Cloud Provision icon

Mbed Cloud Provision

Solves the problem of configuring millions of devices with unique identities and the correct server credentials during manufacturing.

Mbed Cloud Provision enables device manufacturers to configure millions of devices with unique cryptographic identities and the Mbed Cloud connection parameters before they leave the factory. With Mbed Cloud Provision you can create, inject and securely store the private keys, certificates, server URL and certificate, connection parameters and firmware update keys necessary to connect to Mbed Cloud and manage devices.

Mbed Cloud Provision capabilities are delivered as a flexible and extensible SDK supporting multiple factory floor configurations and trust levels. The SDK comprises two software components:

  • Factory Configurator Client (FCC) is part of the Mbed Cloud Client software running on the device.
  • Factory Configurator Utility (FCU) is integrated into manufacturing, testing and provisioning equipment running at the factory floor.

The FCC and FCU work together to inject, validate and securely store device credentials and configuration in protected storage in the device.


Secure Identity

To connect to Mbed Cloud each IoT device must have a unique cryptographic credential. Mbed Cloud uses this unique credential to authenticate devices, generate session encryption keys and authorize device access to various system services. The device cryptographic credential must be stored securely as it is used to protect data that moves between the device and the server, and to protect the Mbed Cloud device management service itself from unauthorized access.

Secure Storage

The device private keys, certificates and firmware validation keys are securely stored in protected storage implemented by Mbed Cloud Client. The protected storage can secure the data in external and internal non-volatile memory serving as a protected root-of-trust in the device. For increased security, the root-of-trust can utilize TrustZone capabilities supported by Arm processors.

Secure Connection

Each IoT device must be configured with the correct server and connection parameters to identify, connect to and authenticate the Mbed Cloud server. Mbed Cloud Provision supports industry-standard X.509 certificates. The certificates facilitate mutual authentication and establishment of encrypted DTLS or TLS sessions between devices and the Mbed Cloud server.