SlideShare a Scribd company logo

Authenticate and authorize your IIoTdevices

team-WIBU
team-WIBU

“Who’s who” is an important question, not just for the publishers of biographical encyclopedias. Identities and reliable ways to identify people, devices, and real or virtual objects have become more important than ever before as much of our lives, including the industrial world, has gone digital. The new opportunities coming from this also contain new challenges: From biometric passports making travel safer and more secure to eID technologies facilitating virtual transactions and digital certificates establishing themselves as the technology of choice to authenticate devices and actors in the industrial IoT, the tech world is exploring how identity can be represented both online and offline. Digital certificates are a great tool to uniquely identify people or devices with the tried-and-tested reliability and security of a pair of cryptographic keys acting as the currency of trust: One key is public and confirmed by a neutral authority, the Certificate Authority, to belong to the person, device, or digital object, and the other is private and secure. With a certificate signed with that private key and the private key stored safely away from prying eyes, there should be no way to tamper with or steal the identity it confirms. CodeMeter Certificate Vault is our answer: The keys are kept safe and the necessary cryptographic operations handled in the smart card chips embedded in our secure hardware elements, our CmDongles. But CodeMeter Certificate Vault is more than that: It acts as a PKCS#11-compliant token provider, acts as a go-between when keys need to be accessed, e.g. through the OpenSSL API, it works perfectly in the important M2M communication standard OPC UA, and it simplifies the often laborious process of distributing and managing certificates by bringing the whole comfort and great performance of CodeMeter License Central to the certificate world. Key pairs are created, bound to their intended container, and packaged in a secure file that can simply be shipped over to their destination. With CodeMeter’s award-winning encryption, the entire process is safe from theft and tampering. In his talk, Guenther Fischer will look at three use cases that show the power of CodeMeter Certificate Vault in action.

Software
1 of 24
Download to read offline
Günther Fischer WIBU-SYSTEMS AG guenther.fischer@wibu.com Authenticate and authorize your IIoT devices 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 1
The CodeMeter® Technology 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 2
CodeMeter Technology © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 3 Delivery to the user Integration into processes Integration into software Software Software CodeMeter Protection Suite Integrate Once Deliver Many ERP / CRM E-commerce CodeMeter License Central Software License Portal CodeMeter License Central 2022-10-20 ®
Secure Key Store – Highest Security archived with Secure Module 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 4 Infineon SLE/SLM 97
X.509v3 Certificate Added – CodeMeter Certificate Vault 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 5 =
Content of an X.509v3 certificate 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 6 A X.509v3 certificate includes:  Version and serial number  Name of the issuer  Name of the subject  Period of validity  Information on the holder's public key  Information on the intended use of the certificate ("extensions")  Digital signature  Encryption algorithms used
What does a digital Certificate contain? 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 7  Confirms the owner of a public key  Identity:  Person/Device  Organisation  Signed by an authority  Can contain additional attributes Certificate Issued for: Common name (CN): Günther Fischer/RFID Reader Company (O): WIBU-SYSTEMS AG Business unit (OU): PS Serial number: 1be10001000220613… Public key: 0x15, 0x3c, 0xd0, 0x26, 0xd6, 0x71, 0xfa, 0xae, 0x20, 0xa6, 0x15, 0x58, 0xea, 0x3d, 0xdd, 0x36, 0x89, … Issued by: Common name (CN): WIBU Root Company (O): WIBU-SYSTEMS AG .. Valid until: 31.12.2022
Certificate Hierarchy / Certificate Chain (Trusted Root Chain) 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 8 Root Certificate CN: Root Certificate CN: Intermed. 2 Certificate CN: RFID D. 3 Certificate CN: RFID D. 4 Certificate CN: RFID D. 5 Certificate CN: RFID D. 6 Certificate CN: RFID D. 1 Certificate CN: RFID D. 2 Certificate CN: Intermed. 1 Certificate CN: Intermed. 3
Special Role of Trusted Root Certificates 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 9
What are Certificates? 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 10  Digital certificates are used to uniquely identify individuals or devices.  The person or device has a key pair consisting of a public and a secret private key.  An Authority (Certificate Authority or CA) confirms that the corresponding public key is assigned to this person or device.  This confirmation is available in the form of a certificate signed with a CA private key.  The high security of certificates is particularly evident in comparison to passwords.  Passwords can be given away or shared intentionally or accidentally.  Hackers can spy on passwords through phishing attacks.
Major Disaster – Private Key Compromised 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 11
Revocation Lists  CRL (Certificate Revocation List)  Includes invalid (withdrawn) certificates  Online query possible, Online Certificate Status Protocol (OCSP) 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 12
Usage Scenarios 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 13
Usage Scenarios  Server Certificates  Client Certificates  E-Mail Certificates / VPN Certificates  OPC UA Device Certificates  Code and Data Integrity of Software  … 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 14
Storing Certificates and Private Keys 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 15
Storing Certificates and private keys  As file in the file system (PEM-File)  In a Token/Secure Element  Certificate Store accessible via  OpenSSL  PKCS#11  Microsoft KSP API (Key Storage Provider) 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 16
PKCS#11 / Microsoft KSP 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 17 PKCS#11 Microsoft KSP Token/Secure Element Internet Explorer Outlook Firefox OpenVPN Your Application
Deployment of Certificates 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 18
Licensor Licensee Cloud Secure key management and certificate distribution Ticket / Fingerprint Container 4 Ticket: ABCDE-FGHIJ-KLMNO-PQRST-UVWXY 3 License Update 5 Ticket 2 Item 1 19 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device
Scenarios 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 20 Device 1 Create Key Pair CSR.PEM CSR.PEM PRIVKEY.PEM CA Identity Check Identity Create, sign, and register Certificate Certificate Import Certificate 2 Create Key Pair Create and sign Certificate Certificate + Privkey + Password Import Certificate + Privkey CERT.PEM PRIVKEY.PEM Genuine Receiver 3 Create RAC RAC Identity Check Identity Create RAU containing PEMs Import RAU Create Key Pair CERT.PEM PRIVKEY.PEM RAU FSB
Authorized Service Technician  Securing the diagnostic software against unauthorized use  Authorizing advanced service functions  Encrypting documents for manuals and service information  Meeting PCI DSS requirements for unique identification  Support in collecting service-relevant system data (hardware inventory + flight records)  Interface to the training system and automatic assignment of access rights depending on the achieved learning success  Securing the component test systems in production Diebold Nixdorf CrypTA (Cryptographic Technician Authentification) © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 21 2022-10-20
Balluff IUNO 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 22  OPC UAAscolab/Unified Communication  RFID Tags RFID D. 1 RFID D. 1
Token/Secure Element Sample: CodeMeter Cerificate Vault 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 23
https://www.wibu.com info@wibu.com Europe: +49-721-931720 USA: +1-425-7756900 China: +86-21-55661790 Japan: +81-3-43608205 Thank You very much! 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 24

