Mocana has added certificate management capabilities to its flagship device security software suite. The Certificate Management extension to Mocana's Device Security Framework combines a device runtime with a network-based application, with the aim of helping network operators efficiently provision and revoke certificates issued to VoIP phones and other connected devices.

According to Mocana, certificate-based authentication defends better than simple password authentication against SPIT (spam for Internet telephony), hijacked VoIP services, and other device security compromises. However, when managed manually, certificates may simply be left in devices until they expire. The company's Certificate Management extension aims to help network operators easily revoke and re-issue certificates over the network — for example when devices are re-allocated to new users. This is said to greatly increase the scalability and practicality of implementing certificate-strength authentication in devices.

Mocana certificate management architecture
(Click to enlarge)
The Mocana Certificate Management extension implements the server component of SCEP (simple certificate enrollment protocol), a scalability-oriented authentication scheme originally developed by Cisco and Verisign, and subsequently submitted to the IETF as a draft standard (although it appears to have expired earlier this month). The extension also implements certificate authority and certificate registration authority services, Mocana said.

Touted capabilities and features include:

• Certificate enrollment and renewal — issuing a certificate to a specific user or device and/or renewing that certificate at regular intervals before expiration
• Certificate revocation — withdrawing a certificate from a specific device for a certain reason, making that device inoperable
• Certificate query — obtaining the Certificate Authority certificate and/or obtaining the end entity's certificate
• CRL query – obtaining information on whether a certificate has been revoked
• Uses Mocana's FIPS-validated PKCS and crypto libraries

According to Glen Allmendinger, president of Harbor Research, “As connected devices continue to proliferate across all industries, the need to automate security and systems management will be paramount. Connected devices will require security software that can [ease] provisioning burdens.”

Mocana CEO Adrian Turner added, “The rate at which connected devices are proliferating is staggering. IT organizations are experiencing the pain of not only making sure those devices are secure when rolled out, but more importantly, managing the on-going security.”

Availability

The Mocana Security Management extension is available now for Linux, MontaVista Linux, VxWorks, Nucleus, Solaris, ThreadX, Windows, Mac OS X, (ARC) MQX, pSOS, and Cygwin, the company said.

---

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.