[Key Management] Provisioning proposal for connected GDP/AGL-RP devices
arthur at advancedtelematic.com
Thu Sep 8 08:36:25 EDT 2016
Please excuse the cross-post - not sure where this fits best.
We've been discussing inside ATS how we're going to manage device
registration for OTA client devices (in development contexts, where ATS
is responsible for the key management). This has implications for the
provisioning of GDP and AGL Reference Platform devices, which include
the OTA client, but is generally applicable to any device consuming
Until now, we've been manually provisioning devices, either by creating
credentials for them by hand or generating credentials online that must
manually be downloaded and installed in the devices.
As we move to deeper integration with both GDP and AGL-RP, we're
interested to have a convenient, flexible and generic solution for both
projects and for any service that depends on secure cloud authentication.
The proposal attached is a summary of our current proposal, which is
consistent with best practices that we've seen in the field. It
references a couple of components that don't yet exist as GENIVI / AGL
components (though there are existing solutions available either as open
source or proprietary software):
- Device Registry - maps user accounts to devices
- Authorization Server - manages the mapping from IDs to permissions
- Registration Service - where devices connect to create credentials
- User Preferences Service - store for user preference information
- Certificate Repository - secure store (possibly HSM-backed) for keys
We'd be interested to have feedback from anyone working on similar
topics or who can give us advice about the suitability of the approach
for AGL / GENIVI use-cases.
Arthur Taylor, ATS Advanced Telematic Systems GmbH
Kantstrasse 162, 10623 Berlin
Managing Directors: Dirk Pöschl, Armin G. Schmidt
Register Court: HRB 151501 B, Amtsgericht Charlottenburg
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 316549 bytes
Desc: not available
More information about the genivi-projects