ASSA ABLOY strengthens IoT security with HID’s PKI-as-a-Service

PKI-as-a-Service (Public Key Infrastructure as a Service) is a cloud-based solution for managing digital certificates. These certificates help verify device identities and encrypt data. Offering this capability as a service removes the need for companies to maintain the complex infrastructure themselves.

The system supports compliance with growing cybersecurity regulations, including the EU Cybersecurity Act and the upcoming Cyber Resilience Act. It automates essential tasks like certificate provisioning, device authentication, and lifecycle management. HID’s offline Root Certificate Authority serves as the foundation for secure operations. 

“The implementation of HID PKI-as-a-Service wasn’t just about meeting current security requirements, it was about future-proofing our IoT ecosystem for security and scalability,” says Anders Wallbom, VP & Head of Technology Solutions, ASSA ABLOY. “With the ability to manage over a million certificates annually, we’re now positioned to scale our security infrastructure alongside our business growth.”

A crucial aspect of the solution is cryptographic assurance. This enables every component, such as the inside and outside of a smart lock, to recognize and pair only with verified ASSA ABLOY parts. It also protects against unauthorized copies and counterfeit products in the field. 

Thanks to attestation certificates and automated device bootstrapping, even offline devices can be securely updated and authenticated with minimal manual work. The system also supports emerging IoT standards such as Thread, CoAP, EDHOC, and OSCORE, making it adaptable to future protocols.