TosciTosci
Back to products
PKI · Public Key Infrastructure + OTA · Over-The-Air

PKI + OTA

PKI (Public Key Infrastructure) + OTA (Over-The-Air) — secure identity and updates

Security stages and countermeasures

StageMechanism
Authentication
Mutual authentication (device certificate + cloud CA)
Transport
TLS-encrypted / VPN channel
Content
Signed update packages with hash verification
Execution
Install-time verification inside a Trusted Execution Environment (TEE)
Data
Encrypted OTA log storage, privacy-compliant upload

PKI system

  • Encrypt and authenticate embodied agents, networks and data.

  • Secure identity management and communication across all AI systems.

  • A foundational component for data privacy and integrity.

Secure OTA updates

  • Remote firmware updates, security patches, vulnerability fixes and performance tuning for embodied agents.

  • OTA server certificate issuance, mobile-client initialization, certificate renewal, mobile-to-OTA authentication, and OTA package authentication.

  • Encryption and signature verification — PKI signing and symmetric encryption guarantee update-package integrity and origin.

PKI cloud · pipe · edge architecture

Cloud

Key and certificate issuance center

Server HSMs

Server HSMServer HSM

PKI / CA system

Root CAIntermediate CA

KMS key-management

Key generation / key operationsKey sync / management

Pipe

Platform services, crypto modules and capability matrix

TSP · VSOC platforms

OTA serviceMobile-shield serverSSL VPN

Crypto modules

Signing serverDatabase encryption moduleFile-storage encryption module

Storage

Database / data storeDatabase / file directory

Capabilities

Certificate enrollmentKey-lifecycle managementSecure key distributionDigital signing / verificationDatabase encryption / decryptionFile encryption / decryptionCryptographic authentication / secure transport

Edge

Secure onboarding for endpoint devices

Endpoint carriers

Intelligent controllerSecure gatewayIVITelematics moduleThird-party platforms

OTA authentication chain

Cloud platforms

TSP platformVSOC platformOTA service

Server HSMs

Server HSMSigning server

PKI servers

Root CAIntermediate CAKMS key-management
PKI-signed + symmetrically encrypted delivery to endpoint devices.

Endpoint carriers

Smart vehicles
Robots
Aircraft
Embodied agents