End-to-End Security

Nitrium provides a flexible, end-to-end security strategy that allows users to utilize the latest industry security features to provide the optimal level of security for every device.

Device Management System

  • Firmware updates are made via HTTP over SSL/TLS which guarantees strong authentication and encryption (certificate exchange / authenticity)
  • User authenticated login
  • Complete audit logs
  • Pre-shared key/signature: supplied by the manufacturer or generated by Nitrium
  • Password authentication: accept ID/password from device
  • Firmware signatures to verify origin and prevent corruption: public key


  • Device rollback
  • Password authentication: provide ID/password to Nitrium
  • Pre-shared key/signature shared by Nitrium
  • Firmware signatures: private key

Flexible Options

IoT devices are unique in their hardware, their operating system, their type of software, their level of assurance, and even their ability to support different security protocols.

Nitrium allows developers to choose the best security methods for their particular products:

  • None. Yes, no additional security. Devices that have extremely low capabilities or power — think beacons, lights, simple sensors — may not have the compute capability to decrypt data, or instantiate advanced protocols.
  • Pre-Shared key. Just like it sounds, NItrium can either accept the manufacturers key or create one on their behalf. This key would be shared with the end devices enabling them tocommunicate with this pre-approved key.
  • Password authentication. A username / device ID accompanied by a password would be accepted by Nitrium from the end devices.
  • Signature-based (Public/Private key pair). This method is similar to SSH, where a private and public key pair are generated. Data encrypted with the public key can only be decrypted with the private key, and data encrypted with the private key can only be decrypted with the public key. The Nitrium portal will hold the public key for each of the end devices, but never have access to the private key.