Bootstrap credential
A bootstrap credential serves as the initial identity mechanism for a device and provides secure authentication with Device Trust Manager from the moment it is manufactured. The bootstrap credential, which may be a certificate or a passcode, remains with the device throughout its lifecycle.
Bootstrap credentials are used during provisioning to establish a secure connection with Device Trust Manager. Once authenticated, the device can request operational certificates for secure communication throughout its lifecycle. Additionally, bootstrap credentials support other policies, such as deployment and platform management, allowing devices to maintain security posture by retrieving or applying necessary updates.
Authentication methods
A bootstrap credential allows the device to authenticate with Device Trust Manager using the following methods:
Authentication method | Description | Recommended for |
|---|---|---|
Certificates | Devices requiring robust security and long-term identity management, such as industrial equipment, smart meters, and medical devices. | |
Passcodes | An alphanumeric passcode that can have usage restrictions or unlimited use. Used to authenticate and request certificates using protocols like SCEP and EST, which facilitate secure certificate enrollment and management for IoT devices. NotaWhile passcodes provide flexibility, they offer less security compared to certificate-based authentication. | Legacy devices, resource-constrained devices, or environments where provisioning individual certificates is impractical. Recommended only for lower-security environments. |