nRF Cloud Security Services¶
nRF Cloud Security Services provides a mechanism for device identification and the ability to remotely provision security assets to your devices. This eliminates the need to handle keys during your device manufacturing process and enables you to provision devices later once they are deployed.
nRF Cloud Security Services consists of the Identity and Provisioning Services.
The Identity Service allows you to create and manage identity attestation tokens, as well as verify device authenticity according to this token. Using this token, you can then claim devices through the Provisioning Service.
Once you claim a device, you can create a provisioning configuration for it, add it to a provisioning group, and create a provisioning rule to define a configuration for multiple devices in the field.
The provisioning configuration and provisioning rules allow you to, for example, change configuration options on the application level without needing physical access to the device, cycle certificates and credentials, and prepare the device to connect to your own cloud solution.
nRF91x1 SiPs are injected with an identity by Nordic Semiconductor. This identity can be cryptographically verified using the nRF Cloud Identity Service. This removes the need for sensitive key handling in device manufacturing and injected certificate can be public, for ensuring the server side.
- Overview of the Identity Service and attestation tokens.
- Guide to generating and verifying attestation tokens in the nRF Cloud portal and APIs.
The Provisioning Service enables you to provision devices over-the-air (OTA). You can move provisioning to the deployment phase, once you know the target device is deployed. This means you do not need to produce end customer- or deployment-specific batches. Remote provisioning also enables security attest maintenance through, for example, key rotation.