在我们的传感解决方案的设计和开发过程的每一个环节中,Disruptive Technologies都将安全和隐私放在首位, 包括芯片设计, 传感器设计, 无线电协议设计, cloud services and APIs.

Every layer of the Disruptive sensing solution is secure, from the individual sensors to the applications processing the data. Measurement and sensor identity data is encrypted within the sensors themselves. 的数据 保持加密 through radio transmission, cellular or Ethernet forwarding over the Internet until it reaches Disruptive’s secure cloud. 的数据 is then passed to customers’ applications via encrypted protocols. 干扰云中的访问控制机制将传感器数据受控地交付给指定的处理系统.

Disruptive is committed to making sure customers enjoy simple installation, streamlined operation and low cost of maintenance. 破坏性感知解决方案中的安全和隐私架构和控制旨在提高生产率, 不会让你慢下来. 有了完全安全的系统,客户可以专注于使用数据来满足他们的业务目标,而不用担心意外的数据访问.

为什么SecureDataShot

With SecureDataShot, we pair sensors directly with users, rather than with a gateway. 这种体系结构实际上消除了利用连接到网关的安全体系结构中的漏洞进行中间人攻击的可能性.

Unlike 物联网 technology that connects devices and data through a gateway, 颠覆性技术使用云连接器来消除物联网架构中的典型安全弱点,并简化实现和维护. We call this revolutionary end-to-end secure solution SecureDataShot™.

Pairing sensors directly with users via a 云连接器 is also easier and faster than using a gateway. In our architecture, multiple 云连接器s allow for roaming to eliminate bottlenecks. 与基于网关的系统相比,使用破坏性架构的初始安装和对现有安装的后续扩展要快得多.

Screenshot 2020-07-16 at 10.09.00

SecureDataShot™ removes typical “man in the middle” security weak points by using end-to-end encryption.

操作安全

Security is built into the development and manufacturing of Disruptive’s sensing solution at every stage.

Initial Crypto Key Installment

When it is manufactured, each sensor is assigned a unique 256 bit asymmetric encryption key. Key generation is managed by a tamper-proof FIPS 140-2 Level 3 certified hardware security module.

非对称加密密钥的公开部分通过加密通道与破坏性云交换. 加密密钥 are installed in a physically secured production facility with limited and audited access control. When these keys are securely exchanged, the sensor and the cloud authenticate each other and establish a tamper-proof, end-to-end encrypted communication channel.

Disruptive拥有与安全、低能量密钥交换相关的专利,当一个新的传感器加入到Disruptive网络时,密钥交换就会发生. 破坏性云连接器同样也提供了传输层安全(TLS)证书,以建立安全连接并防范针对破坏性云技术的中间人攻击.

Storage of Cryptographic Keys

On the Disruptive cloud side, cryptographic keys are stored in separate components, 除了用于建立会话通信密钥之外,哪些是锁定的,对系统的其他部分不可用的. For protection against loss, encrypted backups of device keys are stored in multiple secure locations.

监控

All Disruptive system components are instrumented and monitored 24 hours per day, 每周七天. 运行参数以外的异常会触发警报,并自动通知我们的响应团队启动上报程序.

谷歌云

Disruptive cloud components are running in 谷歌云, one of the most advanced security organizations in the world, with top level security controls. We follow best practices for security for each of the components in use. 颠覆云也使用谷歌基础设施服务,并依赖这些服务和谷歌的安全性来防止攻击.

端到端加密

connectorblog

The illustration above highlights the following characteristics of the system:

Third-party Verification

Disruptive has completed two independent security reviews, conducted by UL, a global safety consulting and certification company and security expert Lars Lydersen.

"The EVM of the assessed components placed within the top 5-10% of 执政官的’s client-base. 

整体安全态势被发现是极好的,低风险和信息风险发现的数量最少."

执政官的

 

数据所有权

Data processed through the Disruptive solution is owned by the customer. The Disruptive cloud collects data from connected sensors, such as temperature readings, 湿度, button touches or door opening/closing events.

