Access control/lock and key
Strict access control is achieved by designing the solution so that the XoT hardware, regardless of form factor, will act as a dedicated permanent lock that can only be opened with the appropriate key from the end-user.
The customer has flexibility in choosing what type of key they want to use as the XoT technology™ allows for a multitude of translations into full security on the XoT hardware end.
It is strongly recommended to use a PKI based certificate for end-users to ensure that they and only they can access the resources behind an XoT hardware.
Undeniable identities
All security is based on identities, both for man and machine, knowing who or what is trying to use a resource in the network
True IoT security requires the identity to be undeniable so that there can be no question about who the user actually is. This in turn means that two-factor authentication is needed for the solution to reach the security level it has the potential to deliver.
XoT technology™ allows the customer to use almost any type of identification of end-users, although those based on certificates and two-factor authentication are recommended.
Zero trust
Zero trust is a way to design and build security solutions based on that you should never assume, always verify. In the case of XoT it means that there are no other way of accessing a protected device than securely showing an accepted identity.
Zero trust means that security needs to extend beyond the obvious and that no one, employees, consultants, co-operation partners or others, can be trusted.
The customer has full freedom in how to secure each end-user but the recommended minimum level is based on a physical token and a secure certificate, making it a secure a two-factor authentication.
PKI and certificates
PKI, Public Key Infrastructure, is a standardised technology that has been in use for many years and that is now getting high traction through 5G networks and IoT sensor among many things.
PKI when correctly implemented is the most secure way to identify both users and equipment and is based on two certificates, a public one and a private one. The public key (certificate) is distributed widely and used by others to encrypt all communication to a specific recipient. The private key is the only one that can decrypt the data and thereby needs to be stored extremely securely.
On the XoT hardware this is done on a dedicated secure module and for the end user some sort of token or smart-card is needed. Management and revocation of certificates is done in a dedicated certificates server, integrated into the XMS for ease of use and true life-cycle management.
Agnostic solution
The XoT solution is based on an agnostic approach to type of device, choice of connectivity and ways to identify end-users, thus making it extremely flexible and easy to implement and manage while still maintaining high security.
With more than 2 billion connected professional devices in use, the only one way to achieve true security is to focus on the access and communication to and from each device. As long as the device uses a standardised communication port (fixed or wireless) and IP it can be fully secured and there is no need to reconfigure or interact directly with each device.
The XoT client software allows end-users to reach any XoT hardware and thereby the protected device behind it, regardless of type of network. The XoT client SW gives the customer the flexibility to use any type of identity for the end user but still utilising PKI and full encryption on all communication to and from that XoT device.
