Security solutions for IoT and IIoT based on

Public Key Infrastructure (PKI)

PrimeKey’s end-to-end take on security solutions for Internet of Things (IoT) and Industrial IoT (IIoT)

IoT and IIoT security solutions from PrimeKey

PrimeKey is a pioneer in the open source PKI and Signing security software that provides businesses and organizations around the world with the ability to implement secure IoT and IIoT solutions in the healthcare industry, for smart factories, to secure supply chains and more. 

PKI has been the de-facto standard on the Internet for more than a decade and it has been proven to be both scalable and flexible. It is now also instrumental for  secure IoT and IIoT solutions. PrimeKey’s solutions include: EJBCA Enterprise, PrimeKey SignServer Enterprise, PrimeKey SEE and the PrimeKey EJBCA Appliance.

Security solutions for IoT - visualization cloud

Why are Security Solutions for IoT important to reduce threats?

IoT is often defined as a network of physical objects that can interact with other Internet-enabled systems and devices to share information and perform actions. This means Internet of Things encompasses everything from cars to cooking devices, from MRI scanners to wind turbines.

For businesses across a range of industries, Internet of Things provides opportunities for cost reductions and increased revenues. By 2024, there will be more than 22 billion connected devices in the world. So where do security solutions for IoT and IIoT fit in? There is no question that the impact of IoT and Industry 4.0 is transforming industries, businesses and ultimately, our lives. But as the physical objects around us become connected, they also become susceptible to a variety of cybersecurity threats. With IoT solutions maturing and taking on a key responsibility in the new revenue streams, workflows and value propositions of progressive businesses, IoT security becomes a central issue – and a complex one at that.

Security product briefings
IoT certificate lifecycle

It is imperative to provide a secure foundation for Internet-enabled physical objects that is able to:

  • Assure the identity and authenticity of all devices.
  • Make sure devices run only on authorized code.
  • Manage the lifecycle of each device, ensuring the chain of custody.
  • Enable safe over-the-air updates to maintain security and allow for new features over time.
  • Protect communication across unsecure networks.
  • Secure sensitive data and safeguard regulatory compliance.

In addition to the functional aspects, security solutions for IoT and Industrial IoT (IIoT) must also be scalable, potentially handling billions of devices, and flexible enough to cost-efficiently integrate with IoT and IIoT platforms along with back-end enterprise systems.

Because PKI and Signing solutions are the fundamental building blocks of IoT and IIoT security, it enables businesses developing IoT offerings to ensure the Internet of Things does not become an Internet of Threats. 

PKI and Signing addresses the complex and diverse security challenges of IoT and IIoT

When developing IoT and IIoT security solutions, PKI and Signing are fundamental for security and compliance. It enables secure communication between parties and provides security through trusted identities that are necessary for authentication, integrity and confidentiality.

Benefitting from the proven track-record of PKI and Signing, all aspects of IoT and IIoT security can be addressed:

Protect IoT and IIoT devices

  • Guarantee that each device has a unique and traceable identity.
  • Ensure that code running on devices – including firmware, operating system and applications – is authorized and not tampered with.
  • Enable secure, over-the-air updates to add features, improve performance and ensure security over time.

Protect device communication

  • Safeguard communication through encryption, protecting data when in transit across unsecure networks.
  • Validate the identity and authenticity of devices attempting to communicate with IoT and IIoT platforms and back-end systems.

Protect sensitive data and safeguard regulatory compliance

  • Enable sensitive data to be encrypted on the device when in transit and stored centrally, ensuring the ability to stay compliant with regulatory demands.

Manage lifecycle and chain of custody

  • Provision devices in manufacturing, establishing a unique and traceable identity of every device.
  • Manage devices in operation, ensure correct authority to take action and handle how devices are decommissioned or repurposed, or if ownership changes.

PKI and Signing are a proven way to protect valuable assets and functions within the complex and diverse security challenges of IoT.

