Proving the Business Case for the Internet of Things

Blackberry adds security to IoT devices

Reuters and Steve Rogerson
April 23, 2015
Blackberry is launching a certificate service that will help bring the security level it offers on smartphones to a slew of devices from cars to smart meters. Certicom, a subsidiary of Blackberry and an industry pioneer in elliptic curve cryptography (ECC), announced an offering that it contends will secure millions of devices, expected to be part of the growing IoT.
The company said it had already won a contract in the UK to issue certificates for the smart meter initiative with more than 104 million smart meters and home energy management devices. The service will make it easier for companies rolling out such devices to authenticate and secure them, the company said.
Separately, Blackberry has also outlined a plan to expand its research and development efforts on innovation and improvement in computer security. The initiative is being dubbed Blackberry Chace, for Centre for High Assurance Computing Excellence.
"Strong cryptography and entity authentication are the foundation of IoT security," said Jim Alfred, vice president for Blackberry technology at Certicom. "When you manage remote devices, you need to know that you can trust the devices and that your communications network is secured. Certicom device certificates can provide that assurance. Offering innovations in device security is part of Blackberry's on-going mission to be a leading provider of device and application management solutions."
Increased network and device security has become a huge focus for large North American corporations in the face of costly and damaging security breaches. US retailer Target is still recovering from a major breach in 2013 in which 40 million payment card numbers and 70 million other pieces of customer data such as email addresses and phone numbers were stolen.
Michaels Stores, the biggest US arts and crafts retailer, said last year it had suffered a security breach that may have affected about 2.6 million payment cards.
Blackberry said the fail-then-patch approach to managing security risk had become a widely accepted practice, but through Chace it planned to develop tools and techniques that delivered a far higher level of protection than was currently available.
Canadian-based Certicom’s managed public key infrastructure certificate service for connected devices is said to unleash the performance of its security technology for a broad range of IoT applications. The service will help device manufacturers and service providers secure their IoT networks and ecosystems, ensuring the devices they connect are known and trusted. The service puts security certificates under Certicom's management, meaning customers can focus more on their core business and less on security infrastructure and management.
Certicom began last week issuing certificates for the smart meter initiative in the UK, where the smart meters and home energy management devices conform to Zigbee Smart Energy specifications. Certicom designed this managed PKI certificate service to scale up to hundreds of millions of connected devices.
Since 2008, Certicom has issued nearly 60 million Zigbee device certificates to secure smart meters and energy management devices worldwide. Members of the Zigbee Alliance use the certificates to enrol devices into a network and protect sensitive data with ECC from Certicom.
"Certicom's application security framework implements strong device identity and supports role- and policy-based access control, allowing alliance members to provide customers with an enterprise-grade secure sensor network," said Ryan Maley, director of strategic marketing for the Zigbee Alliance. "This announcement further demonstrates Certicom's leadership in internet of things security and enables highly secure Zigbee devices for every home and small business in Great Britain."
The Certicom managed PKI certificate service is available to device manufacturers and service providers, whether on the Blackberry IoT platform or as part of another connected device ecosystem or private network, with options for elliptic curve, hybrid or legacy RSA-based device certificates.
• Blackberry has entered an agreement to acquire Israel-based data security company Watchdox. Terms of the transaction were not disclosed. Watchdox's technology will be offered as a value-added service that complements Blackberry's EMM enterprise mobility management portfolio.
Watchdox offers secure enterprise file-sync-and-share systems that allow users to protect, share and work with their files on any device. The security travels with shared files on mobile and desktop devices to give organisations visibility and control over how files are edited, copied, printed or forwarded. It also allows end users to revoke access or delete files remotely, enables secure mobile productivity for repositories both in the cloud and on premises, and gives administrators the ability to lock or remove access to files compromised in a data breach.