ThingWorx incorporates an end-to-end security strategy covering all levels, including network, application, user, and data security.
Edge Connectivity (EMS, SDK's, API)
- Supports HTTPS (Secure Sockets Layer) so that all data transmission is encrypted.
- The Edge MicroServer (EMS) and associated SDK components act as an interface between intelligent devices and the ThingWorx server. The EMS shares information and data with the server using the Internet Engineering Task Force (IETF) standard WebSockets protocol.
- The standard communication protocol from the Edge MicroServer component to the server is the WebSockets protocol (RFC 6455), which runs on top of the secure and encrypted TLS protocol.
- All files that are transferred between the edge and the platform are encrypted before transfer and then decrypted after receipt. File MD5 hashes are calculated to ensure complete and successful file transfers as well as that the file has was not tampered with.
- A set of SDKs for device software component development including Java, C, .NET, iOS and Android, with more to come.
Authentication and Authorization
- The ThingWorx Platform supports HTTP authentication using user name and password. If desired, the platform can delegate the authentication of the credentials to an LDAP system.
- The ThingWorx Platform has an Access Control List (ACL) model that allows administration of ThingWorx Platform authorization to a very granular level.
- Both Design-Time and Run-Time permissions can be set for any entity in the system.
- ThingWorx offers a matrix multi-tenancy model that allows visibility to be defined in a series of overlapping “Organizations”.
- Organizations are hierarchical structures that allow the user to assign visibility to entities.
- The ThingWorxplatform uses encrypted storage for sensitive data.
- System passwords and keys are encrypted when stored.
- User passwords utilize a per user salted hash when stored.