Thirdwayv, provider of end-to-end connectivity and security solutions for IoT applications, announced that it has added AppAuth software to its growing suite of patented products that provide essential layers of security-by-design protection in a wide variety of mission-critical commercial and enterprise Internet of Things (IoT) applications.
This development follows last week’s move that its SecureConnectivity software platform for safety-critical applications is included in a commercialized medical device that was cleared by the FDA (Food and Drug Administration) in June 2018. The SecureConnectivity platform is applicable to a wide variety of IoT applications including high value asset tracking, automotive and critical infrastructure.
Consisting of three software modules that bring trust to a system’s IoT devices, smartphone apps and cloud, AppAuth works seamlessly with Thirdwayv’s SecureConnectivity platform that is already being used to connect and protect wireless, safety-critical deployments including FDA-cleared drug-delivery systems.
Thirdwayv’s SecureConnectivity platform is comprised of multiple software components including device such as embedded, smartphone and cloud software. The platform utilizes application layer security to create a secure communication channel between a smartphone app and an IoT device or the cloud, enabling it to augment shared transport layer security mechanisms used by operating systems such as Android and iOS.
The platform is resistant to a variety of malware and wireless channel cyber security attacks and can be utilized across multiple communications protocols such as BLE, WiFi, LTE Cat M, NB-IOT and NFC. It is also compatible with a number of communication silicon vendors. The platform includes optional on-premise equipment for factory provisioning which protects against the production of counterfeit products.
AppAuth enables users to control mission-critical connected IoT devices in the medical, industrial and infrastructure markets with their own smartphones. AppAuth protects communication links as well as the surrounding environment of such links. It provides a digital cryptographic identity to each element of the IoT system and enables each system element to validate the authority and privileges of the others.
AppAuth can be used alone or in conjunction with Thirdwayv’s SecureConnectivity solution that improves overall security of IoT devices while enabling them to be connected and controlled via the same Bluetooth connection found in any commercial smartphone.
“Mission-critical IoT systems are typically related to the safety of individuals or the protection of high-value property,” said Vinay Gokhale, vice president of business development with Thirdwayv. “AppAuth enables our enterprise and commercial customers to bring trust to these systems through reliable user and device authentication, identity management and, most importantly, attestation of one system component to the other. AppAuth fills a crucial security layer in any comprehensive mission-critical IoT solution.”
For the smartphone app, AppAuth utilizes smartphone hardware root of trust to continually monitor phone operating system (OS) integrity and authenticity and protects the app from OS vulnerabilities and malware attacks. AppAuth also hardens the app against reverse engineering and tampering threats.
The AppAuth module on the IoT device enables it to validate commands from the phone or the cloud before completing the request via its remote attestation feature. Thirdwayv’s AppAuth cloud infrastructure provides over-the-air certificate issuance to smartphone apps and IoT devices after verifying their integrity and authenticity.
Furthermore, the cloud module enables lifecycle management of all components on the IoT network. AppAuth is available on both iOS and Android operating systems.
Safety- and mission-critical IoT applications are increasingly becoming targets for cybersecurity attacks, and the vulnerability of the smartphone is a growing concern. “IoT systems are especially at risk of attack through connectivity to their cloud services, smartphone apps, and other IoT devices,” said Steve Hoffenberg, director at industry analyst firm VDC Research. “IoT device makers need to ensure that only currently trusted entities can communicate with their products by enforcing authentication and access privileges in all levels of communications.”
AppAuth software has already been licensed to lead customers and will be available for the general market in June. Like Thirdwayv’s SecureConnectivity product, AppAuth is made available via a series of software development kits (SDKs) and application programming interfaces (APIs) for rapid incorporation by IoT development engineers.
