Comment on page
Update Device Credentials
With our token-based solution, the renewal of device credentials is simple and can be autonomously executed by the IoT device itself, as no third party such as a Certificate Authority (CA) is involved.
To update the registered public key the IoT device first needs to create a new key pair and then upload the new public key to the Identity Provider (IdP).
However, to ensure that this process is secure, the IoT device needs to authenticate using a private key JWT. The JWT must also contain the new public key the device want to update. This way the integrity of the public key is protected through the signature of the JWT.
Finally, the request has to include a proof of possession (PoP) to demonstrate that the device is in possession of the private key corresponding to the new public key it wants to update.