top of page
PXL_20240702_172219551_edited_edited.jpg

PKI 

The solution supports the creation and maintenance of PKI hierarchies and the issuance of certificates for a
wide range of use cases.

LAAVAT Platform PKI features

The LAAVAT PKI capabilities enable the management of Certificate Authorities (CAs) and the issuance of X.509 certificates for various use cases. The platform supports multiple interfaces, including REST, EST, and ACME (coming soon), to facilitate seamless integration with various systems. The platform UI can be used to create and edit certificate profiles. All actions are logged to the audit trail for transparency and compliance.

 

 

In terms of hierarchy management, the platform offers advanced features, including:

 

  • Root CA creation and hosting, with the ability to manage multiple Root CAs per tenant

  • Issuance of multiple Sub CAs under a single Root CA

  • Issuance of Sub CAs from internal and external Root CAs

  • Sub CA renewal and management

  • Support for multiple Sub CAs in a single chain of trust

  • Importing of Root CAs and Sub CAs to the LAAVAT platform

 

Regarding revocation, the platform provides robust features, including:

  • Revocation of end-entity certificates and Sub CAs

  • Automatic creation of Certificate Revocation Lists (CRLs)

  • Downloading of CRLs for easy access

PKI & embedded device security features

Secure boot authentication is typically based on public key cryptography, which requires the creation and maintenance of a processor-specific PKI hierarchy. An example of this is the High Assurance Boot (HAB) for NXP i.MX families. Our Platform simplifies this process by seamlessly generating the necessary PKI hierarchy, including the bootloader signing key, firmware update signing key, kernel signing key, and other required keys.

 

A strong and unique identity is essential for embedded devices to authenticate themselves when connecting to the network, ensuring secure and encrypted communication with other devices, services, and users. Our Platform supports the issuance of device identities utilizing the x.509 certificates, this includes the initial device identities that can be issued during manufacturing. 

Issuance of Secure Device Identifiers (DevID) based on the IEEE 802.1AR standard, which includes the Initial Device Identifier (IDevID) and the Locally Significant Device Identifier (LDevID) is also supported.

Check out how                        — a global market leader in weather, environmental, and industrial measurement technologies — utilizes  LAAVAT solution to provide secure and reliable edge gateways and sensors that customers can trust.

Vaisala logo
laavat_004_Home_Footer_V4.jpg

Schedule a demo today to learn more about how the LAAVAT platform can help secure your embedded devices

bottom of page