Issue link: https://resources.mouser.com/i/1516458
authenticated. In fact, it is not because in this case, the peripheral has no way of knowing if it actually connected to its specific phone unless the phone can send more information to prove it is genuine. Cartrette notes, "Defining authentication in a way that is meaningful to a forward-looking security conversation is critical, or the rest of the conversation is going to be missing something." Authentication depends on each device having cryptographically verifiable information, one of the most convenient forms of which is a digital certificate, such as an X.509 formatted certificate. However, this is best when, in addition to a certificate, there are device-unique immutable keys borne by the device itself that will asymmetrically authenticate a passphrase or PIN code from a connecting device. "It is a device-local secret," Cartrette says, "that when the device starts up, it has a complete set of material to asymmetrically authen ticate anybody who tries to connect to it." This step is critical because after plugging in the device, you start giving it more secrets for the network- and application-layer relationships. There are other operational certificates and runtime keys for access control, and you will start trusting this device to control critical functions. "To be scalable in a process, you need runtime security management. For that, the device must support machine-readable asymmetric authentication that is automated, verifiable, crypto-backed, and totally trusted," says Cartrette. Having local immutability and local crypto becomes the basis for protecting firmware and software on the device. Cartrette says, "It is impossible to do a good job of protecting firmware integrity if you do not have hardware you can trust." That idea applies to application software, too, and it becomes critical for certain types of devices that are subject to regulations that require software support for the device life cycle and for support of larger, more function-rich software " People look at that security chip like it's just another capacitor. But it's not just a capacitor. This is about compliance. This is about anchoring your trust strategy. It is about enabling ecosystem security management strategies." 17