1.©2020 Eseye Limited

Seamless and Secure Data Provision to AWS IoT CoreEseye AnyNet Cellular Connectivity for AWS IoT

3.2. ©2020 Eseye Limited

The Internet of Things (IoT) has unlocked the potential for organisations to gather up-to-the-minute customer and market intelligence. Yet, while a torrent of new IoT ideas create great opportunities they also introduce fresh IT deployment challenges. Establishing an IoT infrastructure, designing and deploying devices connecting them to the internet, gathering and analysing a steady stream of rich data can be challenging, costly and time consuming. In response, Eseye created the AnyNet for AWS Solution. It enables enterprises to harness the power of Eseye’s AnyNet Cellular Connectivity and seamlessly provision the data from their devices to AWS IoT Core. This enables fast, simple and secure IoT deployment on a global scale.

Enterprises deploying IoT face a number of logistical and technical challenges that must be negotiated in order for the project to be deemed a success. It is these barriers that have so far limited the mainstream adoption of IoT. They include 3 key challenges:

Consistent reliable global device connectivity

Thedifficultiesinmanagingtheirdevicesandensuringtheycan provision data to the chosen cloud provider

Ensuring the security of their devices and their data

AWS IoT Core and its suite of cloud applications provides a powerful and simple way to manage your IoT devices. Eseye’s connection to AWS IoT Core securely delivers seamless provisioning,simplifiedmanagement,andubiquitousglobalcellularconnectivityforyourIoTdevicesthroughtheAWSIoTmanagedcloudservice.Eseyeuseauniqueapproachtoavoid the typical security concerns found in deploying, connecting and managing your IoT devices.It alsosignificantlysimplifiesandautomatestheimplementationofsecurityandidentitycertificatesfornewdevicesconnectingtothenetwork.

Introduction

The Challenges in IoT Device Deployment

How Eseye AnyNet Cellular Connectivity for AWS Addresses these Challenges

2.

UNIFIED BILLING

1 SIM1 SKU

100% CONNECTIVITY

YOURDEVICE

ZERO TOUCH SECURITY CERTIFICATES

SENT OTA TO YOUR DEVICE

WE AUTOMATICALLY PROVISION THE DEVICE

ONTO THE AWS IoT CORE

ESEYE ANYNET INTELLIGENT SIM

YOUR AWS ACCOUNT

SINGLE PANE OF GLASS MANAGEMENT

SINGLE SUPPORT INTERFACE

5.4. ©2020 Eseye Limited

Eseye’suniqueintelligentAnyNettechnologyhasmultipleprofilesorIMSI’sthatcanbeupdatedover the air – or localised to the relevant mobile network. This proactively managed connectivity can help enterprises achieve near 100% global uptime.

Enabling this connectivity directly into your AWS Account meansyoucanbuyyourSIM,globalconnectivity,andmanageyour whole IoT estate through your AWS account. Likewise, you only get one bill linked to account activity and so all your invoicing is in one place. Linking seamlessly to AWS IoT Device Manageryoucanveryquickly,easilyandsecurelyonboard,organise, remotely manage, and monitor your IoT devices at scalethroughouttheirlifecycle,reducingtheeffortandcosttypically associated with extensive IoT deployments. Device information can be regularly updatedandconfiguredindevicesdeployedacrossmultiplelocations.ThisincludesupdatingdevicesoftwareandfirmwaresecurelyOver-the-Air(OTA),whichhelpstocontrolyour maintenance costs.

For more information

on how Eseye’s

intelligent Connectivity

Management Platform

and IoT hardware

optimisation expertise

can provide near

100% global

connectivity visit

eseye.com/solutions

SimplylogintoyourAWSaccountareatocreatea‘Thing’andentertheEseyeAnyNetSIMID.

Oncethe‘Thing’iscreatedtheSIMisautomaticallyactivatedandyourprovisioning is triggered.

At this point creating a ‘Thing Shadow’ also establishes a digital copy of your device that will provide a digital store of information and powerful analytics about your device

Tosetupadeviceyoudon’tneedtonegotiateaservicewithMobileNetworkOperators(MNOs)becauseallcontractsandpaymentsarehandled through your AWS account.

The deployment of security and identity information and Amazon SSL/TLS certificatessimilarlytakesplaceautomatically,enablingzerotouchprovisioning.

