IoT SAFE solution

Securing identities and data communication for IoT devices


Whether in homes, offices, cities, or industrial sites, the number of M2M and IoT devices continues to grow; and is giving us more control over our environment and what we do. These devices are constantly collecting, processing, and sending data (often sensitive or personal information) to the cloud. But is it secure? Taking this question seriously, the GSMA introduced the IoT SAFE standard to define IoT security guidelines in order to prevent potential security breaches by hackers who might remotely target an IT system, a network connection, or a single device.

Using the GSMA specifications as a standard base, IDEMIA’s IoT SAFE solution provides enhanced security to the M2M and IoT world; ensuring device identity and data integrity can be trusted across the ecosystem. In addition to GSMA standard guidelines, this scalable solution includes a device-agnostic security layer in order to ensure that the identity, authentication, and data communication from the client application on the device to the client server (i.e. in the cloud) is always secure. It is compatible across a wide range of secure element platforms including SIM, embedded SIM (eSIM) and integrated SIM (iSIM).

This technology allows the provisioning and use of security credentials (or IoT keys) that are inside the secure element (or “Root of Trust”) within the IoT device to establish a secure communication channel. Thanks to the authentication between the device and the cloud, the data exchanged is protected against interception or tampering. The server cannot be fooled by a cloned device or a hacker trying to impersonate the server to gain access or control.

Only authorized client servers have access to IoT applications; and access to data of an IoT device is only accessible by a recognized server. In addition, the implementation of an IoT SAFE applet within a secure element helps the M2M and IoT community avoid fragmented solutions for their IoT security needs.

Ask for a quote

  • High security

    IDEMIA’s IoT SAFE solution leverages the SIM as “Root of Trust” to load and manage the IoT keys used to authenticate a device.

  • Data transfer protection

    IoT SAFE prevents data transfer breaches and cyber-attacks using advanced encryption/decryption protecting the confidentiality of the data being exchanged, and ensuring the trusted execution of commands.

  • Remote management

    This solution allows remote provisioning of IoT keys directly to the most secure place in a device. It ensures that the transfer of information from a SIM, eSIM or other secure elements between IoT devices and cloud cannot be intercepted and modified.

By combining IDEMIA’s Mobile Network SIMs and OTA platform with Kudelski IoT keySTREAM into a solution specifically tailored for cellular machine-to-machine communications, we bring to the market the first truly standard and dedicated end-to-end IoT security solution for mobile networks.

Hardy Schmidbauer, SVP, Kudelski IoT
  • Device security: remote attestation, tiered identity, chip-to-chip security, zero touch provisioning
  • Data security: E2E encryptions, remote secrets management, DTLS endpoint
  • Access management: key access control, feature authorization
  • Active security: OTA platform for applet management, key rotation, anti-cloning detection & rejection

    IDEMIA’s solution leverages scalable and standardised hardware “Root of Trust” to protect IoT data communications.

    Read more


Subscribe to our newsletter

Receive our key news and keep up with the trends in our markets by subscribing to our newsletter.

By clicking on the "Subscribe" button, you confirm that you agree to IDEMIA’s Terms of Use and Privacy Policy, and agree to the processing of your personal data and acknowledge your related rights, as described therein.

Your email address will be used exclusively by IDEMIA to send you newsletters related yo your selected topics of interest. In accordance with the law, you have rights of access, rectification and erasure of your personal data, as well as opposition of processing, which can be exercised by writing to