With a vast portfolio of smart locks, lock management systems, and connected readers, ensuring strong authentication, data integrity, and compliance with global regulations is essential.
To meet these challenges, ASSA ABLOY is leveraging the long-time IoT expertise of HID to implement HID PKI-as-a-Service. This strategic deployment is not just about protecting millions of connected devices but also about future-proofing ASSA ABLOY’s security infrastructure for years to come.
Cryptographic assurance: Securing every lock, inside and out
ASSA ABLOY boosts trust in its devices, preventing unauthorised clones or counterfeit products
A crucial aspect of this solution provides Genuine ASSA ABLOY products — an assurance that every smart lock, reader, and system within the network is verified as an authentic and authorised product.
By leveraging PKI-based identity verification, ASSA ABLOY strengthens trust in its devices, preventing unauthorised clones or counterfeit products from entering the ecosystem.
For example, the inside of a lock can only pair with a matching outside component from ASSA ABLOY, ensuring the integrity and security of the entire system. This level of cryptographic trust not only enhances device security but also strengthens protection against counterfeit components or unauthorised modifications.
Meeting stringent security and compliance needs
As the industry faces increasing regulatory pressure, including the EU Cybersecurity Act and the upcoming Cyber Resilience Act, ASSA ABLOY needed a scalable, automated solution to manage over a million certificates annually.
HID’s expertise in certificate management provides enhanced security, reduced complexity
HID PKI-as-a-Service enables seamless device authentication, automated provisioning, and hierarchical key management, ensuring compliance with evolving security standards.
An essential part of the solution is the offline Root Certificate Authority (CA), which serves as the foundation for secure operations. HID’s expertise in certificate management provides enhanced security, reduced complexity, and operational efficiency across ASSA ABLOY’s global IoT ecosystem.
Driving innovation and efficiency
By integrating automated bootstrapping and customised attestation certificates, the implementation has significantly improved operational efficiency while minimising manual effort. This allows devices, including those operating offline, to maintain secure provisioning and updates without requiring constant connectivity.
Additionally, the system is future-ready, designed to support emerging IoT protocols such as Thread, CoAP, EDHOC, and OSCORE, ensuring adaptability as the industry evolves.
Collaborative success
The success of this deployment is rooted in a strong alliance between ASSA ABLOY and HID
The success of this deployment is rooted in strong collaboration between ASSA ABLOY and HID. A dedicated steering group ensured alignment on global PKI policies and security objectives, leading to a smooth rollout with minimal disruption.
“The implementation of HID PKI-as-a-Service wasn’t just about meeting current security requirements, it was about future-proofing our IoT ecosystem for security and scalability,” says Anders Calbom, VP & Head of Technology Solutions, ASSA ABLOY.
Major milestone in IoT security
Anders Calbom added: “With the ability to manage over a million certificates annually, we’re now positioned to scale our security infrastructure alongside our business growth.”
This initiative marks a major milestone in IoT security, compliance, and operational efficiency. As ASSA ABLOY continues to innovate and expand, HID PKI-as-a-Service provides the secure foundation needed to drive future growth and digital transformation.
