Internet of Medical Things

How important are Digital Certificates for eHealth and the Internet of Medical Things?

One of the primary challenges of the Internet of Medical Things (IoMT) is the disclosure of personal and private information. Medical devices have been and will continue to be attractive targets for hackers, and the consequences can be disastrous. To prevent unauthorized users from getting access to information systems, by using Public Key Infrastructure (PKI), the technology behind digital certificates, authentication through digital signatures has become an integral component of IoT.

PKI Authentication for Connected Medical Devices

PKI digital certificates can be used to identify devices across systems, authenticate them, and encrypt the data that flows through them. Using PKI, a unique signature can be created from the identity of the sender and the message, and later verified by the recipient. PKI enables the safe authentication of users, systems, and devices without the need for tokens, password policies, or other time-consuming factors. PKI enables identity assurance by using digital certificates to validate the identity and authenticity of the connected device. 

A strong PKI, with well-established policies and practises for certificate lifecycle management, is not vulnerable to common brute force or man-in-the-middle attacks aimed at sensitive medical data. Simultaneously, PKI encrypts sensitive information in transit, shielding it from malicious actors even in the event of a data breach or compromise.

PKI certificates also offer the highest levels of identity assurance, providing a measure of confidence that the entities at both ends of a data transaction or authentication event are who they claim to be. Effective identity verification is a fundamental element for effective security and connected device trust. PKI certificates provide evidence that the identity of organizations, domains, and devices was properly established because certificates cryptographically bind public keys to such identities.

Secure IoT Medical Devices

Healthcare organisations must have confidence in the trustworthiness and security of their ecosystems of connected IoT medical devices. This necessitates, among other things, authentication and data encryption for these devices. Digital certificates, depending on the system, can be used in these "Internet of Medical Things" applications for:

Data Integrity: Certificates can be used to ensure that data sent to and from a connected device is not intercepted and altered in transit.

Secure Device Boot: When a device is started, certificates are used to ensure that the configuration settings, software, firmware, or other components of the device have not been changed from the desired settings.

Firmware Authentication: When a firmware update is sent to a connected device, certificates can be used to ensure the update is signed by a trusted and/or pinned certificate and comes from a trusted source.

Software Code Signing: When a manufacturer installs software on a connected device, certificates can be used to sign the code, ensuring that it hasn't been tampered with.

Before digital certificates can be deployed on a medical device, the necessary infrastructure for certificate management must be in place. A certificate management platform that automates critical aspects of a certificate's lifecycle (provision, issue, renew, and revoke) enables manufacturers to focus on security without additional hassle or error. Platforms should be adaptable, dependable, and scalable for the IoT manufacturer.

IoT manufacturers will benefit from using a platform that allows them to: 

  •  Issue, renew, and revoke certificates 
  •  Create custom certificate profiles 
  •  Deploy a large volume of certificates 
  •  Scan and remediate TLS vulnerabilities
  •  Store and manage certificate keys in a secure manner.
eHealth u.Trust Chart


After installing a certificate management platform, a manufacturer can deploy certificates for authentication, encryption, and signing services.

Providing, Installing & Managing Trust Digital Identities to Protect Medical Devices in an eHealth Environment

The use of PKI-based device certificates ensures online trust, privacy and security in the world of connected devices and therefore, should be managed securely and centrally. Digital certificates increase trust by providing:

  • Strong device identity authentication
  • Encryption of confidential data and communications
  • Digital signing to ensure the integrity of data and systems

Digital certificates can be installed in a connected medical device at the manufacturing level before purchase, shipment and installation. Or, they can be installed on-site. Deployments models could be:

1. A customized solution to manage every part of the certificate lifecycle by using a service delivery platform,

2. Purchased directly from a certificate provider and managed manually. 

However, in their extremely diverse IT structures, many businesses are struggling to rapidly deploy, discover, revoke and replace digital certificates which are distributed across on-premise and cloud environments.

Ideally, all certificates and the certificate lifecycle management process should not be controlled manually. Administrators should use a Certificate Lifecycle Management (CLM) service to undertake continuous monitoring of their systems and digital certificates, as well as generate audits and maintain track of expirations and renewals to avoid service disruptions. 

PKI digital certificates play a central role in both traditional healthcare applications and IoT use cases for connected medical devices.


With increasing numbers of interconnecting medical IoT devices, certificate management efforts grow exponentially. Previously, issued certificates were valid for the duration of a device's lifecycle; however, increases in infrastructure complexity and risk have forced regulatory authorities to require more frequent renewals. Failure to meet renewal deadlines can expose devices to cyberthreats, disrupt service availability, and jeopardise business operations.

X.509 certificates have become an essential component of IoT security. Secure provisioning necessitates a wealth of experience, complex software development, and dependable production line tools and processes. Identify provides a secure, flexible and scalable end-to-end PKI Certificate Management System and provides a core interface for managing PKI and certificate lifecycle requirements. Please see our product page for further information.

To find more press releases related with below topics, click on one of the keywords:

¿En qué podemos ayudarle?

Hable con uno de nuestros especialistas y descubra cómo Utimaco puede ayudarle hoy mismo.
Ha seleccionado dos tipos diferentes de Download, por lo que necesita presentar formularios diferentes que puede seleccionar a través de las dos pestañas.

Su(s) solicitud(es) de Download:

    Al enviar el siguiente formulario, recibirá enlaces a las descargas seleccionadas.

    Su(s) solicitud(es) de Download:

      Para este tipo de documentos, es necesario verificar su dirección de correo electrónico. Recibirá los enlaces a las Download seleccionadas por correo electrónico después de enviar el siguiente formulario.

      Descargas de Utimaco

      Visite nuestra sección de descargas y seleccione recursos como folletos, fichas técnicas, libros blancos y mucho más. Puede ver y guardar casi todos ellos directamente (pulsando el botón de descarga).

      Para algunos documentos, es necesario verificar su dirección de correo electrónico. El botón contiene un icono de correo electrónico.

      Download via e-mail

      Al hacer clic en dicho botón se abre un formulario en línea que le rogamos rellene y envíe. Puede recopilar varias descargas de este tipo y recibir los enlaces por correo electrónico simplemente enviando un formulario para todas ellas. Su colección actual está vacía.