Data security

When you create a thing within AWS IoT Console, the associated SIM enables the Cinterion® PLS62‑W Wireless Module to register on a cellular network.

The Amazon Trust Service (ATS) uses the cellular network to securely deliver the following information to the Cinterion® PLS62‑W Wireless Module.

For identification purposes:

  • The unique AWSthing name
  • The Amazon Resource Name (ARN) that defines which AWS endpoint supports the thing

For security purposes:

  • A set of X.509 certificates
  • An encrypted private key – AWS and the Cinterion® PLS62‑W Wireless Module use key pairs for signing data

The certificates and private key are stored in a secure Java keystore. The end user cannot see or handle the security materials throughout their use.

When a thing is deleted in AWS, the data within the device keystore remains in the keystore. If you reuse the device with a new SIM and recreate it as a new thing within AWS, then any existing security information in the keystore is replaced by the new certificates and a new private key.

AWS security compliance

The Cinterion® PLS62‑W Wireless Module meets AWS security requirements:

  • Each connected device has a set of credentials to access the message broker or device shadow service
  • Device credentials are stored safely in order to send data securely to the message broker
  • All traffic to and from AWS IoT is encrypted over Transport Layer Security (TLS)

For more information, see the AWS documentation Security section, including:

Processing updates

Updates to the certificates and keys are handled in the same way as all security data. This enables you to apply a managed certificate rotation policy, as well as automatically protecting the device against changes in rootCA providers.