides the identity foundation you need to produce and sustain the most secure devices on the market. Whether it’s a controlled update, new certificate configuration, or an unexpected breach, Keyfactor Control facilitates staying on top of your operations and products.
Signing firmware and software updates are a critical best practice to ensure that the software installed in your devices is genuine.
Installation of Keyfactor Control and provisioning of a secure and unique identity during the device activation process.
Keyfactor Control empowers one-step automation of certificate and Root of Trust (RoT) management, and is available for embedded Android, and native-C for real-time operating systems.
Certificates, key stores, and trust stores across all devices, applications, servers and services within the IoT ecosystem.
Incorporate encryption, authentication, and secure code signing within your IoT devices and applications using Keyfactor Control SDKs and APIs.
Bind custom attributes to device identities without having to modify, revoke or reissue any certificate.
APIs and plug-ins allow the IoT ecosystem to authenticate device identities, and enforce granular access control based on extended attributes.
Proven in environments of 500-million devices, running either on-premise, in the cloud, or in a custom architected hybrid mode.
Includes a fully managed private PKI, and supports both internal certificate authorities as well as public issuers such as Certicom, DigiCert, and Entrust.