A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital certificates and manage public–key encryption.
- Secure access control. With a unique verifiable identity, you can determine what level of access to grant to that device. In addition, you can now deny access to anyone who does not have a proper certificate – no cert, no way. In addition, if you find out a certificate has been somehow compromised because it is unique and identifiable, you can revoke its access privileges and that certificate will no longer be granted access.
- Mutual Authentication. In the days before IoT and autonomous networked devices, the device didn’t need to be authenticated, just the servers. You wanted to make sure that the website you were logging into was actually a bank and not some bogus phishing site. The bank authenticated your identity through your login and password. With IoT, the device needs to be authenticated and the device also needs to authenticate the server it is talking to. With digital certificates and secure elements, this is now practical.
- Secure Over-the-Air (OTA) Update. The problem with many devices today is that they will accept software updates from anyone. Remember, you want a device to only accept software that is verified and comes from a trusted server. The certificates allow the device to prove it should receive an update and which one, and the cryptography in the secure element allows the device to verify the server as well as the signed code.
As you can see, combined with digital certificates, PKI enables a trusted environment for robust identity protection by authenticating the identity of a device and assuring the integrity of that device.