Customers may also add some metadata to the installation, such as naming the sensors or attaching key/value labels to them. 通过这个过程,客户可以从传感器提供的原始数据中创建个人数据.

客户通过DT 工作室或我们的api进入系统的数据作为客户的财产受到Disruptive的保护. 对数据的访问由客户控制,以至于客户如果需要帮助,必须明确授予破坏性客户服务访问权限(e.g. 使用DT工作室.)

Data Access and Restrictions

默认情况下 our developers do not have access to production data. The number of Disruptive personnel with system access to production data is kept to a required minimum. 对生产数据的访问会生成审计日志,客户的数据保护策略会为这种访问指定规则. Data required by Disruptive to analyse sensor performance, energy consumption and lifetime estimates is managed according to contract terms for such use.

Technical Access to Sensor Data

Customers can access data from sensors via 数据连接器 and via the use of our API. 数据连接器通过与其他设备信息相同的访问机制进行控制,并且只能由具有足够权限级别的人员进行配置.

数据连接器

数据连接器 push data to configured end points. Only encrypted channels are accepted. Customers can provide a secret to each data connector, which will be used to cryptographically sign each event passed through the data connector. By verifying the signature on the receiving side, customers may confirm that no unauthorized third party can pass data into their reception point 未被发现.

流API方法

对于某些应用程序, the API allows setting up streaming connections that listen to a subset of sensors in a project. All API access is authorized through access rights granted to service accounts. The API user must authenticate the API access through valid service account credentials, and the service account access rights will limit what the API access will allow. 服务 accounts and their access rights are controlled by customers themselves, either through DT 工作室 or programmatically through the API.

隐私

客户通过向用户和服务帐户授予角色来控制对项目及其组织的访问. It is the responsibility of the customer to manage who has access to their data through these mechanisms. 用户或项目值的访问管理和原始数据标签可以通过DT 工作室用户界面或API完成. Using these control mechanisms, customers can and must comply with regulations that may pertain to their collection of personal data.

GDPR

2018年5月25日生效的《爱博app下载》(“GDPR”)是一项重要立法,旨在加强和统一全欧洲一致的个人数据保护制度. The GDPR applies to companies that collect and handle personal data from EU-based individuals, regardless of where the data is processed.

个人资料是指与个人有关的任何可直接或间接识别的资料. The GDPR distinguishes between companies that act as data controllers and data processors. 的数据 controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller.

在使用Disruptive Technologies的服务时,客户通常会作为数据控制器处理他们所处理的任何个人数据, while Disruptive Technologies is a data processor. 作为数据控制器, customers are required to assess whether their data processor is meeting the requirements of the GDPR.

Disruptive Technologies自身的企业GDPR合规包括实施技术和组织措施,以确保与风险相适应的安全级别, 如:

Data Storage Locations

All sensor and 云连接器 data are stored in the EU region of Google’s data centers. For customers in other regions, data will be stored in Google’s regional data centers. Google’s 云 Platform is compliant with applicable EU regulations on privacy and data protection

结论

For everyone at Disruptive Technologies, security and privacy are a priority, not an afterthought. 在整个产品设计和开发过程中,我们通过建立安全控制并严格测试来确保安全性. 您可以相信,只有您指定的人可以访问传感器数据,数据是隐私和安全的.

Øystein Moldsvor

Øystein Moldsvor

Øystein is the co-founder and VP Engineering at Disruptive Technologies. He graduated from the Norwegian University of Science and 技术 with an MSCEE in Electronics. He brings 更多的 than 20 years of experience in leading roles within the semiconductor industry. Before founding Disruptive Technologies, he was a co-founder and CTO in Arctic Silicon Devices and R&D Director for data converters in Nordic Semiconductor ASA. Øystein充满激情地推出创新产品,克服物联网障碍,创造前所未有的连接水平.

保持更新

Follow this blog for a peek of our future!