Axis M5000 - Cybersecurity

To Next Page

To Previous Page

AXISM5000PTZCamera

Learnmore

Cybersecurity

AxisEdgeVault

AxisEdgeVaultprovidesahardware-basedcybersecurityplatformthatsafeguardstheAxisdevice.Itoffersfeaturestoguaranteethe

device’sidentityandintegrityandtoprotectyoursensitiveinformationfromunauthorizedaccess.Itbuildsonastrongfoundationof

cryptographiccomputingmodules(secureelementandTPM)andSoCsecurity(TEEandsecureboot),combinedwithexpertisein

edgedevicesecurity.

Signedrmware

Signedrmwareisimplementedbythesoftwarevendorsigningthermwareimagewithaprivatekey.Whenarmwarehasthis

signatureattachedtoit,adevicewillvalidatethermwarebeforeacceptingtoinstallit.Ifthedevicedetectsthatthermware

integrityiscompromised,thermwareupgradewillberejected.

Secureboot

Securebootisabootprocessthatconsistsofanunbrokenchainofcryptographicallyvalidatedsoftware,startinginimmutable

memory(bootROM).Beingbasedontheuseofsignedrmware,securebootensuresthatadevicecanbootonlywithauthorized

rmware.

Securekeystore

Atamper-protectedenvironmentfortheprotectionofprivatekeysandsecureexecutionofcryptographicoperations.Itprevents

unauthorizedaccessandmaliciousextractionintheeventofasecuritybreach.Dependingonsecurityrequirements,anAxisdevice

canhaveeitheroneormultiplehardware-basedcryptographiccomputingmodules,whichprovideahardware-protectedsecure

keystore.Dependingonsecurityrequirements,anAxisdevicecanhaveeitheroneormultiplehardware-basedcryptographic

computingmodules,likeaTPM2.0(TrustedPlatformModule)orasecureelement,and/oraTEE(TrustedExecutionEnvironment),

whichprovideahardware-protectedsecurekeystore.Furthermore,selectedAxisproductsfeatureaFIPS140-2Level2-certied

securekeystore.

AxisdeviceID

Beingabletoverifytheoriginofthedeviceiskeytoestablishingtrustinthedeviceidentity.Duringproduction,deviceswith

AxisEdgeVaultareassignedaunique,factory-provisioned,andIEEE802.1AR-compliantAxisdeviceIDcerticate.Thisworks

likeapassporttoprovetheoriginofthedevice.ThedeviceIDissecurelyandpermanentlystoredinthesecurekeystoreasa

certicatesignedbyAxisrootcerticate.ThedeviceIDcanbeleveragedbythecustomer’sITinfrastructureforautomatedsecure

deviceonboardingandsecuredeviceidentication

Signedvideo

Signedvideoensuresthatvideoevidencecanbeveriedasuntamperedwithoutprovingthechainofcustodyofthevideole.Each

camerausesitsuniquevideosigningkey,whichissecurelystoredinthesecurekeystore,toaddasignatureintothevideostream.

Whenthevideoisplayed,theleplayershowswhetherthevideoisintact.Signedvideomakesitpossibletotracethevideobackto

thecameraoriginandveriesthatthevideohasnotbeentamperedwithafteritleftthecamera.

Encryptedlesystem

Thesecurekeystorepreventsthemaliciousexltrationofinformationandpreventscongurationtamperingbyenforcingstrong

encryptionuponthelesystem.Thisensuresnodatastoredinthelesystemcanbeextractedortamperedwithwhenthedeviceis

notinuse,unauthenticatedaccesstothedeviceisachievedand/ortheAxisdeviceisstolen.Duringthesecurebootprocess,the

read-writelesystemisdecryptedandcanbemountedandusedbytheAxisdevice.

TolearnmoreaboutAxisEdgeVaultandcybersecurityfeaturesinAxisdevices,gotoaxis.com/learning/white-papersandsearchfor

cybersecurity.

Related product manuals