Sibros’ Certificate Authority (CA) delivers secure, scalable, and resilient digital trust for every vehicle, device, and cloud service. Simple to adopt. Built on modern cryptography. Ready for global fleets.
MQTT(s) & HTTPS
🌍 Regional PKIs: US • EU • APAC
🗝️ Offline Root • KMS‑secured Intermediates
📈 Horizontally Scalable (60k+ KMS ops/min)
🧩 Integrations: IoT, IAM, OTA, Telemetry
Provisioning Flow
Device → Provisioner → Sibros PKI → Certificate Issued
ECC Keys
P‑256 / P‑384 / P‑521
ECDSA
SHA‑256 / 384 / 512
mTLS
Device & Service AuthN/AuthZ
Why PKI Matters for Mobility
Our Vehicle Security Operations Center operates as a 24/7 nerve center, enabling OEMs, fleet operators, and city mobility platforms to gain deep visibility into vehicle security telemetry and respond to incidents before they escalate.
Strong Identity
Verify authentic devices and vehicles across fleets and partners.
Secure OTA
Validate software & firmware with signature‑backed trust.
Protected Telemetry
End‑to‑end encryption for vehicle ↔ cloud communications.
Compliance Ready
Aligned with ISO 21434 and UNECE WP.29 expectations.
Sibros CA Architecture at a Glance
Global and Segregated
Three independent PKIs in the US, EU, and APAC. Isolated cloud accounts with whitelisted network access. Mutual TLS over HTTPS only.
Keys You Can Trust
Offline Root CA. Intermediates protected by Cloud KMS. Signing runs in an isolated enclave accessible only to provisioners.
Secure Issuance
Provisioner (Pandora) authenticates via mTLS. PKI issues a single‑use token per unique CN, signs the CSR, and returns the full chain.
Operational Guardrails
Validity never exceeds its issuing intermediate. Revocation & rotation supported at any time if compromise is suspected.
PKI in the Data Plane: MQTT(s) and HTTPS
Sibros provides and manages a certificate management system that issues certificates, usage policies, and configurations for use with an MQTT broker. Devices use MQTT(s) with mutual TLS to publish/subscribe securely. HTTPS is used for downloading binaries (firmware images), ensuring integrity and confidentiality end‑to‑end.
MQTT(s) Trust
- Per‑device client certificates for broker authN/authZ
- Policy‑based topic access and session handling
- Operational logging for certificate use and anomalies
- Policy‑based topic access and session handling
- Operational logging for certificate use and anomalies
Firmware over HTTPS
- TLS 1.2/1.3 for binary downloads
- Digest checks + signature verification at the vehicle
- Separation of telemetry (MQTT) and content delivery (HTTPS)
- Digest checks + signature verification at the vehicle
- Separation of telemetry (MQTT) and content delivery (HTTPS)
Optional In‑Vehicle PKI
For securing in‑vehicle communications between Sibros components, Sibros can optionally provide certificates and manage associated keys in partnership with customer‑provided hardware and software capabilities. This is particularly useful when a vehicle hosts multiple high‑performance compute units with networks of varying trust. This configuration is available on request.
Key Custody
Keys stored and used with customer HSM/TEE where available; Sibros integrates with your in‑vehicle security architecture.
Keys stored and used with customer HSM/TEE where available; Sibros integrates with your in‑vehicle security architecture.
Component mTLS
Certificates enable authenticated, encrypted comms among Sibros components over potentially insecure in‑vehicle networks.
Certificates enable authenticated, encrypted comms among Sibros components over potentially insecure in‑vehicle networks.
Policy Control
Usage policies and certificate lifecycles aligned to your partitioning, domains, and safety/security goals.
Usage policies and certificate lifecycles aligned to your partitioning, domains, and safety/security goals.
OTA Key Management (SOTA/FOTA)
Keys for Software‑Over‑The‑Air (SOTA) and Firmware‑Over‑The‑Air (FOTA) are handled securely across the vehicle, cloud, and CI/EOL systems as applicable. Multiple private–public key pairs are used: vehicles verify manifest authenticity and integrity and validate the authenticity and validity of update instructions. Ownership aligns with your program’s Uptane key‑ownership model.
Technical Specifications
Built on industry standards with support for modern cryptographic algorithms and seamless integration capabilities.
Supported Cryptographic Standards
RSA
2048–4096 bit
ECDSA
P-256, P-384, P-521
EdDSA
Ed25519, Ed448
Post-Quantum
CRYSTALS-Dilithium
AWS
Azure
Google Cloud
Kubernetes
Jenkins
GitLab
GitHub Actions
Azure DevOps
Prometheus
Grafana
Splunk
Datadog
Active Directory
OAuth 2.0
Key Integrations
CA and Validation
Root/Intermediate CA, CRL, OCSP with real‑time status checks.
Device and Vehicle Platforms
AWS IoT Core, EMQX, and telematics ecosystems.
Identity and Access
OAuth 2.0 / OIDC, JWTs, SOVD for secure authZ/authN.
Key Management
HSM integration; Cloud KMS (AWS, GCP) for key custody.
Data Security
TLS 1.2/1.3, MQTT over TLS, HTTPS, AES / RSA / ECC libraries.
OTA Updates
Signature‑based validation for firmware and software packages.
Monitoring
Operational logging with dashboards (Prometheus/Grafana).
Onboarding
Zero‑touch enrollment for devices and vehicles using PKI.
Why Sibros PKI
End‑to‑End Security
From secure onboarding to encrypted communications and trusted OTA.
Proven at Scale
Horizontally scalable architecture for global fleets.
Automotive‑Grade
Practices aligned with ISO 21434 and UNECE WP.29.
Easy to Adopt
Drop‑in integrations for IoT, IAM, OTA, and telemetry pipelines.
FAQs
Secure Every Vehicle with Sibros PKI
From identity to OTA, Sibros PKI gives OEMs the foundation for trusted, compliant connected mobility. Let’s tailor it to your program.
