From requirements analysis to the end of a device’s service life, data security and providing reliable protection from unwanted manipulation mean that security requirements must be fulfilled. Like cogs in a machine, individual security measures and solutions have to fit and work together in order to create a well-functioning system and to guarantee a risk-appropriate level of security. There is no excuse for carelessness, no matter how slight, as this could make the entire system vulnerable to attack.
ESCRYPT’s video on protecting the entire product lifecycle can be found here.
Below, we present ESCRYPT’s security solutions for the entire product lifecycle of an embedded system.
ESCRYPT’s security analysis lays the foundation for a secure product lifecycle. Here, we determine the data and functions to be protected, identify potential attackers, stipulate the risks posed by a successful attack, and define the requirements.
Design & specifications
The results of the requirements analysis and the security concept provide the basis for a detailed security architecture. ESCRYPT helps to create the security design by specifying all required hardware and software components, infrastructures, and processes, testing their effectiveness, and optimizing them were necessary.
Once the security architecture is in place, it is possible to add on the security building blocks and mechanisms, the security processes, and the guidelines. For this stage in the product lifecycle, ESCRYPT provides a wide range of security products. If required, we will be happy to provide you also with customized software tailored to your security requirements.
Component and system testing
ESCRYPT’s security testing services provide the right tools with which to test the effectiveness and performance of the implemented security solutions.
Integration and activation
The finished security solution goes through integration into the overall system, initial configuration, and activation. Here, ESCRYPT provides support through targeted security consulting.
ESCRYPT's security training courses ensure the respective employees in the customer business have the sensibilities and skills required.
Production and delivery
ESCRYPT establishes the complete public key infrastructure (PKI) and guarantees secure key management for production. During the embedded device’s production phase, ensuring a secure production environment relies on implementing additional measures, such as using production key servers (PKS). Once installed at the customer and after the overall system has passed the mandatory security check, it is also possible to apply for official security certification and ESCRYPT security experts can provide valuable support.
Long product lifecycles often mean having to respond to new dangers and risks by performing security updates. ESCRYPT’s complete solution for secure updates over-the-air provides an easy and straightforward way of distributing (security) updates around the world.