Edge-to-Cloud Security


Octave provides end-to-end security that covers Octave edge devices, Octave's core infrastructure, and communications with external systems via Octave's Cloud REST APIs.

Key Security Features

Octave provides the following security features out of the box:

  • Zero-touch security provisioning:

    • Factory-loaded secret keys (secure storage)
    • SIM or integrated eSIM
    • SIM and hardware mutual pairing
  • Secure boot and Secure firmware upgrade

  • Zero touch use of LWM2M + DTLS 1.2 Edge-to-Cloud protocol

  • Automated and Unlimited Key Rotations Over the air for Edge-to-Cloud Authentication

  • Cellular Network Authentication and Ciphering (3GPP Sim)

  • Private APN (cellular Access Point Name; Octave Devices do not have internet access)

  • Cloud-to-cloud Connectors Using Device Keys (Azure)

High level security diagram

Securing Octave Edge Devices

There are a number of steps required to prepare Octave edge devices for secure deployment. This includes securing the physical interfaces, root account, access to extended AT commands, and other aspects.

Download and follow the guidelines in the AirPrime WP Series manual: Preparing Your Devices For Deployment to secure an Octave edge device.

Securing Cloud Access

User Permissions

Access to Octave is tightly controlled by Administrators who create and manage groups of users. These groups define what their members can access through a series of read/write settings which cover both the Octave Dashboard and Octave's Cloud REST APIs (discussed below).

For additional information see Managing User Groups and Permissions.

API Security

Octave's Cloud REST APIs allows you to programmatically invoke Octave's functionality. Octave provides API security by requiring each request header to include a master token and user name which are assigned to each user when the account is created.

You can find your master token and user name as described in Copying Your User Name and Master Token.