Two API endpoints are all you need to get freedom from fixed credentials for your IoT devices

For IIoT developers — handling a variety of data tags from PLCs, sensor integration from Edge to its Digital Twin, maintaining sensor data on the edge and similar such tasks are daunting enough — getting all this data back to IIoT Platform or any custom data collection platform while maintaining device’s unique identification and its security is another layer of complexity that takes time away from core business logic.

To make matter complex, we developers often work with different systems to make the best use of the collected data. While the data, in a time context, might be collected only once, it is still very much desirable to ensure that each data packet’s integrity is maintained and is still traceable back to its source, as it flows around in different systems on-premise or in the cloud.

What is Scurid Edge Agent?

It’s a small cross-platform device identity security agent capable of running on a variety of OSes and edge device platforms.

What is Scurid Server?

A server application designed to support ID workflow, authentication & authorization, analytics at a globally distributed scale on-premise or on a variety of cloud platforms like Azure, GCP, AWS, etc... . It is generally accompanied by Scurid App (UI) for simplified user experience. But at the same time backend is designed to also integrate easily with IIoT & Data Analytics Platforms.

How it all works?

To ensure seamless authentication across your desired platform, it's crucial to have the Scurid Edge Agent operational on your device. This agent could either be introduced during the rollout of new hardware or might come pre-installed courtesy of your hardware's Original Equipment Manufacturer (OEM). Moreover, it's essential to have completed the device identity onboarding process (further details on this will be provided soon).

At present, our discussion centers around the innovative approach of dynamic authentication that eliminates the need for conventional static methods such as username/password, SSH keys, Certificates, API Keys, and so forth.

Here's a simplified breakdown:

1. Initial Request: The IIoT edge software on your device (or your customer's) initiates a login request. This is managed by the Scurid Edge Agent.

2. Communication Bridge: The Scurid Edge Agent acts as the bridge, facilitating communication between the device and the Scurid Backend. This backend could either be housed on-premises at the customer's location or offered as a managed service by our team.

3. Token Generation: Post successful communication, a token is generated and shared as a login response.

4. Token Usage: This generated token, which remains active for a brief period, is the key. The customer's IIoT Edge Software uses it to authenticate and seamlessly transmit/receive data from the IIoT Platform.

5. Dynamic Authentication: An interesting feature of the Scurid Edge Agent is its use of the private key of the previously set up identity. It crafts a dynamic, time-sensitive "password" that is discarded post each request, ensuring robust security.

6. Enhanced Security: To bolster security, the device can frequently alter its identity. Following this practice, the private key is also changed periodically. This continuous rotation ensures a dynamic authentication environment and paves the way for multi-layered security.

In essence, by adopting this approach, you're not just opting for authentication but ensuring a dynamic, secure, and efficient method to safeguard your operations.

Summary

In this entire workflow IIoT developers only needed to learn and know about just two API endpoints to achieve authentication and authorization with almost any kind of IIoT or Data Analytics Platform. Due to this kind of federation of ID mgmt. you can adopt an ever-evolving device ID and its security management as a microservice architecture for your globally distributed deployment of edge hardware.

Find this interesting? Working on interesting PoC & need free developer's license (including fully managed Scurid Backend Service) to speed up your IIoT project development? Get started with Scurid stack, please visit our Get Started.