Recommended

Embedded devices - Big opportunities in tiny packages
Embedded devices - Big opportunities in tiny packagesEmbedded devices - Big opportunities in tiny packages
Embedded devices - Big opportunities in tiny packages
team-WIBU
 
Your CODESYS Applications, Protected and Licensed
Your CODESYS Applications, Protected and LicensedYour CODESYS Applications, Protected and Licensed
Your CODESYS Applications, Protected and Licensed
team-WIBU
 
Running code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsRunning code in secure hardware or cloud environments
Running code in secure hardware or cloud environments
team-WIBU
 
Enabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioningEnabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioning
Eurotech
 
Who are you? Authentication by certificates
Who are you? Authentication by certificatesWho are you? Authentication by certificates
Who are you? Authentication by certificates
team-WIBU
 
Licensing in virtual environments
Licensing in virtual environmentsLicensing in virtual environments
Licensing in virtual environments
team-WIBU
 
Creating, delivering, and managing licenses made easy
Creating, delivering, and managing licenses made easyCreating, delivering, and managing licenses made easy
Creating, delivering, and managing licenses made easy
team-WIBU
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 paris
Marcel Hartgerink
 

Recommended

Embedded devices - Big opportunities in tiny packages
Embedded devices - Big opportunities in tiny packagesEmbedded devices - Big opportunities in tiny packages
Embedded devices - Big opportunities in tiny packages
team-WIBU
 
Your CODESYS Applications, Protected and Licensed
Your CODESYS Applications, Protected and LicensedYour CODESYS Applications, Protected and Licensed
Your CODESYS Applications, Protected and Licensed
team-WIBU
 
Running code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsRunning code in secure hardware or cloud environments
Running code in secure hardware or cloud environments
team-WIBU
 
Enabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioningEnabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioning
Eurotech
 
Who are you? Authentication by certificates
Who are you? Authentication by certificatesWho are you? Authentication by certificates
Who are you? Authentication by certificates
team-WIBU
 
