Device Management Provision

Solving the Challenges of Configuring Millions of Devices with Unique Identities and the Correct Server Credentials During Manufacturing

Device Management Provision enables device manufacturers to configure millions of devices with unique cryptographic identities and the Pelion Device Management connection parameters before they leave the factory. With Device Management Provision you can create, inject and securely store the private keys, certificates, server URL and certificate, connection parameters and firmware update keys necessary to connect to Pelion Device Management and manage devices.

Contact Us
Trusted Device Identification, Device On-Boarding and Service Provisioning 
Secure Identity

To connect to Pelion Device Management each IoT device must have a unique cryptographic credential. This unique credential is used to authenticate devices, generate session encryption keys and authorize device access to various system services. The device cryptographic credential is stored securely to protect data that moves between the device and the server, and to protect the the device management service itself from unauthorized access.

Secure Storage

The device private keys, certificates and firmware validation keys are securely stored in protected storage implemented by Device Management Client. The protected storage can secure the data in external and internal non-volatile memory serving as a protected root-of-trust in the device. For increased security, the root-of-trust can utilize TrustZone capabilities supported by Arm processors.

Secure Connection

Each IoT device must be configured with the correct server and connection parameters to identify, connect to and authenticate the Pelion Device Management server. Device Management Provision supports industry-standard X.509 certificates. These certificates facilitate mutual authentication and establishment of encrypted DTLS or TLS sessions between devices and the device management server.

Device Management Provision capabilities are delivered as a flexible and extensible SDK supporting multiple factory floor configurations and trust levels.