How it Works

Your AWS account

Thing Shadow

Aws IoT CoreAPPLICATION

MO

DEM

Device or ‘Thing’

SIM + MODEM + APPLICATION

MICROPROCESSOR

InternetMobile Network

3G / LTE

APN APPLICATION DATA PATH

(MQTTS)

ESEYE BILLING

S E C U R I T Y + I D E N T I T Y O T A

Eseye AnyNet SIM installed in

customer device

1

Benefits

Single global

device SKU

2

Devices connect to the best local

network on power up

Benefits

One SIM for all global

connectivity & zero touch

provisioning

3

Benefits

Out of the box cloud

enablement

Automatic connectivity &

registration into AWS IoT

5

Eseye switches the IMSI OTA based on service provision

availability

Benefits

99.75% connectivity

enabled by 700+ MNO networks

6

Devices are fully manged within AWS enabling

rules based policy

Benefits

Single pane of glass

management & billing within

AWS

4

Auto AWS security certificate creation and storage in the

device

Benefits

AWS certified Secure devices

certificate

More rapid delivery of business

outcomes for IoT

7

Benefits

Customer focus on business value not IT

AWS IoT DEVICE MANAGEMENT

SIMPLIFIED IOT FROM DEVICE TO CLOUD IN 7 STEPS

Eseye AnyNet SIM installed in

customer device

7.6. ©2020 Eseye Limited

Security is a key concern for many organisations deploying IoT. Creating and deploying yourrootcertificate,privatekeyandaserverpublickeyinformationcanraiseanumberof security challenges, such as: Eseyemanufacturemarketleadingmulti-IMSIandintelligentSIMcards(AnyNetCellular

Connectivity),toGSMAeUICCspecifications,andeachhasauniquesecuritykey,identicaltothoseusedforthemanagementoftheGSMnetwork.ThisgivesEseyeuniqueanddirectaccesstoreprogramtheSIMcardsandsetconnectivitypreferences.Whenthedevice connects to a network, security and identity creation automatically takes place.

Bydefault,AWSCertificateManager(ACM)isusedtogeneratesecuritymaterialandis designed to simplify and automate many of the tasks traditionally associated with managementofSSL/TLScertificates.ACMtakescareofthecomplexitysurroundingtheprovisioning,deployment,andrenewalofdigitalcertificates.CertificatesprovidedbyACMareverifiedbyAmazon’sCertificateAuthority(CA),AmazonTrustServices(ATS).

SSL/TLScertificatesprovisionedthroughAWSCertificateManagerareautomaticallysentOTAandusingGSMAsecuritystandards.Deliveredoverthesignallingchannels,itisthenwrittenintopersistentfilestorageintheSIM.ProgrammingmessagesandupdatescanbesentdirectlytothedeviceandthefilesareprotectedusinguniqueperSIMKeys.Thestorage as well as distribution processes for these keys is also mandated to ensure the integrityoftheGSMnetwork.Also,duringtheprovisioning,theAmazonResourceName(ARN)isdeployed.Thisallowstheexactsamedevicetobedeployedindifferentregionsandstilloptimizetrafficflowwhilealsocomplyingwithanylocalizeddatacollectionrestraints(i.e.GDPR).Eseye’sconnectiontoAWSIoTCorealsoenablesyoutobenefitfromtheEseyeIntelligentNetworkSwitchingplatformthatenablesautomaticnetworkswitching to provide near 100% connectivity worldwide.

TheEseyeAPNisacustom-builtgatewaythatsitsbetweenthecellularnetworkandtheinternet.Itprovidesauthenticationoftheconnections,allocatingIPaddressesand

Enhanced IoT Security: Eseye AnyNet Cellular Connectivity, Eseye APN Gateway and AWS IoT

Typical Security and Identity Management Challenges

Potential security breaches due to key security material being consolidated in a single spreadsheet

Errors occur when programming information line by line from a spreadsheet

Security information could be lost or stolen if emailing it to your manufacturer

Bootstrapping security information, but not if the original information is compromised

Downloading security material onsite through a USB is costly and creates endpoint security issues

9.8. ©2020 Eseye Limited

routesthedatafromthedevicetothecloud.OurAPN’shavebuilt-inmanagementand monitoring capability to ensure all connections get the best possible service. This capability can reveal a rich seam of information about your data sessions, as well as device activity and network usage. We can use this information, to provide enriched device information. For example, we could send its approximate location into the Thing Shadow(Adevice’sshadowisaJSONdocumentthatisusedtostoreandretrievecurrentstate information for a device. The Device Shadow service maintains a shadow for each deviceyouconnecttoAWSIoT)whichcouldthenprovideusefulinsights,suchasthespreadofyourIoTestate.AndallwithoutthepowerandcostrequiredifyouweretodesignaGPSreceiverintoyourdevice.

