Device certificates enable machine-to-machine (M2M) communication. Device certificates can have long lives, e.g., as long as thirty years. The long life of a device certificate can leave a device open to security breaches, e.g., when a future, sophisticated attack makes the device itself vulnerable, rooted, or otherwise insecure. This disclosure describes techniques that enable devices with long-lived certificates to enjoy secure M2M communication for purposes such as digital unlocking of and access to high-value assets, through the use of additional (parallel), short-lived device certificates. The long-lived certificate, issued by the original equipment manufacturer (OEM) of the device, attests to the secure element of the device. The short-lived certificate, issued by the OEM of the device operating system for the same public key as that of the long-lived certificate, attests to the secure status of the device.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Gariev, Igor, "M2M Communication Security Enhancement Using Additional Short-lived Certificate", Technical Disclosure Commons, (February 13, 2023)