Identity Provisioning

CMS VerdeTTo™ Key Benefits & Features

3 Key Phases of Securing Device Identity with CMS VerdeTTo™

CMS VerdeTTo™ provides a highly configurable platform for identity lifecycle management, that includes establishing unique identity for each device and issuing the necessary certificates, keys, and attributes according to your project plans and dynamics.

A simple, and highly configurable example of securely establishing device identity can be seen below. The scenario includes 3 key phases: Identity Setup, Identity Provisioning, and Identity Lifecycle Management.

Identity Setup

Preparation of the device during its manufacturing process. This stage includes the installation of a CMS VerdeTTo™ agent, and assignment of any customizable device attributes, bootstrap certificates, and/or tokens that will be used during the device activation stage in order to authenticate the device and verify its validity.

Identity Provisioning

When the device is activated and connected, either to the Internet or to a private network alongside CMS VerdeTTo™, the on-device agent connects to the CMS VerdeTTo™ platform and authenticates itself using the attributes and bootstrap certificate or token that were set up initially. Upon successful authentication, CMS VerdeTTo™ issues to the device its unique identity, consisting of a certificate and private keys that are securely generated and stored on the device.

Once unique identity is provisioned, the device is registered in the CMS VerdeTTo™ directory, including all its customizable attributes that pertain to device role and which can be leveraged for enforcement of granular access control, management and reporting. Registration of large quantities of devices is facilitated by CMS VerdeTTo™ Device Blueprinting.

Identity Lifecycle Management

Begins as soon as the device is activated and continues throughout the device's lifespan. CMS VerdeTTo™ Identity Lifecycle Management leverages the CMS VerdeTTo™ agent and provides a mechanism for continuous secure updates, including the updating of identity (certificates and keys) for the purposes of renewal, re-issuance, device ownership transfer, and security response or upgrade. CMS VerdeTTo™ agents are configured to regularly poll for updates, allowing for the remote, centralized, management of large fleets of devices, and insuring ongoing security as requirements or other project variables change.