On-premise or cloud-based digital certificate lifecycle management for embedded devices

Replace weak passwords with highly secure identity credentials to ensure only authorized devices can access sensitive services. Reduce risk of counterfeit or rouge devices attacking your cloud or back-end systems. Support automated negotiation of secure communication parameters. Encrypt sensitive information for a target device, ensuring no other devices have access. These are all capabilities enabled by Public Key Infrastructure (PKI) and digital certificates. Secure and robust self-hosted PKI deployments require specialized infrastructure, specialist expertise, and high start-up and operational costs. BlackBerry Certicom offers an easy and cost-effective alternative to issue, renew and manage certificates on a device manufacturer or service provider’s behalf. Our managed PKI and Certification Authority (CA) services enable certified device identity, component authentication, and certificate life cycle management for automotive OEMs, IoT device manufacturers, and service providers. Developed to BlackBerry’s stringent security standards, our PKI service platform enables outsourced manufacturing while protecting the supply chain from device counterfeit, re-manufactured, or stolen components.

Product Features and Benefits

Blackberry Certicom’s Managed PKI addresses device security requirements with a full-featured, highly scalable certificate management and key provisioning solution. PKI facilitates the secure exchange of keys and sensitive information using certificate-based authentication. This addresses the problem of inadequate security commonly associated with password-based authentication. It is a secure, cost-effective way to enhance the security of the automotive or IoT supply chain with traceable device provenance to mitigate the risk of device counterfeiting or remanufacturing fraud.

Scalable

Blackberry Certicom can support both low and high-volume applications depending on customer requirements. With our unique expertise and history supporting Elliptic Curve Cryptography (ECC), we can offer high performance solutions for demanding high volume production requirements.

Business Flexibility

We can offer fully hosted or on-premise deployments with business models and processes tailored to meet industry requirements.

Field proven

Secures tens of millions of devices in high volume production environments such as mobile device, automotive, and smart meter manufacturing.

Easy and cost-effective deployment

Reduces or eliminates the burden of developing, deploying and hosting an in-house PKI and the costs associated with ongoing maintenance and security administration

Strong security posture

BlackBerry Certicom follows robust security development lifecycle and deployment methodologies to ensure that our PKI services help protect customer devices and the services they access from compromise.

Registration Authority (RA) function

BlackBerry Certicom’s PKI’s registration authority function accepts certificate signing requests (CSRs) in real-time or in batch mode and provides ways to integrate root of trust provisioning and device PKI enrolment, leveraging IC-based key stores, TPMs, Trust Zone, secure device memory or software based keystores.

Customization to meet your needs

• BlackBerry Certicom offers both standard X.509 and highly customized PKI solutions, with a range of choices in certificate lifecycle management, from custom root and end-entity certificate profiles to custom registration and validation techniques with signature algorithms and key strengths as well as audit regime options. 
• Certificates can be issued one at a time or processed in batches, supporting use case for bulk device manufacturing flows or for on-demand certificate issuance. Non-standard, quantum resistant or size optimized certificates for IoT applications can also be supported.