Download the white paper by Siemens Energy & PrimeKey

Cybersecurity: An Enabler for Critical Infrastructure


Learn about the secure implementation of an IoT solution in an IIoT electric utilities environment, specifically transmission. This white paper also covers PKI, mutual authentication, secure certificate imprinting, product components designed for industrial use, and firmware signing.


IoT and IIoT security solutions built on open standards

For an end-to-end take on Internet of Things security, PrimeKey delivers IoT PKI, Signing and secure execution hardware solutions built on open standards, with proven scalability and more than 20 years of history protecting the world’s most valuable digital assets.

EJBCA® Enterprise is an open source based PKI that has been proven in a range of contexts — from critical telecom and power infrastructure to smart products from several of the world’s most recognized brands.

  • EJBCA is proven as the leading security software for Certificate Issuance and Certificate Management across industries, including several of the most demanding use cases in the world.
  • Due to mature and proven source code, EJBCA provides the least likelihood of disruptive software defects and it has been proven time and again to enable standards-based, cost-efficient integrations.

Read more about how PrimeKey products offer a secure foundation for IoT:

PKI Security supporting the full IoT eco system

Securing value chains
CodeSigning-Sign-Server copy

The code signing capabilities delivered by open source based SignServer Enterprise ensures authenticity and integrity of both data and code on devices. PrimeKey has vast knowledge and experience in partnering with globally leading software and hardware vendors, utility providers, car manufacturers and system integrators, to secure their software distribution chain.

Learn more about SignServer Enterprise:

SignServer Enterprise



By using the trusted execution environment, PrimeKey SEE, you can run your  mission-critical application in any uncontrolled environment. PrimeKey SEE is a full-size rack-mount application server that comes with a patented FIPS protected execution environment where your application and data can only be accessed by an authorized security administrators, making it impossible to access, to extract or to modify by an unauthorized party.

Learn about PrimeKey SEE:

PrimeKey SEE



In a pilot project, PrimeKey and Infineon present a solution that enables the safe commercial use of multicopters. It combines Public Key Infrastructure (PKI) with the OPTIGA™ Trust X security controller and the SLS37 Ready-to-Connect eSIM for mobile IoT applications. Check out our joint white paper with Infineon about multicopter authentication and our illustration explaining Multicopter Safety via Security.

PKI in Action

Get in touch about security solutions for IoT and IIoT

Fill in your contact information below and we will get in touch with you.

  • Hidden
    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.

Key features of PrimeKey PKI solutions for IoT and IIoT

Protect IoT and IIoT devices

  • Establish device identity
  • Issue X.509 and RFC5280 certificates
  • RSA and Elliptic Curve algorithms
  • Supports both batch production and single-instance issuance
  • Support both client- and server-generated keys


Ensure software integrity with PrimeKey SignServer

  • CMS/PKCS#7
  • Authenticode for signing Windows executable files and installer applications.
  • JAR signing for signing Java and Android files.
  • Plain signature, for generic signing.


Protect device communication

  • Supports TLS certificates for both client and server to encrypt communication in transit


Protect sensitive data and ensure regulatory compliance

  • RFC 5280, ETSI/eIDAS and WebTrust-compliant
  • Support for HSMs from leading vendors
  • Compliance support for NSA SUITE B algorithms
  • Tamper-proof hardware for insecure environments with PrimeKey SEE
  • Enabling GDPR-compliance across platforms and systems
  • Future-proof and flexible to support regulatory demands of the future


Manage lifecycle and chain of custody

  • Full lifecycle support with certificate issuance, renewal and revocation
  • Time-stamped digital signatures enabling traceability
  • Support for vendor certificates and digital twins
  • Ensuring identity and correctness in representation of digital twins
  • Secure audit logs in all certificate lifecycle and digital signature operations


Scale over time

  • Linear scalability for performance and high availability by adding multiple nodes
  • High performance, >500 requests per second can be achieved on a single server
  • Configurable to support a multitude of use cases
  • Use standard SQL database, scaling infinitely
  • Highly scalable Java Enterprise applications
  • Proven to support billions of certificates in operation

How can we help?

  • Hidden
    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.
Contact us