SORACOM Developers


SORACOM Krypton (below, Krypton) is an easy to use secure device certificate provisioning service to securely initialize your IoT devices for various cloud connectivity utilizing SORACOM issued Air SIM and our SIM authentication platform. There are two ways of provisioning your IoT devices for cloud connectivity

Provisioning authentication information or device settings provided by cloud service provider or your backend partner with your device

With Krypton, you can provision authentication information or device settings necessary for cloud services by integrating Krypton API into your IoT device bootstrapping processes. Currently, Krypton works with AWS IoT and Amazon Cognito. You can arbitrary call Krypton API, generate AWS IoT device certificate, and register your device to AWS IoT service, or you can issue a temporary credential from Amazon Cognito through Krypton API and utilize cloud services like Amazon S3 from your IoT devices.

Provisioning authentication information for SORACOM platform

With Krypton, you can also provision your IoT device for SORACOM services. Currently SORACOM inventory allows you to exchange keys for authentication over Krypton API.

Authentication for Krypton

For us to securely provision authentication information or device configuration, your IoT devices need to be securely authenticated. We provide two ways of authentication for secure provisioning

SIM based authentication over SORACOM Air for Cellular

SIM based authentication over SORACOM Air for Cellular calls provisioning API over cellular. During the process, Krypton forwards the initialization request from device to cloud services using authentication information provided to Krypton. Once the cloud provider returns the authentication information, it replies back as an API response. The device will then use the authentication information to start making connection to various cloud services.

SIM based authentication by SORACOM Endorse

On top of over the cellular authentication, you can also utilize SORACOM Endorse over WiFi or Ethernet. SORACOM Endorse authenticates your device with a secret information saved on the SIM that is not easily readable and the SIM authentication mechanism on SORACOM platform.

*For this option, your device needs to have Global SIM Plan01s or Plan01s-LDV

Why SORACOM Krypton

(*) Currently, AWS IoT and Amazon Cognito is supported.

Getting started with SORACOM Krypton

To get started with SORACOM Krypton, please read below.