Two API endpoints are all you need to free yourself from fixed credentials for your IIoT Device.
For IIoT developers — handling a variety of data tags from PLCs, sensor integration from Edge to its Digital Twin, maintaining sensor data on the edge and similar such tasks are daunting enough — getting all this data back to IIoT Platform or any custom data collection platform while maintaining device’s unique identification and its security is another layer of complexity that takes time away from core business logic.
To make matter complex, we developers often work with different systems to make the best use of the collected data. While the data, in a time context, might be collected only once, it is still very much desirable to ensure that each data packet’s integrity is maintained and is still traceable back to its source, as it flows around in different systems on-premise or in the cloud.
Scurid’s software stack is designed to deliver device owned identities for dynamic authentication with vareity of IIoT & Data Analytics platforms.
What’s Scurid Edge Agent?
It’s a small cross-platform device identity security agent capable of running on a variety of OSes and edge device platforms. More covered in the previous blog.
What is Scurid Backend?
A server application designed to support ID workflow, authentication & authorization, analytics at a globally distributed scale on-premise or on a variety of cloud platforms like Azure, GCP, AWS, etc. . It is generally accompanied by Scurid App (UI) for simplified user experience. But at the same time backend is designed to also integrate easily with IIoT & Data Analytics Platforms.
How it all works?
Short Answer: Edge device makes local API Login request, via Scurid Edge Agent, which Customer’s IIoT Platform validates with Scurid Backend. That’s it!
Long Answer (with a diagram):
To have one or more devices authenticate with your platform of choice, you’d need Scurid Edge Agent running on your device — which could have happened when rolling out new hardware into the field or it could be pre-installed by your hardware OEM. And have also completed the device identity onboarding (details on this coming soon).
For now, we focus on how this dynamic authentication without using fixed username/password SSH keys, Certs, API Keys, etc.
To authenticate your (customer’s) IIoT edge software on the device makes a Login request using the Scurid Edge Agent, which handles the communication with the Scurid Backend (deployed On-Premise at customer site or offered as Managed service from us), and returns Login response with a token.
This token, active for a short time interval, is then used by the Customer’s own IIoT Edge Software to authenticate and send/receive data from the IIoT Platform.
When Logging in Scurid Edge Agent uses the private key of the identity that has been set up by it to build a dynamic time-bound “password” that gets thrown away after each request. Plus as the device rotates its identity, as a good security practice, the private key also gets rotated overtime — to keep things dynamic & to achieve layered security.
In this entire workflow IIoT developers only needed to learn and know about just two API endpoints to achieve authentication and authorization with almost any kind of IIoT or Data Analytics Platform. Due to this kind of federation of ID mgmt. you can adopt an ever-evolving device ID and its security management as a microservice architecture for your globally distributed deployment of edge hardware.
Find this interesting? Working on interesting PoC & need free developer's license (including fully managed Scurid Backend Service) to speed up your IIoT project development? Or just have feedback?
Please do reach out to us via Contact Us, and we are happy to share a free developer's license including a fully managed Scurid Backend service.