Proving the Business Case for the Internet of Things

Thirdwayv software module provides IoT security

Steve Rogerson
May 16, 2019

Thirdwayv, a California-based provider of end-to-end connectivity and security, announced at this week’s IoT World in Santa Clara that it has added AppAuth software modules to provide security in mission-critical IoT applications.
The company’s growing suite of patented products provides layers of security-by-design protection in a wide variety of mission-critical commercial and enterprise IoT applications.
Consisting of three software modules that bring trust to a system’s IoT devices, smartphone apps and cloud, AppAuth works seamlessly with Thirdwayv’s SecureConnectivity platform that is already being used to connect and protect wireless, safety-critical deployments including FDA-cleared drug-delivery systems.
“Mission-critical IoT systems are typically related to the safety of individuals or the protection of high-value property,” said Vinay Gokhale, vice president of business development with Thirdwayv. “AppAuth enables our enterprise and commercial customers to bring trust to these systems through reliable user and device authentication, identity management and, most importantly, attestation of one system component to the other. AppAuth fills a crucial security layer in any comprehensive mission-critical IoT solution.”
AppAuth lets users control mission-critical connected IoT devices in the medical, industrial and infrastructure markets with their own smartphones. AppAuth protects communication links as well as the surrounding environment of such links. It provides a digital cryptographic identity to each element of the IoT system and enables each system element to validate the authority and privileges of the others.
AppAuth can be used alone or with Thirdwayv’s SecureConnectivity that improves overall security of IoT devices while enabling them to be connected and controlled via the same Bluetooth connection found in any commercial smartphone.
For the smartphone app, AppAuth uses smartphone hardware root of trust to monitor continually phone operating system (OS) integrity and authenticity and protect the app from OS vulnerabilities and malware attacks. AppAuth also hardens the app against reverse engineering and tampering threats.
The AppAuth module on the IoT device enables it to validate commands from the phone or the cloud before completing the request via its remote attestation feature. Cloud infrastructure provides over-the-air certificate issuance to smartphone apps and IoT devices after verifying their integrity and authenticity. Furthermore, the cloud module enables lifecycle management of all components on the IoT network. AppAuth is available on both iOS and Android operating systems.
Safety- and mission-critical IoT applications are increasingly becoming targets for cyber-security attacks, and the vulnerability of the smartphone is a growing concern.
“IoT systems are especially at risk of attack through connectivity to their cloud services, smartphone apps and other IoT devices,” said Steve Hoffenberg, director at industry analyst firm VDC Research. “IoT device makers need to ensure that only currently trusted entities can communicate with their products by enforcing authentication and access privileges in all levels of communications.”
AppAuth software has already been licensed to lead customers and will be available for the general market in June 2019. Like Thirdwayv’s SecureConnectivity product, AppAuth will be available via a series of software development kits (SDKs) and application programming interfaces (APIs) to speed incorporation by IoT development engineers.