top of page

Azure Sphere Gateway

Powered by Microsoft

Azure Sphere Gateway All Views.png

Providing the Strongest Cybersecurity Protection for Connected Machines

Azure Sphere is a secured, high-level application platform developed by Microsoft
with built-in communication and security features for internet-connected devices.


It comprises a secured, connected, crossover microcontroller unit (MCU), a custom
high-level Linux-based operating system (OS), and a cloud-based security service
that provides continuous, renewable security.

 

More reading: https://azure.microsoft.com/en-us/products/azure-sphere

Azure Sphere provides 7 features to ensure the strongest cybersecurity
protection for connected machines:

01

Hardware-Based Root of Trust

A hardware-based root of trust ensures that the device and its
identity cannot be separated, thus preventing device forgery or spoofing. Every Azure Sphere
MCU is identified by an unforgeable cryptographic key that is generated and protected by the
Microsoft-designed Pluton security subsystem hardware. This ensures a tamper-resistant,
secured hardware root of trust from factory to end user.

02

Defense in Depth

Defense in depth provides multiple layers of security and thus multiple
mitigations against each threat. Each layer of software in the Azure Sphere platform verifies that
the layer above it is secured.

03

Small Trusted Computing Base

Most of the device's software remains outside the trusted
computing base, thus reducing the surface area for attacks. Only the secured Security Monitor,
Pluton runtime, and Pluton subsystem—all of which Microsoft provides—run on the trusted
computing base.

04

Dynamic Compartments

Dynamic compartments limit the reach of any single error. Azure
Sphere MCUs contain silicon counter-measures, including hardware firewalls, to prevent a security
breach in one component from propagating to other components. A constrained, "sandboxed"
runtime environment prevents applications from corrupting secured code or data.

05

Password-Less Authentication

The use of signed certificates, validated by an unforgeable
cryptographic key, provides much stronger authentication than passwords. The Azure Sphere platform
requires every software element to be signed. Device-to-cloud and cloud-to-device communications
require further authentication, which is achieved with certificates.

06

Error Reporting

Errors in device software or hardware are typical in emerging security attacks;
errors that result in device failure constitute a denial-of-service attack. Device-to-cloud
communication provides early warning of potential errors. Azure Sphere devices can automatically
report operational data and errors to a cloud-based analysis system, and updates and servicing can
be performed remotely.

07

Renewable Security

The device software is automatically updated to correct known vulnerabilities
or security breaches, requiring no intervention from the product manufacturer or the end user. The
Azure Sphere Security Service updates the Azure Sphere OS and your applications automatically

User Case I

National Convenience Store Chain

A national convenience chain store aims to connect food vending machines across all 13,000 stores to the cloud. The customer's requirements are:
 

  • Ensure that all connected machines are protected against cybercriminal attacks at all levels.

  • Enable all machines to perform online firmware and application menu updates securely over the internet.
     

Changhong's Azure Sphere solution emerged as the only option after successfully passing rigorous security tests conducted by the customer's expert team over six months. Consequently, Changhong  was selected as the vendor to implement this secure connection deployment across all 13,000 stores.

  • One of world’s largest personal computer vendor has experienced many security challenges on its docking stations as they are always connected to the net. A compromise dock presents huge risk when laptop docks
     

  • This Customer’s requirements are: (1) docking stations are fully protected from any online malicious attempts 24x7 (2) any needed OTA update can be executed  with maximum security at any time
     

  • Changhong’s Azure Sphere solution won the bid and is currently providing protected worry- free docking system to the customer in high volume

User Case II

One of the World's Largest PC Vendors

Key Specifications

  • Azure Sphere MCU module

  • Northbound link:
    - Dual Band (2.4GHz & 5GHz) Wi-Fi
    - 4G/LTE (Cat-M1/Edge) (Optional)
    - 10 Base-T/100 Base-TX Ethernet

  • Southbound link:
    - Bluetooth 5.0
    - Ethernet, RS485/RS422/RS232, CAN
    - USB, Zigbee, LoRa

  • GNSS

  • OTA(Secure updates)

  • Local SD Storage

  • Power Loss Detection

  • Power Loss Backup

  • Protocol
    - TCP/IP, Modbus, MQTT, HTTP, CoAP

  • 3 LEDs:
    - 2 programmable LEDs
    - 1 BLE activity LED

  • Micro-HDMI
    - MCU programming and debugging port

  • Input voltage: 9~36V

  • Dimensions: 95mm*95mm*25mm

  • Enclosure: Mountable, Black color

  • Operating temperature: -20 °C to 60 °C

bottom of page