A story of digital ID cards, emergency parachutes, and security that survives sleep
IoT adds a brand new digital ID card: the eIM Certificate: for the remote control centre. It comes in two flavours: a Signing Certificate (proves commands are genuine) and a Transport Certificate (encrypts the connection). Two separate keys: like a lock for your front door and a different lock for your diary!
Not all devices have the same power. Full PKI for powerful gateways, Certificate Pinning for most devices (trust one specific ID), and Raw Public Key for ultra-tiny sensors: just the raw secret code, no fancy parsing. Something for everyone!
Your phone uses TLS, but IoT devices use DTLS: a lightweight version that works even when the device falls asleep and wakes up. The magic trick? Connection ID. Like leaving your jacket on a chair to save your spot, it lets a device resume its secure connection after a nap: even with a new IP address!
If a profile switch goes wrong and the device loses all connectivity, the eSIM chip automatically switches to a Fallback Profile: a backup that's always there. This happens without any server involvement. The chip just does it on its own: like an automatic parachute that opens when it detects you're falling!
The system protects against four threats: imposter commands (digital signatures), replay attacks (counters), fake control centres (only trusted eIMs), and snooping (everything encrypted). Four layers of protection: no dark arts getting through!
DTLS with Connection ID means a device could change IP addresses: like moving to a different WiFi network: and still keep its secure conversation going without starting over. It's a truly uninterrupted encrypted tunnel!
Learn how eSIM chips keep a trusted friends list!
📖 Next: The Trusted Friends List →