Technical Overview
Security Architecture
TPM 2.0 Attestation with Factory-Provisioned Endorsement Keys
Each device contains a unique Trusted Platform Module that provides hardware-based key storage and cryptographic operations. The TPM is initialized during manufacturing with an Endorsement Key pair that serves as the root of trust.
Certificate Authority backed by FIPS 140-2 HSM
Our Certificate Authority infrastructure uses FIPS 140-2 validated Hardware Security Modules to protect the root signing keys. This ensures the highest level of security for issuing device certificates.
Secure Boot and Fully Encrypted Filesystem
The boot process verifies firmware signatures before execution and all data at rest is protected with full disk encryption. This prevents tampering with system software and protects sensitive data.
FIPS 140-2 Compliant Secure Enclave for Key Custody
Cryptographic keys are stored in a dedicated hardware security element that meets FIPS 140-2 security requirements. This provides physical protection against key extraction attempts.
Tamper-Resistant Sensor Design with Authenticated Transport
Sensors are physically hardened against tampering and all communication between sensors and the main system uses cryptographic authentication to prevent man-in-the-middle attacks.
Device Security Lifecycle
1
Manafacturing
-
TPM 2.0 initialization
-
Endorsement Key generation
-
Secure Element provisioning
-
Tamper-proof assembly
2
Device Registration
-
Endorsement Key registration
-
Hardware security verification
-
Sensor tamper-resistance
-
Transport security validation
3
Production Operation
-
Secure boot verification
-
Encrypted storage
-
Authenticated measurements
-
Cryptographic result signing