Licensing in virtual environments
Licensing in virtual environmentsLicensing in virtual environments
Licensing in virtual environments
team-WIBU
 
Creating, delivering, and managing licenses made easy
Creating, delivering, and managing licenses made easyCreating, delivering, and managing licenses made easy
Creating, delivering, and managing licenses made easy
team-WIBU
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 paris
Marcel Hartgerink
 
Your Migration Map to a Comprehensive Protection and Licensing System
Your Migration Map to a Comprehensive Protection and Licensing SystemYour Migration Map to a Comprehensive Protection and Licensing System
Your Migration Map to a Comprehensive Protection and Licensing System
team-WIBU
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
FIDO Alliance
 
Solving the IoT Challenge
Solving the IoT ChallengeSolving the IoT Challenge
Solving the IoT Challenge
FIDO Alliance
 
Unlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial SecurityUnlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial Security
team-WIBU
 
Enabling embedded security for the Internet of Things
Enabling embedded security for the Internet of ThingsEnabling embedded security for the Internet of Things
Enabling embedded security for the Internet of Things
team-WIBU
 
CIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight LoggerCIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight Logger
protect724rkeer
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
FIDO Alliance
 
Fast IDentity Online New wave of open authentication standards
Fast IDentity Online New wave of open authentication standardsFast IDentity Online New wave of open authentication standards
Fast IDentity Online New wave of open authentication standards
.NET Crowd
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance
 
Siprotec 5 - Expanded Cyber Security Capabilities
Siprotec 5 - Expanded Cyber Security CapabilitiesSiprotec 5 - Expanded Cyber Security Capabilities
Siprotec 5 - Expanded Cyber Security Capabilities
Ryan O'Mara
 
Unleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter BasicsUnleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter Basics
team-WIBU
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
ControlCase
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
Onward Security
 
License Portal - The DIY Solution
License Portal - The DIY SolutionLicense Portal - The DIY Solution
License Portal - The DIY Solution
team-WIBU
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
 
Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...
team-WIBU
 
App viewx cert+
App viewx cert+App viewx cert+
App viewx cert+
AppViewX
 
What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0
WSO2
 
Customer Centric View of Best Practices in Software Monetization
Customer Centric View of Best Practices in Software MonetizationCustomer Centric View of Best Practices in Software Monetization
Customer Centric View of Best Practices in Software Monetization
team-WIBU
 
The Dongle is Dead. Long Live the Dongle.
The Dongle is Dead. Long Live the Dongle.The Dongle is Dead. Long Live the Dongle.
The Dongle is Dead. Long Live the Dongle.
team-WIBU
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
team-WIBU
 
The Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success TogetherThe Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success Together
team-WIBU
 

More Related Content

Similar to Authenticate and authorize your IIoTdevices

Your Migration Map to a Comprehensive Protection and Licensing System
Your Migration Map to a Comprehensive Protection and Licensing SystemYour Migration Map to a Comprehensive Protection and Licensing System
Your Migration Map to a Comprehensive Protection and Licensing System
team-WIBU
 
Unlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial SecurityUnlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial Security
team-WIBU
 
Enabling embedded security for the Internet of Things
Enabling embedded security for the Internet of ThingsEnabling embedded security for the Internet of Things
Enabling embedded security for the Internet of Things
team-WIBU
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance
 
Unleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter BasicsUnleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter Basics
team-WIBU
 
License Portal - The DIY Solution
License Portal - The DIY SolutionLicense Portal - The DIY Solution
License Portal - The DIY Solution
team-WIBU
 
Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...
team-WIBU
 
What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0
WSO2
 
Customer Centric View of Best Practices in Software Monetization
Customer Centric View of Best Practices in Software MonetizationCustomer Centric View of Best Practices in Software Monetization
Customer Centric View of Best Practices in Software Monetization
team-WIBU
 
The Dongle is Dead. Long Live the Dongle.
The Dongle is Dead. Long Live the Dongle.The Dongle is Dead. Long Live the Dongle.
The Dongle is Dead. Long Live the Dongle.
team-WIBU
 

Similar to Authenticate and authorize your IIoTdevices (20)

Your Migration Map to a Comprehensive Protection and Licensing System
Your Migration Map to a Comprehensive Protection and Licensing SystemYour Migration Map to a Comprehensive Protection and Licensing System
Your Migration Map to a Comprehensive Protection and Licensing System
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
Solving the IoT Challenge
Solving the IoT ChallengeSolving the IoT Challenge
Solving the IoT Challenge
 
Unlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial SecurityUnlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial Security
 
Enabling embedded security for the Internet of Things
Enabling embedded security for the Internet of ThingsEnabling embedded security for the Internet of Things
Enabling embedded security for the Internet of Things
 
CIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight LoggerCIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight Logger
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
Fast IDentity Online New wave of open authentication standards
Fast IDentity Online New wave of open authentication standardsFast IDentity Online New wave of open authentication standards
Fast IDentity Online New wave of open authentication standards
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
 
Siprotec 5 - Expanded Cyber Security Capabilities
Siprotec 5 - Expanded Cyber Security CapabilitiesSiprotec 5 - Expanded Cyber Security Capabilities
Siprotec 5 - Expanded Cyber Security Capabilities
 
Unleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter BasicsUnleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter Basics
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
 
License Portal - The DIY Solution
License Portal - The DIY SolutionLicense Portal - The DIY Solution
License Portal - The DIY Solution
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...
 
App viewx cert+
App viewx cert+App viewx cert+
App viewx cert+
 
What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0
 
Customer Centric View of Best Practices in Software Monetization
Customer Centric View of Best Practices in Software MonetizationCustomer Centric View of Best Practices in Software Monetization
Customer Centric View of Best Practices in Software Monetization
 
The Dongle is Dead. Long Live the Dongle.
The Dongle is Dead. Long Live the Dongle.The Dongle is Dead. Long Live the Dongle.
The Dongle is Dead. Long Live the Dongle.
 

More from team-WIBU

Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
team-WIBU
 
The Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success TogetherThe Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success Together
team-WIBU
 
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für GeschäftskontinuitätKeine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
team-WIBU
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuity
team-WIBU
 
Cloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline ScenariosCloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline Scenarios
team-WIBU
 
Optimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best PracticesOptimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best Practices
team-WIBU
 
For a Few Licenses More
For a Few Licenses MoreFor a Few Licenses More
For a Few Licenses More
team-WIBU
 
App Management on the Edge
App Management on the EdgeApp Management on the Edge
App Management on the Edge
team-WIBU
 
Protecting and Licensing .NET Applications
Protecting and Licensing .NET ApplicationsProtecting and Licensing .NET Applications
Protecting and Licensing .NET Applications
team-WIBU
 
A Bit of License Management Magic
A Bit of License Management MagicA Bit of License Management Magic
A Bit of License Management Magic
team-WIBU
 
The first step is always the most decisive
The first step is always the most decisiveThe first step is always the most decisive
The first step is always the most decisive
team-WIBU
 
How and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based LicensesHow and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based Licenses
team-WIBU
 
Serving Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every AppetiteServing Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every Appetite
team-WIBU
 
Security and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptxSecurity and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptx
team-WIBU
 
Subscriptions - Relationships built to last
Subscriptions - Relationships built to lastSubscriptions - Relationships built to last
Subscriptions - Relationships built to last
team-WIBU
 
Protecting Node.js-based JavaScript Applications
Protecting Node.js-based JavaScript ApplicationsProtecting Node.js-based JavaScript Applications
Protecting Node.js-based JavaScript Applications
team-WIBU
 
Safer to market: Licensing and e-commerce integrated
Safer to market: Licensing and e-commerce integratedSafer to market: Licensing and e-commerce integrated
Safer to market: Licensing and e-commerce integrated
team-WIBU
 
Managing entitlements through the product lifecycle
Managing entitlements through the product lifecycleManaging entitlements through the product lifecycle
Managing entitlements through the product lifecycle
team-WIBU
 
Everything You Always Wanted to Know About CodeMeter FSBs
Everything You Always Wanted to Know About CodeMeter FSBsEverything You Always Wanted to Know About CodeMeter FSBs
Everything You Always Wanted to Know About CodeMeter FSBs
team-WIBU
 
Protecting Python applications the simpler way
Protecting Python applications the simpler wayProtecting Python applications the simpler way
Protecting Python applications the simpler way
team-WIBU
 

More from team-WIBU (20)

Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
The Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success TogetherThe Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success Together
 
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für GeschäftskontinuitätKeine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuity
 
Cloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline ScenariosCloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline Scenarios
 
Optimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best PracticesOptimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best Practices
 
For a Few Licenses More
For a Few Licenses MoreFor a Few Licenses More
For a Few Licenses More
 
App Management on the Edge
App Management on the EdgeApp Management on the Edge
App Management on the Edge
 
