Practical engineering articles on certificate infrastructure, firmware signing, device attestation, and IoT security from the ErlySign team.
As IoT deployments scale to billions of devices, the question of 'who is this device?' becomes a foundational security requirement. We break down the core concepts of device identity, PKI, and why certificate-based authentication is the only scalable answer.
The Matter standard mandates per-device certificates issued by a CSA-approved PAA. We walk through the certificate hierarchy, attestation flow, and what OEMs need to implement before their first device ships.
Unsigned firmware is the most common attack surface in deployed IoT devices. This guide covers the key concepts: code signing keys, secure boot chain verification, OTA update signing, and rollback prevention.
IEC 62443 is the global standard for industrial cybersecurity. For IoT device manufacturers supplying into ICS environments, it defines specific requirements for device identity and secure communications.
When you have 100,000 devices in the field, certificate expiry becomes an operational risk. We walk through the architecture patterns for automated certificate renewal, revocation lists, OCSP stapling, and operational tooling.
Hardware root of trust options — discrete TPM, integrated TPM, secure element, or software-only — each have different cost, integration, and security tradeoffs. A decision framework for embedded engineers.
Vehicle-to-everything communication requires pseudonym certificates that rotate frequently to protect driver privacy while maintaining vehicle authentication. We cover SCMS architecture and IEEE 1609.2 format.
Over-the-air updates are both a security feature and an attack vector. A compromised update pipeline can push malicious firmware to your entire fleet simultaneously. The complete OTA security architecture.
ErlySign pilot: 100 devices, no cost, direct engineering onboarding.
