Thirdwayv’s AppAuth software provides layers of security to mission-critical IoT apps

Thirdwayv, a leading provider of end-to-end connectivity and security solutions for IoT applications, announced it has added AppAuth software to its growing suite of patented products that provide essential layers of security-by-design protection in a wide variety of mission-critical commercial and enterprise Internet of Things (IoT) applications.

Consisting of three software modules that bring trust to a system’s IoT devices, smartphone apps and cloud, AppAuth works seamlessly with Thirdwayv’s SecureConnectivity platform that is already being used to connect and protect wireless, safety-critical deployments including FDA-cleared drug-delivery systems.

“Mission-critical IoT systems are typically related to the safety of individuals or the protection of high-value property,” said Vinay Gokhale, vice president of business development with Thirdwayv.

“AppAuth enables our enterprise and commercial customers to bring trust to these systems through reliable user and device authentication, identity management and, most importantly, attestation of one system component to the other. AppAuth fills a crucial security layer in any comprehensive mission-critical IoT solution.”

AppAuth enables users to control mission-critical connected IoT devices in the medical, industrial and infrastructure markets with their own smartphones.

AppAuth protects communication links as well as the surrounding environment of such links. It provides a digital cryptographic identity to each element of the IoT system and enables each system element to validate the authority and privileges of the others.

AppAuth can be used alone or in conjunction with Thirdwayv’s SecureConnectivity solution that improves overall security of IoT devices while enabling them to be connected and controlled via the same Bluetooth connection found in any commercial smartphone.

For the smartphone app, AppAuth utilizes smartphone hardware root of trust to continually monitor phone operating system (OS) integrity and authenticity and protects the app from OS vulnerabilities and malware attacks.

AppAuth also hardens the app against reverse engineering and tampering threats. The AppAuth module on the IoT device enables it to validate commands from the phone or the cloud before completing the request via its remote attestation feature.

Thirdwayv’s AppAuth cloud infrastructure provides over-the-air certificate issuance to smartphone apps and IoT devices after verifying their integrity and authenticity. Furthermore, the cloud module enables lifecycle management of all components on the IoT network. AppAuth is available on both iOS and Android operating systems.

Safety- and mission-critical IoT applications are increasingly becoming targets for cybersecurity attacks, and the vulnerability of the smartphone is a growing concern. “IoT systems are especially at risk of attack through connectivity to their cloud services, smartphone apps, and other IoT devices,” said Steve Hoffenberg, director at industry analyst firm VDC Research.

“IoT device makers need to ensure that only currently trusted entities can communicate with their products by enforcing authentication and access privileges in all levels of communications.”

AppAuth software has already been licensed to lead customers and will be available for the general market in June 2019. Like Thirdwayv’s SecureConnectivity product, AppAuth is made available via a series of software development kits (SDKs) and application programming interfaces (APIs) for rapid incorporation by IoT development engineers.