Protecting and Licensing .NET Applications
Protecting and Licensing .NET ApplicationsProtecting and Licensing .NET Applications
Protecting and Licensing .NET Applications
 
A Bit of License Management Magic
A Bit of License Management MagicA Bit of License Management Magic
A Bit of License Management Magic
 
The first step is always the most decisive
The first step is always the most decisiveThe first step is always the most decisive
The first step is always the most decisive
 
How and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based LicensesHow and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based Licenses
 
Serving Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every AppetiteServing Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every Appetite
 
Security and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptxSecurity and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptx
 
Subscriptions - Relationships built to last
Subscriptions - Relationships built to lastSubscriptions - Relationships built to last
Subscriptions - Relationships built to last
 
Protecting Node.js-based JavaScript Applications
Protecting Node.js-based JavaScript ApplicationsProtecting Node.js-based JavaScript Applications
Protecting Node.js-based JavaScript Applications
 
Safer to market: Licensing and e-commerce integrated
Safer to market: Licensing and e-commerce integratedSafer to market: Licensing and e-commerce integrated
Safer to market: Licensing and e-commerce integrated
 
Managing entitlements through the product lifecycle
Managing entitlements through the product lifecycleManaging entitlements through the product lifecycle
Managing entitlements through the product lifecycle
 
Everything You Always Wanted to Know About CodeMeter FSBs
Everything You Always Wanted to Know About CodeMeter FSBsEverything You Always Wanted to Know About CodeMeter FSBs
Everything You Always Wanted to Know About CodeMeter FSBs
 
Protecting Python applications the simpler way
Protecting Python applications the simpler wayProtecting Python applications the simpler way
Protecting Python applications the simpler way
 

Recently uploaded

Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-CloudAlluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio, Inc.
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
Tomasz Kowalczewski
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements Engineering
Prakhyath Rai
 
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Lisi Hocke
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)
Roberto Bettazzoni
 
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
drm1699
 

Recently uploaded (20)

Test Automation Design Patterns_ A Comprehensive Guide.pdf
Test Automation Design Patterns_ A Comprehensive Guide.pdfTest Automation Design Patterns_ A Comprehensive Guide.pdf
Test Automation Design Patterns_ A Comprehensive Guide.pdf
 
Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...
Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...
Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...
 
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-CloudAlluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
 
Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024
 
Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024
 
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
 
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
 
Abortion Pill Prices Jozini ](+27832195400*)[ 🏥 Women's Abortion Clinic in Jo...
Abortion Pill Prices Jozini ](+27832195400*)[ 🏥 Women's Abortion Clinic in Jo...Abortion Pill Prices Jozini ](+27832195400*)[ 🏥 Women's Abortion Clinic in Jo...
Abortion Pill Prices Jozini ](+27832195400*)[ 🏥 Women's Abortion Clinic in Jo...
 
Transformer Neural Network Use Cases with Links
Transformer Neural Network Use Cases with LinksTransformer Neural Network Use Cases with Links
Transformer Neural Network Use Cases with Links
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
 
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
 
Encryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key ConceptsEncryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key Concepts
 
Weeding your micro service landscape.pdf
Weeding your micro service landscape.pdfWeeding your micro service landscape.pdf
Weeding your micro service landscape.pdf
 
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
 
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements Engineering
 
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
 
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)
 
