Requirements for Certification and Regulation to Secure ... · Scribe RapidMQ Flume Kafka Storm...

Utimaco HSM Business Unit · Aachen, Germany · ©2016 www.hsm.utimaco.com

International Cryptographic Module Conference 2016

Andreas Philipp

Business Development

Requirements for Certification and Regulation to Secure IoT Device


DigitalizationBillions of devices and machinesgenerate massive amounts of data,


The Digital Leap Realizing Greater Efficiencies by Merging the Real and Virtual Worlds


The changing Landscape for HSM

Secure ElementsHost Card Emulation

eSIM

Embedded HSM

I2C HSMvirtual HSM


Link Protocol LayerTransport

Session / Communication

Data Aggregation / Processing

Data Storage / Retrieval

Business Model

Business Apps

Connectivity

Remote ControlDevice Registration

Device ProvisioningFirmware Mgt.

Data AnalysisMachine LearningData MiningAI

SupportMarketing / Sales

Efficiency gain

Device Management Business Processes Analytics

Open Indirect Integrated Cloud On demand On PremisePlatform Direct Closed

Hadoop HBase Cassandra MongoDB

Scribe RapidMQ Flume Kafka Storm Luxun

CoAP MQTT DDS XMPP HTTP FTP

AMQP Telnet SSH

IPv4 IPv6 6LoWPAN RPL

Bluetooth Wifi 802 Ethernet 802.3Zigbee RFID RFID802.15.4e

USB Modbus PLC SPIRS485RS232

DEVICE/SENSOR

IoTProtocol Landscape


Link Protocol LayerTransport

Session / Communication

Data Aggregation / Processing

Data Storage / Retrieval

Business Model

Business Apps

Connectivity

Remote ControlDevice Registration

Device ProvisioningFirmware Mgt.

Data AnalysisMachine LearningData MiningAI

SupportMarketing / Sales

Efficiency gain

Device Management Business Processes Analytics

Open Indirect Integrated Cloud On demand On PremisePlatform Direct Closed

Hadoop HBase Cassandra MongoDB

Scribe RapidMQ Flume Kafka Storm Luxun

CoAP MQTT DDS XMPP HTTP FTP

AMQP Telnet SSH

IPv4 IPv6 6LoWPAN RPL

Bluetooth Wifi 802 Ethernet 802.3Zigbee RFID RFID802.15.4e

USB Modbus PLC SPIRS485RS232

DEVICE/SENSOR

IoTProtocol Landscape

What about Security and Certification?


WorldwideCert. Schema

FIPSCommonCriteria

National Regulation

EIDAS iDA

ICAO

Industry Requirements

PCI HSMEP2

NERC/CIPSTR3109

German Credit Card

Certification Landscape

• more and more industry requirements

• local markets with local cert. needs

• mix between worldwide schema and local requirements


Product lifecycle / Time-To-Market / Time-To-Break-Even

Time / (years)

Prod

uct S

ales

Development Introduction Growth Maturity Decline

Prof

it / p

er U

nit



Time / (years)

Prod

uct S

ales


Prof

it / p

er U

nit

+ IoT?



Time / (years)

Prod

uct S

ales


Prof

it / p

er U

nit



Time / (months)

Prod

uct S

ales


Prof

it / p

er U

nit


Conclusion• IoT is still a wild landscape

• uncontrolled, unregulated,

• Certification is Key to establish security

• Certification yes , but understand the market !

• Certification should be a brand not a label !

Brian Phipps and Tenaya Group LLC.

“The difference between a brand and a label is that a brand leads, while a label follows you around.”


Utimaco IS GmbH

Germanusstraße 4

52080 Aachen

Germany

Tel +49 241 1696 200

Fax +49 241 1696 199

Email [email protected]

Thanks for your attention!

Utimaco Inc.

Suite 150

910 E Hamilton Ave

Campbell, CA 95008

United States of America

Tel +1 844 884 6226

Email [email protected]

Andreas Philipp

Business Development

[email protected]

mailto:[email protected]



Requirements for Certification and Regulation to Secure ... · Scribe RapidMQ Flume Kafka Storm...

Documents

Transcript of Requirements for Certification and Regulation to Secure ... · Scribe RapidMQ Flume Kafka Storm...