2023-07-04
Are you an engineer developing a product for the new Matter IoT standard? Today, product vendors can prototype and try EJBCA PKI for their Matter IoT devices. Matter is an open-source connectivity standard for smart home and Internet of Things devices that aims to improve compatibility and security.
Security is an essential aspect of the Matter standard, which includes a Public Key Infrastructure (PKI) for issuing device certificates. Every device must have a unique and verifiable identity, and software updates should be cryptographically signed using PKI certificates to enable secure over-the-air (OTA) updates. Therefore, understanding and correctly implementing PKI for your IoT devices is crucial for several reasons:
To help you get started, we offer guides and tutorial videos for testing today. As a product vendor, you may consider retaining full control and ownership of your PKI to sustain flexibility and easily scale with growing demand and product portfolio. With EJBCA, you get that and can start testing and prototyping today. Please note that to create a production PKI compliant with the Matter Certificate Policy, other aspects, such as using a Hardware Security Module for the PAA and PAI signing keys, are required.
A Matter PKI typically implement three levels of trust:
Here's an overview of the steps you need to follow to configure EJBCA PKI for issuing certificates to Matter IoT devices at these levels:
Step 1 - Creating the PAA:
Step 2 - Creating the PAI:
Step 3 - Creating the DAC:
Here is the link to our YouTube Tutorial video:
How-to guide in our documentation
There's also a guide on keyfactor.com, where we go into more detail about Matter IoT and how Keyfactor products can deliver identity issuance, governance, and operational efficiency at scale.
By setting up a PKI to issue Matter-compliant certificates, vendors can ensure their IoT devices adhere to industry standards, communicate securely, and establish trust within the Matter IoT ecosystem. As an engineer, you can use our how-to guide and a tutorial video to start testing today and configuring EJBCA PKI for issuing certificates at various levels within the hierarchy. Remember to keep up with the latest Matter specifications and policies to maintain compliance and stay up to date.