Melody Wood | Partner Solutions Marketing Manager, Thales
nTropy.io is a Thales Technology Partner with established PKI and IoT expertise providing both advisory and implementation services. This article explores how nTropy successfully designed a solution leveraging Thales Luna HSM to accelerate key injection material for wearable medical devices by 20x.
While wearable medical devices save lives, they also pose a unique set of cybersecurity challenges. Being able to track, analyze, and use accurate information is critical to ensuring a patient’s well-being. Each device relies on wireless data transmission to relay collected data back to the patient’s phone or other monitoring tool.
Unfortunately, wireless data is notoriously vulnerable to hacks and exploits. A potential hacker can compromise the device’s integrity and safety, or access confidential patient records stored on servers.
For these reasons, medical device security is a top priority. To better protect against these threats, medical device producers increasingly seek to protect their devices using Public Key Infrastructure (PKI). PKI is a trusted and widely used cryptographic practice that protects both data and user integrity. First, it encrypts sensitive data transmission between medical devices and any host system. Second, PKI also relies on key and certificate protocols to verify access credentials for devices and users.
To protect medical devices with PKI, each device needs to have certain components (certificates, keys) embedded during the manufacturing process. However, neither medical device producers nor contract manufacturers are typically specialized or knowledgeable about how exactly this trusted process should happen.
This is where 3rd-party companies such as nTropy.io come into play, given their PKI and IOT expertise. They offer security solutions to clients in MedTech, V2X, and Industrial manufacturing. nTropy developed a unique PKI-injection capability for devices using their patented solution, rTery. This scalable engine can inject hundreds of thousands of digital certificates and keys into the silicon of each device during the physical assembly stage of production. Using rTery, manufacturers can perform mass pre-generated key bundle installations during production time up to 20x faster than before.
Each key bundle injection is unique and cryptographically strong – improving “depth of defense” protections against IoT device compromise. Given the reliance on the keys to encrypt/decrypt device data and perform certificate signatures, ensuring their integrity is paramount. Hardware Security Modules (HSM) such as Thales Luna HSMs, can be leveraged to both generate and securely store the encryption keys. Luna HSMs add security layers both physically and logically by managing cryptographic keys in a high-assurance, tamper-resistant, and FIPS 140-2 validated appliance. Using HSMs also protects encrypted data even if a breach occurs, since the decryption keys are stored separately.
The result? Medical sensors are now better protected and trusted using established PKI standards to ensure proper authentication to other devices, provide end-to-end encryption, and then derive keys to decrypt data when it arrives at a verified location.
Both Thales and nTropy.io are proud to help protect patient health data from security threats. To learn more, read this case study.