Riseberg IoT Platform

From Kalpa to the IoT Solutions

Kalpa develops IoT projects since 2013 leveraging on the unique environment in which firmware, software, mobile and cloud teams work side by side sharing know how.

Know How In kalpa firmware, software, mobile and cloud developers work side by side and share knowledge.

Experience Large number of IoT project are up & running in production since 2013.

Standard and OSS Extensive knowledge of IoT best practices and well maintained OSS modules.

Business Model Device connectivity and IoT enable profitable market scenarios. A pay per use platform allows short time to market and lower the overall risk for the customers.

Design Principles

Highly scalable The platform Design makes it scalable up to millions of devices and thousands of pipelines. You will use the same platform from POC to Production!

Device Management Use built-in features to manage your device. Aggregate assets by location, owner or any custom parameter. Create private customer views to limit the visibility to a subset of devices for a subset of users.

Declarative Data Model You define your data models using a graphical user interface. The data model enables the correct handling of your data by the system and simplifies the data access from your applications.

Ingest From Everywhere No matter where your data comes from, chances are there's an SDK for it. Or rely on industry-standard protocols such as MQTT or AMQP.

Bi-Directional Communication Read and write data from your devices using our low latency infrastructure. Aggregate on the fly Use built-in pipelines to transform your data as it flows. Having a clean dataset has never been easier.

Secure By Design Full-fledged Security Framework for IoT Devices.

Core Security Pillars

Riseberg's security strategy is built on two fundamental pillars, ensuring end-to-end protection for the entire IoT solution.

📡

Device-to-Cloud Security

Robust protection for connected devices, their communications, and the data they generate, from the sensor to the cloud. This includes secure device identity, encrypted channels, and data integrity checks.

👤

User-to-Cloud Security

Ensuring secure access for users, protecting their interactions with the platform, and maintaining the confidentiality of user data through strong authentication, authorization, and encrypted communications.

Device-to-Cloud Protection In-Depth

We employ multi-layered security measures to authenticate devices, encrypt communications, and ensure data integrity throughout its lifecycle.

Device Authentication & Secure Pairing

The "Secure Pairing" process is critical for establishing a trusted identity for each device. It involves unique hardware identifiers, X.509 certificates, and optional TPM/HSM support for enhanced private key protection.

Secure Pairing Process:

1️⃣

Device ID Submission

Unique hardware identifier presented

➡️

2️⃣

Key Gen & CSR

Device generates keys, sends CSR

➡️

3️⃣

CSR Signing (Cloud CA)

X.509 Certificate Issued

➡️

✅

Secure Connection

TLS Authentication with Certificate

X.509 certificates have a default 3-month expiration (configurable) and are regularly rotated.

Data Encryption Measures

Confidentiality is paramount. Data is encrypted both in transit and at rest.

🛡️ Data in Transit

All device-to-cloud communications use TLS 1.2/1.3 with robust cipher suites (e.g., AES-256 GCM) for protocols like MQTT and HTTP/2.

🗄️ Data at Rest

Stored data is protected by multiple encryption layers:

Database encryption
Storage level encryption
Key Management System

Encryption keys are managed by dedicated KMS, separate from the data.

Data Integrity & Credential Management

Ensuring data is untampered and credentials are secure is vital.

🔗 Data Integrity

We use strong cryptographic hash functions like SHA-256 / SHA-512 to verify message integrity, ensuring data isn't altered.

🔄 Certificate Rotation & Revocation

Device X.509 certificates are regularly rotated. We also implement fast revocation mechanisms (CRL/OCSP) for compromised or decommissioned devices.

User-to-Cloud Protection In-Depth

User access to the Riseberg platform is safeguarded by strict authentication and authorization mechanisms, ensuring data privacy and secure interactions.

Robust User Authentication

We provide flexible and secure authentication options:

🔑 OAuth 2.0 / OpenID Connect: Industry standards for federated authentication and authorization.
🛡️ MFA (Multi-Factor Authentication): Optional layer of security using hardware/software tokens.
⚙️ Complex Password Policies: Configurable requirements for password strength and rotation.
👥 RBAC (Role-Based Access Control): Granular permissions based on user roles, adhering to the principle of least privilege.

Secure Communications & API Protection

All interactions with the platform are secured:

🔒 HTTPS Everywhere

All web and mobile app interactions occur exclusively over HTTPS (TLS), with HSTS support to prevent downgrade attacks.

🚦 API Security

Our APIs are critical access points and are protected by:

🛡️ API Gateway for authentication and authorization.
📊 Rate Limiting to prevent abuse and DoS attacks.
✅ Strict input validation and adherence to OWASP API Security Top 10.
🔑 Secure API Key management and rotation.

Platform-Wide Vigilance

Security is an ongoing process. Riseberg employs tools and procedures for continuous monitoring, detailed logging, and adherence to standards to maintain a secure and reliable operational environment.

Feature	Description
SIEM Integration	Centralized collection, correlation, and analysis of security events from all platform components.
Immutable Logging	Detailed recording of all security access and operations in centralized, tamper-proof logs.
Audit Trails	Maintenance of a comprehensive audit trail for all configuration changes and critical events.
GDPR Compliance	Platform architecture and processes designed to comply with the General Data Protection Regulation.
Regular Audits & Pen Tests	Periodic security reviews and penetration tests conducted by independent third parties.

IoT Platform