Automated Security Certificate Management for Embedded Systems
RomCert is a platform independent implementation of the Online Certificate Status Protocol (OCSP) and the Simple Certificate Enrollment Protocol (SCEP) and makes embedding security certificate management into resource sensitive embedded systems and consumer electronics fast, easy and reliable, while decreasing time to market.
RomCert
Billions of devices now have the capability to communicate on their own to retrieve the latest application data and firmware updates across the Internet. Each of these network enabled devices (printers, health appliances, network routers and switches, and more) are now potential targets for malicious intent. The important and unprecedented need for secure communications has never been higher.
Public Key Infrastructure (PKI) and certificate-based authentication play an integral role in securing and administering networked devices and services on the Internet today. PKI is widely deployed and many wireless and wired technologies depend upon it, including WiMax, 802.11i, SSL, SSH, DTCP-IP, WiFi, 3G and more. As an example, in many cases PKI and certificates ensure networks and services are being accessed by assigned users and devices in addition to properly administering privileges. In real world situations, certificates need to be updated to maintain integrity of security policies as roles and operating environments change. Manually updating certificates, especially on remote network devices is error-prone, inefficient and simply can not scale with the rapid growth of network enabled embedded devices in our high-tech environments.
RomCert is specifically engineered for resource sensitive embedded devices such as consumer electronics, dedicated healthcare products, energy and Smart Grid devices, military applications, and enterprise network management and control products.
As with all Allegro Integrated Embedded Device Security products, RomCert is hardware architecture, RTOS, and TCP/IP stack agnostic and automates certificate management in your embedded design. Offered as an option for Allegro’s RomPager Secure and RomWebClient Secure SSL/TLS embedded solutions, RomCert can communicate with most any Certificate Authority (CA) via HTTP to request certificates, renew certificates and pull down Certificate Revocation Lists (CRL) that have been issued.
Features |
Benefits |
|---|---|
|
Small code footprint |
More resources available for application features |
|
ANSI C Source Code Distribution |
Broad processor architecture support, eases porting and support |
|
Processor, RTOS and TCP/IP stack agnostic |
Allegro’s products will work with new or existing hardware and software designs |
|
Interface files for leading RTOS vendors provided |
Minimizes porting effort, increase time to market |
|
GPL Free |
No licensing or development issues related with GPL |
|
Communicates with CA via HTTP |
Easy integration with designs already using HTTP |
|
Pre-integrated with RomPager Secure and RomWebClient Secure embedded SSL/TLS |
Decreased time to market as integration and testing with SSL/TLS is already complete |
Supported RFCs
- DRAFT – Cisco Systems’ Simple Certificate Enrollment Protocol(SCEP)
- RFC 2560 – X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP
- RFC 2616 – Hypertext Transfer Protocol — HTTP/1.1
- RFC 2617 – HTTP Authentication: Basic and Digest Access Authentication
- RFC 3280 – Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
System Requirements
- Processor Architecture – Agnostic to any 16-bit, 32-bit or 64-bit processor
- Operating System(OS) – Agnostic to OS vendor and will function without an OS if needed
- TCP/IP Stack – Agnostic
- Filesystem – Agnostic to vendor implementation and will function without a filesystem if needed
- Compiler – ANSI C