The core component of every token-based solution is the identity provider (IdP). The IdP is responsible to identify and authenticate subjects, services, or in the IoT case, devices. Upon successful authentication, the IdP issues an access token (AT) for that particular device. This access token can then be used by the device to authenticate and authorize itself against any IoT platform that is capable of verifying the access token with the IdP.
Our solution is based on the leading token-based authorization standard OAuth 2.0. However, our solution goes beyond the OAuth 2.0 standard, as OAuth 2.0 only defines a framework for authorization and does not define how subjects, services, or devices are authenticated before they are authorized. Our solution adopts the most secure token-based approach for device authentication by relying on private key JSON web tokens (JWT) for the identification and authentication of IoT devices. As a result, offering a purely token-based solution that eliminates the need for device certificates while at the same time improving security and simplifying the device life-cycle management. Furthermore, your solution addresses several requirements that are specific for IoT applications such as native support for IoT communication protocols such as CoAP and MQTT, as well as purely relying on elliptic curve cryptography.
Beyond the authentication use case, our solution enables a dynamic life-cycle management of the device credentials, by providing an API that allows updating the device credentials autonomously and securely by the IoT devices themselves.
We differentiate between two offerings for our IoT identity provider service. You may choose to consume our service hosted on our cloud infrastructure, or you provide the necessary resources within your own cloud infrastructure for both offering types.
Billed monthly per token issued by our identity provider.
Monthly cost transparency
Only charged for effective usage
Allowing optimal cost/security balance
Billed monthly or yearly per device that is registered with our identity provider.