Understand device provisioning

Device provisioning overview

Device provisioning is fundamental to Guardian's security model. Device provisioning is the process where a medical device establishes its cryptographic identity. Think of it as giving your device a secure "passport" that proves who it is and allows it to communicate securely with other devices and systems.

Methods for device provisioning:

Guardian supports several device provisioning methods:

Device provisioning steps

  1. System setup: Create and configure your system with components in Guardian

  2. Library setup: Download Guardian Library for your platform

  3. Bootstrap preparation: Medcrypt creates your system's provisioning package

  4. Package download: Download the provisioning package for your system

  5. Identity generation: Device uses Guardian Library + provisioning package to generate Provisioning Request (PR). The device keeps the private key (.mcpi file), which never leaves the device.

  6. Request submission: Submit PR (.mcpr file) via connected or disconnected method:

    • Connected: Device automatically sends PR to Guardian Cloud, where it displays on the Devices page for approval/processing

    • Disconnected: Field technician extracts PR from device and manually uploads PR in the Provisioning page

  7. Request processing: PR appears in Guardian's Devices page for approval/processing

  8. Profile download: Download Certified Profile (CP) from Provisioning page

  9. Install profile & complete provisioning: Install CP via connected or disconnected method:

    • Connected: CP is automatically downloaded from Guardian and automatically installed on the device. Device is automatically marked as Provisioned in Guardian.

    • Disconnected: CP is manually downloaded from the Provisioning page and manually installed on the device. Click Complete provisioning to mark it as Provisioned in Guardian.

Key file definitions

  • Provisioning package: This contains the bootstrap configuration (key templates, infrastructure services information)

  • Guardian library: Reads the provisioning package configuration and uses it to:

    • Generate unique cryptographic keys on the device

    • Create a Provisioning Request (PR) that includes the device's public key + identity info

    • The PR is like a CSR but more comprehensive (includes additional metadata)

  • Provisioning request (PR): Similar to a Certificate Signing Request (CSR) but more comprehensive with additional data not found in typical CSRs

  • Certified profile (CP): Contains more than just certificates, including the Root of Trust (RoT) and other configuration data

Profile types

Guardian uses three types of profiles:

  • Provisioning package: Used for initial device provisioning into the Root of Trust (RoT), used only during manufacturing.

  • Device files: The result of the provisioning process, used to initialize Guardian and perform operations. These files are device-locked and may be used for reprovisioning or key rotation.

  • Mock device files: Test artifacts that can be provided for initial experimentation. They function like device files but are not device-locked and use pre-generated keys rather than device-generated keys.

Provisioning package overview

Your system's provisioning package (formerly called initial provisioning files) enables any device within your system to establish its cryptographic identity. One provisioning package from Medcrypt can bootstrap multiple devices, components, and system instances within your system. Each device uses the provisioning package to generate its unique identity, then the package should be removed from the device immediately for security.

Provisiong process steps:

  1. Identity creation: Device generates its unique cryptographic keys using the provisioning package

  2. Request submission: Device creates a Provisioning Request (PR) containing its identity information

  3. Certificate generation: Guardian Cloud processes the request and creates certificates

  4. Profile installation: Device receives and installs its Certified Profile (CP)

Why does provisioning matter?

  • Establishes trust between devices and systems

  • Enables secure communication channels

  • Meets FDA requirements for device authentication

  • Prevents unauthorized access to device functions

When does provisioning occur?

  • Initial provisioning: First-time setup during manufacturing using provisioning package

  • Reprovisioning: Updating keys/certificates during device lifecycle using device's unique files

Which provisioning approach is right for you?

  • Reliable internet connectivity?: Use connected provisioning.

  • No connectivity or have air-gapped systems?: Use disconnected provisioning.

  • Gateway or hub architecture?: Use proxy provisioning.

  • High-security manufacturing: Use disconnected provisioning.

  • Need fastest automated setup?: Use connected provisioning.

Connected provisioning

Best for: Devices with reliable internet connectivity

How it works:

  • Device automatically communicates with Guardian Cloud

  • Provisioning Request (PR) sent via secure TLS connection

  • Certified Profile (CP) automatically downloaded and installed

  • No manual intervention required

Advantages:

  • Fully automated process

  • Faster provisioning

  • Real-time status updates

  • Immediate error handling

Disconnected provisioning

Best for: Devices with no connectivity or restricted network access

How it works:

  • Device generates Provisioning Request (PR) locally

  • PR manually transferred to connected system (USB, etc.)

  • PR uploaded to Guardian Cloud via web interface or proxy device

  • Certified Profile (CP) downloaded and manually transferred back to device

Advantages:

  • Works in offline environments

  • Suitable for high-security manufacturing

  • Compatible with air-gapped systems

  • Flexible file transfer methods

Proxy provisioning

Best for: Systems where some devices connect through a gateway

How it works:

  • Gateway device acts as proxy for other devices

  • Non-connected devices create PRs locally

  • Gateway device uploads PRs and downloads CPs

  • Certificates distributed back to individual devices

FAQ

Can a provisioning request expire?

Yes, a provisioning request can expire once the key used to sign it expires.

Last updated

Was this helpful?