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
 

Authenticate and authorize your IIoTdevices

  • 1. Günther Fischer WIBU-SYSTEMS AG guenther.fischer@wibu.com Authenticate and authorize your IIoT devices 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 1
  • 2. The CodeMeter® Technology 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 2
  • 3. CodeMeter Technology © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 3 Delivery to the user Integration into processes Integration into software Software Software CodeMeter Protection Suite Integrate Once Deliver Many ERP / CRM E-commerce CodeMeter License Central Software License Portal CodeMeter License Central 2022-10-20 ®
  • 4. Secure Key Store – Highest Security archived with Secure Module 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 4 Infineon SLE/SLM 97
  • 5. X.509v3 Certificate Added – CodeMeter Certificate Vault 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 5 =
  • 6. Content of an X.509v3 certificate 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 6 A X.509v3 certificate includes:  Version and serial number  Name of the issuer  Name of the subject  Period of validity  Information on the holder's public key  Information on the intended use of the certificate ("extensions")  Digital signature  Encryption algorithms used
  • 7. What does a digital Certificate contain? 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 7  Confirms the owner of a public key  Identity:  Person/Device  Organisation  Signed by an authority  Can contain additional attributes Certificate Issued for: Common name (CN): Günther Fischer/RFID Reader Company (O): WIBU-SYSTEMS AG Business unit (OU): PS Serial number: 1be10001000220613… Public key: 0x15, 0x3c, 0xd0, 0x26, 0xd6, 0x71, 0xfa, 0xae, 0x20, 0xa6, 0x15, 0x58, 0xea, 0x3d, 0xdd, 0x36, 0x89, … Issued by: Common name (CN): WIBU Root Company (O): WIBU-SYSTEMS AG .. Valid until: 31.12.2022
  • 8. Certificate Hierarchy / Certificate Chain (Trusted Root Chain) 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 8 Root Certificate CN: Root Certificate CN: Intermed. 2 Certificate CN: RFID D. 3 Certificate CN: RFID D. 4 Certificate CN: RFID D. 5 Certificate CN: RFID D. 6 Certificate CN: RFID D. 1 Certificate CN: RFID D. 2 Certificate CN: Intermed. 1 Certificate CN: Intermed. 3
  • 9. Special Role of Trusted Root Certificates 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 9
  • 10. What are Certificates? 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 10  Digital certificates are used to uniquely identify individuals or devices.  The person or device has a key pair consisting of a public and a secret private key.  An Authority (Certificate Authority or CA) confirms that the corresponding public key is assigned to this person or device.  This confirmation is available in the form of a certificate signed with a CA private key.  The high security of certificates is particularly evident in comparison to passwords.  Passwords can be given away or shared intentionally or accidentally.  Hackers can spy on passwords through phishing attacks.
  • 11. Major Disaster – Private Key Compromised 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 11
  • 12. Revocation Lists  CRL (Certificate Revocation List)  Includes invalid (withdrawn) certificates  Online query possible, Online Certificate Status Protocol (OCSP) 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 12
  • 13. Usage Scenarios 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 13
  • 14. Usage Scenarios  Server Certificates  Client Certificates  E-Mail Certificates / VPN Certificates  OPC UA Device Certificates  Code and Data Integrity of Software  … 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 14
  • 15. Storing Certificates and Private Keys 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 15
  • 16. Storing Certificates and private keys  As file in the file system (PEM-File)  In a Token/Secure Element  Certificate Store accessible via  OpenSSL  PKCS#11  Microsoft KSP API (Key Storage Provider) 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 16
  • 17. PKCS#11 / Microsoft KSP 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 17 PKCS#11 Microsoft KSP Token/Secure Element Internet Explorer Outlook Firefox OpenVPN Your Application
  • 18. Deployment of Certificates 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 18
  • 19. Licensor Licensee Cloud Secure key management and certificate distribution Ticket / Fingerprint Container 4 Ticket: ABCDE-FGHIJ-KLMNO-PQRST-UVWXY 3 License Update 5 Ticket 2 Item 1 19 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device
  • 20. Scenarios 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 20 Device 1 Create Key Pair CSR.PEM CSR.PEM PRIVKEY.PEM CA Identity Check Identity Create, sign, and register Certificate Certificate Import Certificate 2 Create Key Pair Create and sign Certificate Certificate + Privkey + Password Import Certificate + Privkey CERT.PEM PRIVKEY.PEM Genuine Receiver 3 Create RAC RAC Identity Check Identity Create RAU containing PEMs Import RAU Create Key Pair CERT.PEM PRIVKEY.PEM RAU FSB
  • 21. Authorized Service Technician  Securing the diagnostic software against unauthorized use  Authorizing advanced service functions  Encrypting documents for manuals and service information  Meeting PCI DSS requirements for unique identification  Support in collecting service-relevant system data (hardware inventory + flight records)  Interface to the training system and automatic assignment of access rights depending on the achieved learning success  Securing the component test systems in production Diebold Nixdorf CrypTA (Cryptographic Technician Authentification) © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 21 2022-10-20
  • 22. Balluff IUNO 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 22  OPC UAAscolab/Unified Communication  RFID Tags RFID D. 1 RFID D. 1
  • 23. Token/Secure Element Sample: CodeMeter Cerificate Vault 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 23
  • 24. https://www.wibu.com info@wibu.com Europe: +49-721-931720 USA: +1-425-7756900 China: +86-21-55661790 Japan: +81-3-43608205 Thank You very much! 2022-10-20 © WIBU-SYSTEMS AG 2022 - Authenticate and authorize your IIoT device 24