Privacy policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

IoT security

Meet the security challenges of the Internet of Things

PKI for IoT

Create and manage electronic certificates with PKI for IoT

Electronic certificates allow applications to support security services such as user authentication, non-repudiation of transactions and confidential data exchanges.

Atos, a European actor in IS security, provides PKI for IoT, a complete solution to create and manage electronic certificates for your IoT infrastructure, and manage the connected devices lifecycle.

Strong internal security

MetaPKI ensures data security, including strong authentication to access all MetaPKI functional entities, recording of all actions, encrypted sensitive information, and private and public keys protected using hardware security modules (HSM).

Bull cyber Trust compliance

Certifications

MetaPKI is EAL 3+ Common Criteria Certified and is also RGS basic level certified

Performance

Produce 1,000+ certificates per second in specific formats like C-ITS certificates for car-to-car communication

High-performance technology for IoT

n-Tier architecture and scalability

  • 3-Tier architecture: Front office, back office and external databases
  • Scalability: Capability to add several front offices and/or several back offices

Automation and auto-enrollment protocols (CMP, SCEP, EST)

  • CMP and SCEP already available for X509 certificates
  • EST in progress for X509 certificates and other formats

Support for Long-Term CA (X509 certificates with RSA or ECDSA keys), Pseudonym CA (X509 certificates with RSA or ECDSA keys), and short-lived pseudonym certificates (C-ITS) (Specific certificates with ECDSA keys).

Performance

  • Capacity to produce over 1,000 certificates/second in specific formats (like C-ITS certificates)

Specifications

System requirements
  • Linux Platform (e.g. Red Hat or SUSE)
  • Open source international components delivered with MetaPKI: Apache, OpenSSL, PostgreSQL and PHP
  • LDAP Server: when the CA publishes certificates and/or LCR in a directory
  • SMTP Mail Server: when MetaPKI sends notifications related to the management of certificates
Norms and standards
  • Certificate compliance with ITU-T X.509v3 and RFC 5280
  • Certificate enrollment protocols: SCEP, CMP (RFC 2510 et RFC4210), CCEP
  • Certificate profile compliance with ETSI TS 101 862, Netscape and Microsoft
  • Revocation information compliance with ITU-T X.509v2 LCR and OCSP Protocol (RFC 2560)
  • Certification request format: PKCS#10, SPKAC
  • Key exchange format: PKCS#12
  • Connectivity: LDAP, HTTPS, SMTP
  • HSM interface: PKCS#11
Environment

Hardware and software for MetaPKI hosting

  • Physical Servers: 32/64 bits platform with at least 4 Go of RAM, 10 Go of available disc memory, 2 Ethernet ports
  • Virtual Machines: VMWare, HyperV
  • Operating System: Red Hat 5 and 6 (32 or 64 bits) / SUSE SLES 10 and 11 (32 or 64 bits)
  • LDAP Server: CAs publish the certificates and/or the LCR in a LDAP directory
  • Mail Server: Email sending is possible for each step of certificates life cycle

Workstations for MetaPKI users

  • Browser: Internet Explorer 8 version and later, Firefox, Chrome
  • Java Runtime Environment: 1.6 (superior to update 19), 1.7 et 1.8

Smart Card

  • All smart cards with PKCS#11 interface and particularly: CardOS, Gemalto ID PRIME MD840, Gemalto IAS TPC, Gemalto Classic TPC IM, Gemalto Cyberflex Access 64k v2, Morpho vpsID SmartCard Ux, ActivIdentity ActivCard 64K V2C

HSM

  • All HSM with PKCS#11 interface and particularly Bull TrustWay Proteccio®

Functionalities

Electronic certificates may be used to support:

  • Strong authentication for users with smart cards or USB tokens (two-factor authentication)
  • Strong authentication for web servers (SSL/TLS)
  • Strong authentication for VPNs (Virtual Private Networks)
  • Electronic signatures to provide integrity and non-repudiation of transactions
  • Data confidentiality for data in transit or in storage.

    • Users and applications are provided with one or more key pairs (a public key and a private key) and public key certificates, generated by a Certification Authority (CA), that associate the registered user or application with the public key.

    MetaPKI supports one or more Certification Authorities that may be independent, or subordinate CAs.

    A whole range of security profiles for public certificates is supported by MetaPKI. For each profile, the registration process may be tailored to the specific needs of the organization and integrated with the existing IS.

    A workflow manager handles the registration process in order to minimise the time to produce and manage the certificates through the use of one or more Local Registration Authorities (LRA).

    Options

    A validation authority (Vericert) for checking the validity of a certificate against a validation policy

    More information on the Vericert solution >>

    Related resources and news

    IoT Security Suite

    Build trusted and secure Intelligent Transportation Systems

    Secured V2X communication is critical to set up reliable ITS. Discover how PKI solutions are the key to securing exchanges between connected vehicles and roadside units.

    Atos cybersecurity IDnomic ITS webinar

    Webinar

    Bring trust to Intelligent Transportation Systems with a cybersecurity and standardization approach.

    News

    Upcoming events >>

    Press releases >>

    Interested in our PKI for IoT solution?

    Contact us