Device Authority

A medical device manufacturer specializing in surgical products required automated Identity Lifecycle Management for their IoT devices using X.509 Certificates. Device Authority was asked to help automate the device identity lifecycle to streamline their processes. The solution had to support devices both connected directly to the cloud along with offline Edge devices that connect to the cloud via secure gateways. As a medical device manufacturer, patient safety, procedure management, data security, and industry compliance were of the utmost importance. Cloud integration with Microsoft Azure IoT was also a key requirement. The KeyScaler platform enabled: - Dynamic Device Key Generation (DDKG) automatically generates a software root of trust that will be used for the initial device attestation, authentication and registration Automated PKI Services for IoT with X.509 certificates, includes initial certificate provisioning, certificate rotation, and certificate revocation - KeyScaler Security Suite for Microsoft Azure was able to provide Automated Device Provisioning to Azure IoT Hub - Automated Identity Lifecycle Management for devices at the edge - FDA compliance for SBOMs

A medical device manufacturer specializing in high-frequency ultrasound technology needs a solution to automate device certificate provisioning and lifecycle management. X.509 certificates are used to secure communications between the device and the IoT platform. The current manual process for configuring each ultrasound device with a unique certificate is time-consuming, error-prone, and inefficient at scale. By implementing the KeyScaler platform, and partnering with PTC, Device Authority was able to provide the following: - Automated Device Provisioning: Securely register ultrasound devices to their IoT platform automatically upon deployment, ensuring each device is properly authenticated and authorized without manual intervention. - Full Identity and Certificate Lifecycle Management: Manage the entire lifecycle of X.509 certificates for ultrasound devices, including issuance, renewal, revocation, and expiration reports, ensuring continuous device security and compliance with regulatory standards. - Dynamic Device Key Generation (DDKG): Implement DDKG to create a unique root of trust for each ultrasound device. - PKI Services for IoT - Enterprise Security Integration

The next generation of connected diesel engines feature new capabilities that allow the operator to use secure connections to the cloud to increase engine efficiency, lower the cost of operation, and reduce overall lifecycle expense. This new technology relies on the exchange of critical performance data between the engine and cloud-based systems to adjust engine parameters in real-time. Device and data trust are paramount to ensure successful operations. To provide the highest level of security available, these diesel engines require the use of X.509 certificates from an existing PKI platform provider for identity, authentication, and encryption to the cloud. The Solution: -Dynamic Device Key Generation (DDKG) trust anchor technology will be deployed on the engine ECM to provide initial hardware-based validation and integrity checks and establish a root of trust. -Zero-touch Automated Device Provisioning to the customer’s AWS IoT Core platform utilizing the devices’ initial trusted credentials. -PKI Services for IoT utilizing x.509 Certificates for operational credentials to provide diesel engines and associated data ongoing trust. -Full Identity Lifecycle Management

A medical device manufacturer produces surgical robots that perform joint replacement surgery in an offline setting. Each procedure requires new encryption key generation and key storage for when the robot connects via a secure connected gateway. Sensitive medical data regarding each procedure and its results are generated and the customer must ensure it maintains data protection under HIPAA. Patient safety, procedure management, data security, and cloud integration are key requirements. By implementing the KeyScaler platform, Device Authority was able to provide the following: -Automated Device Provisioning, providing Secure robot registration to the device manufacturer’s cloud platform -Security Suite for PTC ThingWorx with end-to-end data security and token issuance for authentication -Full Identity Lifecycle Management for online and offline devices -Policy-driven end-to-end data security and integrity validation for patient data

A leading provider of distributed energy solutions is developing next-generation Linear Power Generators designed for off-grid and backup power scenarios across telecom, construction, and remote industrial operations. The generators are equipped with IoT-enabled communication modules for real-time telemetry and performance monitoring. To enable seamless integration with Microsoft Azure for device data analytics & operational insights, the company needed a secure, scalable solution to provision, authenticate, & manage its fleet of intelligent generator units. Manual processes weren't sustainable as the deployment scaled, & security was critical due to the equipment’s role in critical infrastructure. KeyScaler enabled: Dynamic Device Key Generation (DDKG) for trust anchor creation, securing the communications module in each generator. Automated Identity Lifecycle Management for X.509 certificates, covering provisioning, renewal, and revocation. KeyScaler Security Suite for Microsoft Azure, including automated onboarding to Azure IoT Hub & integration with Azure Key Vault for secure key storage. A zero-touch provisioning workflow to reduce human error & streamline device activation.

A major German manufacturer of onshore and offshore wind turbines required a secure and scalable solution to manage remote thin-client devices used for data acquisition across its fleet. These devices collect & transmit critical turbine data, such as sensor values, operational events, and performance metrics, to a central IoT platform powered by Cumulocity. Given the highly distributed nature of their infrastructure, the company needed to ensure secure onboarding, identity provisioning, and certificate lifecycle management for each device. In addition, the solution had to support EST (Enrollment over Secure Transport) for secure firewall onboarding and VPN client authentication, ensuring end-to-end protection across both data and device layers. KeyScaler was used to provide: -Dynamic Device Key Generation (DDKG) for establishing a root of trust at the device level. -PKI Services for IoT, using X.509 certificates integrated with enterprise security infrastructure. -Automated Device Provisioning and Zero-Touch Registration to the Cumulocity IoT Platform. -Automated Identity Lifecycle Management, including certificate renewal and revocation. -Support for EST protocol.