Eseye supports metadata to other AWS IoT Core applications and services that are criticalforanalysingandmanagingtheperformanceandsecurityofyourdevice.UsinginformationgatheredfromourAPNswecanstoremanageandfeeddataintosomeofthe AI engines, such as Sagemaker, which you can use to create models that can help

you to identify anomalies in behaviour. So, if you have a large estate of devices, you can look for devices which don’t match the normal pattern of behaviour, or identify where the pattern of behaviour has changed over time.

Eseye’s connection to the IoT Core also empowers AWS IoT Device Defender which is a fully managed service that helps you secure your IoT devices. It lets you continuously monitor security metrics from devices and AWS IoT Core, which is an important feature enablingyoutoidentifydeviationsonyourdefineddatausageforeachdevice.Ifsomething doesn’t look right, AWS IoT Device Defender sends out an alert so you can take action to remediate the issue.

Asanexample,trafficspikesinoutboundtrafficmightindicatethatadeviceisparticipatinginaDDoSattack.Eseye’suniqueAPNenablesustoextractinformationincludingtrafficvolumes,IPaddressesandportsinuse,andpushtheinformationto AWSIoTDevicedefenderinrealtime.Meaningyoucannotonlytrackandidentifyanomalies in how much data is being used – but also where that data is being sent. This is important for mitigating advanced security threats where an attacker may mimic device behaviour to hide their intrusion.

Your AWS account

Aws IoT Analytics

Aws IoT Device Defender

Aws IoT Device Manager

APPLICATION

MO

DEM

Device or ‘Thing’

SIM + MODEM + APPLICATION

MICROPROCESSOR

InternetMobile Network

3G / LTE

APN

CONNECTION METRICS: USASE / LOCATION ETC

APPLICATION DATA PATH

(MQTTS)

ESEYE BILLING

Thing Shadow

Aws IoT Core

S E C U R I T Y + I D E N T I T Y O T A

THE BENEFITS OF COMBINING ESEYE AND AWS DEVICE DEFENDER. With Eseye connectivity, you benefit from the data flowing through our private APN.

The Cellular network is connected into Eseye’s Global, private APN

Our APN increases visibility of device behaviour, countering advanced

security threats

Reduced data costs for monitoring by 80%

11.10. ©2020 Eseye Limited

As organisations race to connect ‘things’, Eseye’s connection to the IoT Core allows you to securely and automatically activate and manage devices over cellular connections into the AWSIoTmanagedcloudservice,offeringzerotouchprovisioningandmaximumsecurity.And gives you a single pane of glass view of your global management and billing through your AWS account.

Atthesametime,EseyeintelligentConnectivityManagementPlatformoffersnear100%connectivityworldwideandfacilitatesthecreationofasingleglobaldeviceSKU.Thisremovestherequirementforcomplexprocurement,IoTdesignanddevicesetupprocesses, but likewise with ongoing management and maintenance. It also removes theneedformultiplecontracts,complexSIMmanagementandrelyingonsupportfrommultiple suppliers.

Ultimately,withIoTsecurityatthetopoftheagendaforallorganisations,Eseye’spowerfulconnectiontoIoTCoresignificantlyreducestheriskofsecurityfailure;byactivatingandsharingsecurityandidentityinformationOTA,automatically,atthepointof‘thing’ deployment anywhere in the world.

Eseye-enabledIoTmeansyoucanfocusonyourbusinessoutcomes;creatingcompetitiveadvantage, reducing operational costs and reducing business risk.

Simplifying large scale IoT deployments

SUMMARY:

10.

AnyNet IRIS® from Eseye enables you to easily and securely deploy required Identity and Access Management (IAM) roles and policies to selected AWS regions for the AnyNet Cellular Connectivity integration with AWS Marketplace. AnyNet IRIS brings a new range of features to AWS customers that are accessed directly from their AWS Marketplace account, including a vastly simplified device registration process, enhanced visibility of IoT device estate performance and customer update notifications.

Streamlines the set up and configuration in AWS IoT of devices installed with Eseye’s AnyNet Cellular Connectivity solution

Preview of the Cloud Foundation Stack to highlight any potential anomalies and security risks in the code

Quick and easy selection and management of AWS IoT Regions, including setup confirmation

Event log provides access to AWS thing activation status

Automatic feed of device metrics into AWS IoT Device Defender to improve security monitoring

Access to an audit log of actions against each AnyNet connected device enhancing customer visibility of device behaviour

Notifications and alerts to ensure customers stay updated of critical actions

Streamline the set up and configuration of your AWS IoT Account – AnyNet IRIS®

12. ©2020 Eseye Limited

+1 512 813 0599+44 1483 802501

@eseyem2m Eseye eseyeM2M

FOR MORE INFORMATION PLEASE CONTACT

CONTACT US