1. Symantec/
  2. Products & Solutions/
  3. Internet of Things/
  4. Roots of Trust

How safe are Internet of Things devices?
White paper: Insecurity in the Internet of Things

What are IoT Roots of Trust?

Roots of Trust are the foundation of both Code Signing and SSL/TLS/DTLS encryption and authentication. In the context of the Internet of Things, computing devices are embedded into almost any type of "thing", such as automobiles, home security controls, and home automation monitors. While some of these embedded IoT devices have great computing power, many have significantly less computing power, and thus less cryptographic capabilities. IoT has a diverse mix of high- and low-power devices, so IoT Roots of Trust are roots that are optimized for the wide-range of Internet of Things devices.
White paper: Insecurity in the Internet of Things

Why Symantec

Symantec is expanding its leadership to the Internet of Things. As one of the most trusted providers of SSL certificate products, solutions, and services around the world, Symantec empowers businesses and consumers to transact online with confidence. We secure more than one million web servers worldwide with Symantec SSL, including over ninety percent of the largest companies in the world. The most recognized trust mark on the Internet is the Norton Secured Seal which displays continuously over a billion times per day on websites in over 170 countries. We are extending our same standards of protection and trust to the billions and trillions of devices that will soon be Internet-of-Things enabled.


Symantec has eight new roots of trust for authentication and code signing. Unlike existing roots, these roots of trust are optimized for Internet of Things devices and services. These roots broadly fall into two categories: authentication roots and code signing roots. The roots within each category differ by intended use and assurance level required.
Authentication Roots: There are four IoT roots of trust for authentication, each designed for different scenarios. These roots are intended to be embedded at the platform level, enabling applications built on the platform to recognize and trust each other. The certificates issued from these roots secure web service communications between IoT devices and services. They should not be used with mainstream web browsers.
Code Signing Roots: There are four IoT code signing roots of trust. Code signing roots sign code and other content at rest to verify its source and indicate its contents have not been altered. Device vendors should use these certificates to sign code and trusted root store updates.
Contact us to learn more about Symantec Roots for IoT
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube