Actalis (Aruba Group) and Alleantia partner

'Trusted IoT' is born, the first solution for legally compliant identification and certification of data in the IoT industry.

  • Wednesday, 25th October 2023 Posted 1 year ago in by Phil Alsop

The adoption of advanced technologies such as IoT, AI, cloud and analytics is not enough to ensure their full potential is unlocked. These technologies rely on the effective availability of real-time data that is identified, certified and unalterable, even when it comes from external sources, i.e. supply chain and partners, to derive their full potential.

The long-term digital preservation of this data must be guaranteed, for an 'indefinitely long time', without any possibility of alteration and tampering, even by the same party storing it.

To meet this need, Actalis - the first European Certification Authority for SSL, part of the Aruba group, qualified according to the eIDAS regulation for the provision of certified services and recognised worldwide for the issuing of SSL server certificates - has collaborated with Alleantia, a leader with well-established international experience in plug&play IoT integration of industrial systems and processes to improve productivity, quality and safety.

The two Italian companies announce the Trusted IoT (T-IoT) project, the first enterprise-grade solution for legally compliant identification and certification of certified data in the industrial IoT. The project is compliant with national and international regulations, which transfers the same levels of security, non-repudiation and non-alterability to information generated by industrial systems already in use today, in the exchange of digitally signed relevant documents and time stamps.

The T-IoT solution is delivered in SaaS mode, with no upfront infrastructure costs for those sending or receiving certified IoT data. Alleantia's IoT gateway can be extended with the ‘trust function’, which allows the data owner to distribute information generated by its industrial systems to an application only after it has been 'notarised'. This notarisation takes place at no additional cost for the recipient by attaching a unique digital signature and time stamp to the data. The recipient will be able to process this IoT data without having to make significant changes to existing applications, while retaining the ability to verify the origin of the data and the precise date it was created. This verification will be possible irrespective of latency and data transfer times to the recipient.

In addition, the data can be automatically stored on Aruba's servers using the 'regulation-compliant digital storage' solution. This will guarantee long-term access and prevent unauthorised modification of the data.

"We are happy to be able to expand our offer with trust services dedicated to the IoT industry. Entering this sector, thanks to the integration with the Alleantia platform, represents a fundamental step for us to demonstrate that trust services are so flexible that they can also be used in complex contexts such as those of Industry 4.0. The Trusted IoT solution verifies the identity of both the sender (data owner) and the receiver (data user) when they exchange data, ensuring that the data cannot be altered or tampered with. It also certifies the dates of creation, transmission, and reception (timestamp) of the data. If necessary, the solution can also store the data in a secure cloud using security elements that have legal value and fully comply with European regulations." commented Giorgio Girelli, General Manager of Actalis.

"The collaboration with Actalis was essential to create a solution that has the ability to share, manage and process data in a secure, authenticated and certified way between different organisations, devices and applications," commented Stefano Linari, CEO of Alleantia. "Trusted IoT allows for a more effective implementation of interoperability between different data spaces, which are federated software infrastructures that are becoming established in international markets. It also helps to strengthen the implementation of

policies around the use of shared data, while ensuring that data sovereignty and contractual access and usage rules are maintained."