PKI Authentication
Anava uses IEEE 802.1AR Secure Device Identity with Axis PKI to provide hardware-backed device authentication. This ensures only genuine, registered cameras can connect to the platform.
Why Hardware-Backed Identity
- Non-exportable keys: Private keys never leave the camera hardware.
- Zero-touch provisioning: Certificates are factory-provisioned.
- Strong authenticity: Each device proves its identity cryptographically.
Certificate Trust Chain
High-Level Authentication Flow
- Device presents its hardware certificate during mutual TLS.
- The platform validates the certificate chain to confirm authenticity.
- Registration and authorization checks confirm the device is approved.
- Scoped access is granted to the device's allowed operations.
For implementation details and enforcement logic, see the internal documentation.
Internal Implementation
Full certificate handling, authorization logic, and topic controls are documented internally for authorized team members and NDA customers.