New Jersey-based digital certificate company Sectigo can provide secure key storage for authenticating IoT devices.

The software-based library cost-effectively manages, seals and stores encryption keys, passwords and other confidential information.

Secure key storage removes the risk of exposing credentials of devices lacking a hardware-based secure key storage system such as a trusted platform module (TPM).

IoT device manufacturers across markets are recognising the need to increase the levels of security in their products to protect against attacks that target embedded devices and expose users to the theft of confidential information, disruption of services, and spread of the attack to other systems. In many markets, legislation and standards are requiring stronger authentication.

While many modern IoT devices use a hardware platform for secure key storage, many low-cost or legacy devices do not have those built-in capabilities. Additionally, adding hardware secure key storage increases the cost of IoT devices, making hardware less affordable. With this product, Sectigo says it fills this gap in the IoT security space with an accessible alternative for lower-cost IoT devices without hardware-based secure key storage.

Called SKS-SDK, it allows device manufacturers programmatically to authenticate device identities using transport layer security (TLS) protocols, encrypt data on embedded devices and store and access passwords and other secret data.

“Enhanced levels of security should be available for all IoT devices to help prevent noncompliance with ever-changing legislation and standards, device cloning, and the introduction of counterfeit devices into the market,” said Alan Grau, vice president at Sectigo. “Sectigo’s latest secure key storage enables IoT device manufacturers to protect private keys and critical information from hackers with special attention to affordability and compliance.”

SKS-SDK is a component of the firm’s security and IoT identity platform that provides device identity, integrity security, data protection and high-scalable certificate lifecycle management.

Sectigo is a cyber-security provider of digital identity products, including TLS and SSL certificates, devops, IoT, and enterprise-grade PKI management, as well as multi-layered web security. As a Certificate Authority (CA) with more than 700,000 customers and over 20 years of online trust experience, Sectigo partners with organisations of all sizes to deliver automated public and private PKI to secure web servers and user access, connected devices, and applications.