Solutions

SSenStone’s IoT Auth Platform OTAC provides a secure IoT communication environment by blocking the possibility of device hacking and control through dynamic codes that change each time they connect and command. Based on OTAC, a lightweight technology of less than 4KB, the OTAC Applet is embedded in the SIM card to implement strong end-to-end IoT authentication and control command protection that covers even low-spec IoT devices. In addition, it safely transports the control server command to the device to block the execution of various control commands that are not valid.

Device authentication and data integrity verification through OTAC capable of embedding to SIM card

SSenStone verifies the OTAC generated by the device during encrypted communication connection between the device and the server, and forms an encrypted communication channel if it is determined to be a device within a normal home network. OTAC is transmitted periodically even during the encrypted communication channel connection to determine whether to maintain the encrypted communication channel. In particular, both wired and wireless access ensure secure connection without compromising user convenience by verifying whether the registered user is a normal device through OTAC.

[AS-IS] IoT device control problem by unauthorised system

[To-be] IoT security system using SIM card with OTAC Applet embedded

Implement a secure IoT device firmware upgrade

Recently, hackers who attack IoT devices often manipulate the device firmware to download illegal firmware or plant malware on the device. SSenStone uses hashes of firmware files as a seed when generating OTAC to verify and execute only OTA commands sent from valid IoT servers. Therefore, since the download command from the unauthorized system itself is not approved by the device, it can naturally block the occurrence of illegal software downloads.

Improved security by linking with VPN, PSK-TLS, etc.

SSenStone’s IoT Auth Platform OTAC is not only used for IoT device authentication and data integrity but also can be used together for device authentication for new VPN connections and connection maintenance. Also, by using the OTAC generated for authentication and integrity assurance as a dynamic key that reinforces the fixed pre-shared key (PSK) of PISK-TLS, you can secure a lighter and higher level of confidentiality than current high-spec security layered system.

Supports both on-premise and cloud services

SSenStone provides an on-premise service that provides the OTAC system to telecommunication operators and installs it on-premise, and a cloud service that raises the OTAC server and API gateway to the cloud.

-On-premise service

The OTAC system built on-premise allows telecom operators to provide additional security products other than virtual private networks (VPNs) as additional services. It can be used as a service to secure new subscribers and create revenue sources by adding it as an option to the current IoT line plan itself.

-Cloud service

Telecom operators can use the IoT auth platform OTAC through the cloud service provided by SSenStone without building their own OTAC system. SSenStone provides OTAC APIs to IoT device companies that provide IoT services of the telecommunication service providers.

Benefits

Sustainability and high availability (HA) are critical keywords that underpin the products, services, and consumption of this era. SSenStone contributes to reduction in system construction and maintenance costs by reducing resource usage such as CPU and power through OTAC, a lightweight technology of less than 4KB, while shortening the time-to-market based on seamless integration, enabling telecom operators to provide new services quickly without failure or new infrastructure.

IoT authentication security system construction and maintenance cost reduction

OTAC is a lightweight technology of only 4KB, so it consumes very little CPU load or power. OTAC Applet embedded in a SIM card is an eco-friendly technology that uses only 20KB of memory. However, since it performs a security role similar to TLS required by IoT SAFE, it is possible to build a strong IoT authentication security system with fewer resources. In addition, it can be used as a cloud service without the need to build the system, which result in reduction of the initial deployment cost.

Expectation of new revenue as a complementary device to PN and VPN

As SSenStone’s IoT Auth Platform OTAC provides a new solution to the security, computing resource, and cost problems of private networks and virtual private networks (VPNs), it is particularly suitable for the IoT industry that uses low power. Since it can be applied as an inexpensive and lightweight security solution comparable to PN and VPN telecommunication operators can create new revenue models for IoT service providers who don’t require much video and data transmission or have cost-conscious clients.

Accelerate time-to-market through easy integration

SSenStone supports embedding the OTAC Applet in the SIM card from the start, but it also supports downloading or updating to SIM cards already in service. It accommodates not only regular SIM cards, but also eSIM (embedded SIM) and iSIM (integrated SIM), allowing multiple options for telcos and businesses alike. A SIM card embedded with the OTAC Applet is applied to communication equipment such as IoT gateways and routers or IoT devices that can be equipped with a SIM card, and is connected to the backend of the carrier through the LTE network, so the integration work is very simple. Also, the time to deployment and service launch can be shortened as it can be installed in the firmware of IoT devices or various mobile devices rather than the SIM card.

Insights