Today we are introducing spiffy new developer preview features to Programmable Wireless. Trust Onboard (X.509 certificates on every SIM) and Wireless VPNs.
With Trust Onboard, every Programmable Wireless SIM comes with two X.509 certificates pre-provisioned (“onboard”). This provides a built-in mechanism to differentiate device identities and gives you more options to authenticate against cloud services.
Why does this matter?
Imagine you plan to manufacture 10,000 devices for distribution and each of those devices will connect to your cloud service the first time it’s turned on. Instead of rolling your own mechanism to assign and validate the identity of each device, you can utilize the certificates onboard the SIM. This can save time and money in your manufacturing process while at the same time adding a level of comfort around authentication.
- Trust, Built-in. With certificates on each SIM, you don’t need to worry about generating or transporting your own or establishing a trusted process with your device manufacturer.
- Choose how and where you authenticate. Use Trust Onboard to authenticate against any service such as Twilio Sync for IoT, AWS IoT, Microsoft Azure or your own HTTP or MQTT services. In the first stage of the developer preview, Twilio provides an API to retrieve certificate files that correspond to those preloaded on your SIMs. As time goes on, we’ll add out-of-the-box integrations to popular cloud services. In either case, private keys never leave your SIMs. Two different mechanisms are supported for utilizing the certificates during authentication.
- Save time and money. Maintaining and operating a hardware security module (HSM) requires domain level experts, time, and money. With Trust Onboard, you don’t have to worry about certificate generation.
A Wireless VPN, powered by Interconnect, enables you to manage your SIMs’ network traffic end-to-end.
Why is this important?
There are two major reasons you’d want all your SIM-connected devices on a VPN:
- Access your devices, anytime. Every SIM is assigned a unique (private) IP address, allowing you to initiate network connectivity toward the device from your other network elements.
- Enhanced security. Devices are connected to your private network using IPSec encryption. You can control the internal and external network services that are accessible to devices.