Everybody is scared to death about what a security breach could mean for the Internet of Things. Next time, instead of a reporter gaining control over a Jeep or an interloper hacking a baby monitor to talk to your kid, a bad actor with unauthorized access to IoT devices and applications could have even more dangerous and widespread repercussions. So Device Authority is working to educate the market and formulate partnerships so those with IoT deployments can understand and more easily access its security solutions.
The basic problem with security today, said Device Authority CEO and founder Talbot Harty, is that it relies on a static process. Device Authority is changing this paradigm by delivering a highly differentiated solution that provides IoT security in a dynamic way.
Rather than relying solely on PKI infrastructure and shared key controls, Device Authority creates keys that are bound to the identity of the devices, and unique to every session, explained Harty, who met with us this week at ITEXPO in Ft. Lauderdale, Fla.
Device Authority has a large pool of patents, developed over 7 years, about how to interrogate the components of a device to identify it, he added. It can leverage that information to introduce a dynamic challenge and response between the device and the Device Authority cloud-based authentication service. It can generate a one-time key based on a device’s identity and use that to prevent cloning and spoofing. The device itself can generate a key, and the cloud service can issue a challenge and then provide a corresponding key for decryption. That’s a very different and more efficient method of cryptography than relying on transport layer security, he said.
Device Authority started out providing security solutions for more general enterprise applications. The company in the fourth quarter released an IoT-specific security solution. And it’s now in 10 active product evaluations for that solution.
Healthcare, industrials, SCADA, smart cities, and transportation are among the key areas of focus for Device Authority and its IoT solution. The company is now working on its go-to-market, which Harty said will include getting its key generation capabilities into devices; that effort will start with IoT gateways from other vendors.