SecurityWorldMarket

10/11/2022

New Matter accreditation for all IoT devices

Lehi, Ut

Developed by the Connectivity Standards Alliance, or CSA, in consultation with member companies such as Apple, Google, Samsung, Ikea and Digicert. Matter was officially announced on 3rd November by the CSA, and is set to become a new common protocol standard for the interoperability of Internet of Things.

As reported in our article on 12th October, Matter is the first attempt to bring together the biggest names in smart home to develop a standard for secure, reliable interoperability for connected devices. Mike Nelson, VP of IoT Security at Digicert, a company that has been involved in the evolution of the new standard, looks at how companies might approach the certification process now that is almost finalised.

With the Matter protocol having just been officially released, device manufacturers need to start preparing their devices to be Matter trusted and receive the Matter logo on them. Public key infrastructure (PKI) will be a key component of the approach to becoming Matter trusted. Matter will have a few selected roots available in their trusted root store, known as product attestation authorities, or certificate authorities (CAs). These authorities will issue device attestation certificates, which every Matter-compliant device will be required to have to enable secure interoperability and trust.

According to Mike Nelson, device attestation is critical to Matter-trusted devices and accomplishes secure interoperability in three main ways:

1. It provides assurance that the device comes from a trusted manufacturer,

2. It installs a strong identity on the device, so they can be tracked and identified, and

3.  It enables validated, authenticated connections.

Thus, the first step to become Matter compliant is for manufacturers to get Matter-trusted device attestation certificates on their devices.

How to obtain device attestation certificates

When it comes to obtaining Matter-trusted certificates, manufacturers essentially have two options: set up their own trusted root to issue device certificates or purchase certificates from an existing root in the Matter-trusted root store.

The CSA is working to define the process for submitting and accepting roots into their trust store. However, the process for acceptance into the root store will not be easy. Trusted roots will need to meet high standards and rigorous qualifications to be accepted.

As a leader in digital trust, Digicert has been involved with the development of Matter to ensure that it is secure since the early stages of the project. Mike Nelson concludes, "We plan to be among the first with a Matter-compliant root and are ready to submit as soon as the process for root certificate inclusion is finalised."


Tags


Product Suppliers
Back to top