SORACOM Krypton (below, Krypton) is an easy to use secure device certificate provisioning service to securely initialize your IoT devices for various cloud connectivity utilizing SORACOM issued Air SIM and our SIM authentication platform. There are two ways of provisioning your IoT devices for cloud connectivity
Provisioning authentication information or device settings provided by cloud service provider or your backend partner with your device
With Krypton, you can provision authentication information or device settings necessary for cloud services by integrating Krypton API into your IoT device bootstrapping processes. Currently, Krypton works with AWS IoT and Amazon Cognito. You can arbitrary call Krypton API, generate AWS IoT device certificate, and register your device to AWS IoT service, or you can issue a temporary credential from Amazon Cognito through Krypton API and utilize cloud services like Amazon S3 from your IoT devices.
Provisioning authentication information for SORACOM platform
With Krypton, you can also provision your IoT device for SORACOM services. Currently SORACOM inventory allows you to exchange keys for authentication over Krypton API.
Authentication for Krypton
For us to securely provision authentication information or device configuration, your IoT devices need to be securely authenticated. We provide two ways of authentication for secure provisioning
SIM based authentication over SORACOM Air for Cellular
SIM based authentication over SORACOM Air for Cellular calls provisioning API over cellular. During the process, Krypton forwards the initialization request from device to cloud services using authentication information provided to Krypton. Once the cloud provider returns the authentication information, it replies back as an API response. The device will then use the authentication information to start making connection to various cloud services.
SIM based authentication by SORACOM Endorse
On top of over the cellular authentication, you can also utilize SORACOM Endorse over WiFi or Ethernet. SORACOM Endorse authenticates your device with a secret information saved on the SIM that is not easily readable and the SIM authentication mechanism on SORACOM platform.
*For this option, your device needs to have Global SIM Plan01s or Plan01s-LDV
Why SORACOM Krypton
- When shipping the new IoT devices, you do not need to place cloud service(*) authentication information during manufacturing processes and configure the device on demand. This will simplify the device manufacturing process and allows you create a master firmware image. Also, you can prevent your cloud authentication information from leaking out to someone else.
- Krypton allows you to authenticate over Wi-Fi or Ethernet and use cellular connectivity as a backup. If the device holds a Global plan01s or plan01s-LDV SIM, you can use it as a key to authenticate against Krypton through Endorse service.
(*) Currently, AWS IoT and Amazon Cognito is supported.
Getting started with SORACOM Krypton
To get started with SORACOM Krypton, please read below.