Azure Percept 安全性總覽Azure Percept security overview

Azure Percept 裝置是使用硬體根目錄信任所設計。Azure Percept devices are designed with a hardware root of trust. 此內建安全性可協助保護推斷資料和與隱私權相關的感應器,例如攝影機和麥克風,並啟用 Azure Percept Studio 服務的裝置驗證和授權。This built-in security helps protect inference data and privacy-sensitive sensors like cameras and microphones and enables device authentication and authorization for Azure Percept Studio services.

注意

Azure Percept 深色僅授權在開發和測試環境中使用。The Azure Percept DK is licensed for use in development and test environments only.

裝置Devices

Azure Percept 深色Azure Percept DK

Azure Percept 深色包含可信賴平臺模組 (TPM) 2.0 版,可用來將裝置連線到 Azure 裝置布建服務 (DPS) 具有額外的安全性。Azure Percept DK includes a Trusted Platform Module (TPM) version 2.0, which can be utilized to connect the device to Azure Device Provisioning Services (DPS) with additional security. TPM 是受信任運算群組的全產業 ISO 標準。TPM is an industry-wide, ISO standard from the Trusted Computing Group. 如需完整 TPM 2.0 規格或 ISO/IEC 11889 規格的詳細資訊,請參閱「 受信任的計算群組」網站 。如需 DPS 如何以安全的方式來布建裝置的詳細資訊,請參閱 Azure IoT 中樞裝置布建服務-TPM 證明Check out the Trusted Computing Group website for more information about the complete TPM 2.0 spec or the ISO/IEC 11889 spec. For more information on how DPS can provision devices in a secure manner, see Azure IoT Hub Device Provisioning Service - TPM Attestation.

Azure Percept 系統模組 (SoMs) Azure Percept system-on-modules (SoMs)

Azure Percept 願景系統模組 (SoM) 和 Azure Percept Audio SoM 都包含微控制器單位 (MCU) ,可保護內嵌 AI 感應器的存取。The Azure Percept Vision system-on-module (SoM) and the Azure Percept Audio SoM both include a microcontroller unit (MCU) for protecting access to the embedded AI sensors. 在每次開機時,MCU 固件都會使用「裝置識別碼組合引擎」 (骰子) 架構,以 Azure Percept Studio 服務驗證及授權 AI 加速器。At every boot, the MCU firmware authenticates and authorizes the AI accelerator with Azure Percept Studio services using the Device Identifier Composition Engine (DICE) architecture. 骰子的運作方式是將開機細分為各層,並為每個圖層和設定建立唯一的裝置秘密 (ud) 。DICE works by breaking up boot into layers and creating Unique Device Secrets (UDS) for each layer and configuration. 如果不同的程式碼或設定在鏈中的任何時間點開機,秘密將會不同。If different code or configuration is booted at any point in the chain, the secrets will be different. 您可以閱讀更多 骰子 workgroup 規格的骰子。如需設定 Azure Percept Studio 和必要服務的存取權,請參閱設定 Azure Percept 的防火牆深色的文章。You can read more about DICE at the DICE workgroup spec. For configuring access to Azure Percept Studio and required services see the article on configuring firewalls for Azure Percept DK.

Azure Percept 裝置會使用硬體根信任來保護固件。Azure Percept devices use the hardware root of trust to secure firmware. 開機 ROM 可確保 ROM 與作業系統 (OS) 載入器之間的固件完整性,進而確保其他軟體元件的完整性,進而建立信任鏈。The boot ROM ensures integrity of firmware between ROM and operating system (OS) loader, which in turn ensures integrity of the other software components, creating a chain of trust.

服務Services

IoT EdgeIoT Edge

Azure Percept 深色利用額外的安全性和其他 Azure 服務(使用傳輸層安全性 (TLS) 通訊協定)連接到 Azure Percept Studio。Azure Percept DK connects to Azure Percept Studio with additional security and other Azure services utilizing Transport Layer Security (TLS) protocol. Azure Percept 深色是已啟用 Azure IoT Edge 的裝置。Azure Percept DK is an Azure IoT Edge-enabled device. IoT Edge 執行時間是將裝置變成 IoT Edge 裝置的程式集合。IoT Edge runtime is a collection of programs that turn a device into an IoT Edge device. IoT Edge 執行時間元件統稱,可讓 IoT Edge 裝置接收在邊緣執行的程式碼,並傳達結果。Collectively, the IoT Edge runtime components enable IoT Edge devices to receive code to run at the edge and communicate the results. Azure Percept 深色利用 Docker 容器來隔離來自主機作業系統和已啟用 Edge 的應用程式 IoT Edge 工作負載。Azure Percept DK utilizes Docker containers for isolating IoT Edge workloads from the host operating system and edge-enabled applications. 如需有關 Azure IoT Edge 安全性架構的詳細資訊,請參閱 IoT Edge 安全性管理員For more information about the Azure IoT Edge security framework, read about the IoT Edge security manager.

IoT 中樞的裝置更新Device Update for IoT Hub

IoT 中樞的裝置更新可讓您以更安全、可調整且可靠的方式更新,將可再生安全性帶入 Azure Percept 裝置。Device Update for IoT Hub enables more secure, scalable, and reliable over-the-air updating that brings renewable security to Azure Percept devices. 它透過見解提供豐富的管理控制項和更新合規性。It provides rich management controls and update compliance through insights. Azure Percept 深色包含預先整合的裝置更新解決方案,可提供復原更新 (A/B) 從固件到作業系統層。Azure Percept DK includes a pre-integrated device update solution providing resilient update (A/B) from firmware to OS layers.

下一步Next steps