Over-the-air Provisioning/Renewal of Identity Credentials & Other Sensitive Data

OTA Provisioning System Security Rapid Integration

Our OPUS (Online Personalization & Update System) is a lifecycle management solution for device identities, credentials, and other sensitive data. It can remotely and securely provision new/updated sensitive data to deployed devices and software application instances.

  • Cost-effective over-the-air provisioning of security credentials, for both devices and software applications
  • Already approved by major DRM providers and in production use by 10+ large service providers
  • Rapid integration cycle enabling fast time to market
  • Flexible client authorization with customer control

Over-the-Air Provisioning & Renewal of Security-Critical Data

OPUS is an over-the-air provisioning solution for security credentials of any type. It can accommodate standard and proprietary secure data formats used by a variety of technologies, including IETF protocols, DRM, and conditional access systems. This capability has been used to support Netflix, Widevine, and DTCP clients as well as for issuing and renewing X.509 certificates.

Except for the over-the-air aspect, OPUS is in many ways similar to our device provisioning solution for factories and service facilities. The backend components of both solutions are hosted in the same secure facilities, employ similar security controls, and are backed up by the same 24×7×365 monitoring and support.

OPUS Diagram
Click to enlarge

Robust System Security

In OPUS, security credentials being provisioned to devices and software applications are protected by hardware security via HSMs (hardware security modules).

OPUS can secure important individualized device/client datasets obtained from third-party licensors. This frees our customers from having to sign additional licensing agreements when we handle those licensed identity credentials.

OPUS features anti-cloning measures, which ensure that a set of credentials will be installed on a single device/client, protecting against malicious attacks and human errors. Such protection can be very important for complying with licensing agreements, revenue protection, and auditing purposes.

Flexible Client Authorization Control

OPUS provides flexible support for customer-directed authorization for credential download, based on identifier, model, authorization from back office, etc.

Rapid Integration, Fast Time to Market

Time-to-market advantage is made possible through easy-to-use client SDKs to enable devices and software applications to use already-approved OPUS's provisioning capabilities with minimal integration efforts. OPUS SDKs are currently available on Linux, iOS, and Android platforms and can be ported into additional environments as needed.

To learn more about our secure over-the-air credentials provisioning solutions, please see the technical paper we presented at SCTE Cable-Tec Expo 2020.