Understand device provisioning
Regardless of which provisioning method you choose, follow our Security best practices for proper file handling and device security.
Device provisioning overview
Device provisioning is fundamental to Guardian's security model. Device provisioning is the process where a medical device establishes its cryptographic identity. Think of it as giving your device a secure "passport" that proves who it is and allows it to communicate securely with other devices and systems.
Methods for device provisioning:
Guardian supports several device provisioning methods:
Device provisioning steps
System setup: Create and configure your system with components in Guardian
Library setup: Download Guardian Library for your platform
Bootstrap preparation: Medcrypt creates your system's provisioning package
Package download: Download the provisioning package for your system
Identity generation: Device uses Guardian Library + provisioning package to generate Provisioning Request (PR). The device keeps the private key (.mcpi file), which never leaves the device.
Request submission: Submit PR (.mcpr file) via connected or disconnected method:
Connected: Device automatically sends PR to Guardian Cloud, where it displays on the Devices page for approval/processing
Disconnected: Field technician extracts PR from device and manually uploads PR in the Provisioning page
Request processing: PR appears in Guardian's Devices page for approval/processing
Profile download: Download Certified Profile (CP) from Provisioning page
Install profile & complete provisioning: Install CP via connected or disconnected method:
Connected: CP is automatically downloaded from Guardian and automatically installed on the device. Device is automatically marked as Provisioned in Guardian.
Disconnected: CP is manually downloaded from the Provisioning page and manually installed on the device. Click Complete provisioning to mark it as Provisioned in Guardian.
Key file definitions
Provisioning package: This contains the bootstrap configuration (key templates, infrastructure services information)
Guardian library: Reads the provisioning package configuration and uses it to:
Generate unique cryptographic keys on the device
Create a Provisioning Request (PR) that includes the device's public key + identity info
The PR is like a CSR but more comprehensive (includes additional metadata)
Provisioning request (PR): Similar to a Certificate Signing Request (CSR) but more comprehensive with additional data not found in typical CSRs
Certified profile (CP): Contains more than just certificates, including the Root of Trust (RoT) and other configuration data
Profile types
Guardian uses three types of profiles:
Provisioning package: Used for initial device provisioning into the Root of Trust (RoT), used only during manufacturing.
Device files: The result of the provisioning process, used to initialize Guardian and perform operations. These files are device-locked and may be used for reprovisioning or key rotation.
Mock device files: Test artifacts that can be provided for initial experimentation. They function like device files but are not device-locked and use pre-generated keys rather than device-generated keys.
Provisioning package overview
Your system's provisioning package (formerly called initial provisioning files) enables any device within your system to establish its cryptographic identity. One provisioning package from Medcrypt can bootstrap multiple devices, components, and system instances within your system. Each device uses the provisioning package to generate its unique identity, then the package should be removed from the device immediately for security.
Provisiong process steps:
Identity creation: Device generates its unique cryptographic keys using the provisioning package
Request submission: Device creates a Provisioning Request (PR) containing its identity information
Certificate generation: Guardian Cloud processes the request and creates certificates
Profile installation: Device receives and installs its Certified Profile (CP)
Why does provisioning matter?
Establishes trust between devices and systems
Enables secure communication channels
Meets FDA requirements for device authentication
Prevents unauthorized access to device functions
When does provisioning occur?
Initial provisioning: First-time setup during manufacturing using provisioning package
Reprovisioning: Updating keys/certificates during device lifecycle using device's unique files
Which provisioning approach is right for you?
Reliable internet connectivity?: Use connected provisioning.
No connectivity or have air-gapped systems?: Use disconnected provisioning.
Gateway or hub architecture?: Use proxy provisioning.
High-security manufacturing: Use disconnected provisioning.
Need fastest automated setup?: Use connected provisioning.
FAQ
Can a provisioning request expire?
Yes, a provisioning request can expire once the key used to sign it expires.
Last updated
Was this helpful?