The PolicyNet M2M software is comprised of both the infrastructure and field domain common service functions. The infrastructure domain functions are available in the cloud-based PolicyNet M2M platform, and the field domain functions are available inside select M2M LTE Modules that include the PolicyNet M2M CSE firmware.
Configurations supported by oneM2M Architecture
Available inside select M2M LTE Modules that include the PolicyNet M2M CSE firmware.
The dramatic increase in Machine-to-Machine (M2M) / Internet of Things (IoT) application deployments across diverse vertical markets such as telematics, transportation, healthcare, utilities, industrial automation, digital advertising, vending and smart homes presents compelling opportunities for application vendors, network operators and operational support system providers. However, the sheer scale and diversity of IoT opportunities also presents very complex operational challenges in maintaining the quality and availability of service. To address these challenges, the PolicyNet M2M platform provides the service flow orchestration and security services that guarantee reliable information access for authorized users and ensure trustworthy and accurate information.
PolicyNet security implements a defense-in-depth approach to deliver a robust end-to-end security framework for IoT based on three foundations: architecture, process, and response.
PolicyNet employs security components into each layer of an N-Tiered architecture, including: identity management, role based access control, code signing and secure boot, secure key stores, device authentication, FIPS-compliant cryptographic modules and cipher suites, a horizontally scalable and highly available server architecture, application tier separation, session management, input/output validation, remote logging and secure audit trails.
The security architecture incorporates broadly adopted Federal Information Processing Standard (FIPS) approved encryption and authentication algorithms, as well as proven open standards-based network security protocols from the IEEE, IETF, ITU, 3GPP.
The PolicyNet security framework implements both technologies and processes to ensure the confidentiality, authentication, integrity, non-repudiation, access control, and availability of the IoT cyber infrastructure. The process framework addresses both deliberate attacks and inadvertent compromises of information due to user error, equipment failure or natural disaster.
Best practices in development processes focus on eliminating vulnerability classes such as those identified in NIST Special Publication (SP) 800-82 and the Open Web Application Security Project (OWASP) Top 10 vulnerabilities list.
The framework leverages secure manufacturing processes throughout the supply chain, combined with secure, scalable identity management to enable secure boot and secure automated device authenticity verification in the field. For resource constrained IoT devices that do not support digital identity, PolicyNet provides a Risk Based Authentication solution that policies application traffic and control network access and data delivery services according to operator defined policies.
PolicyNet maximizes operational efficiencies, and empowers the user to deploy security controls via enterprise policies appropriate to specific organizational needs, thus eliminating human errors through task automation and meeting the massive IoT scalability requirements by leveraging the power of group policy.
PolicyNet response and mitigation protocols implement distributed intrusion detection monitoring and reporting of security events as an essential part of the architecture. Distributed, policy-based event aggregation and correlation facilities provide the monitoring, filtering, and prioritization required to manage the immense scale of events generated by IoT infrastructures.
The formally defined PolicyNet support protocols and procedures enable timely and effective incident response. Regular system audits provide recommendations for system updates as new vulnerabilities surface, and rapid patch deployment is enabled through scalable group policy based configuration management.