TESA Logo

TESIoT Platform

Enterprise-grade Security for AIoT

Empowering AIoT with
Zero‑Trust Cybersecurity

Build, secure, and scale IoT & Edge AI workloads — from device identity and TLS 1.3 to streaming analytics and data pipelines. Designed for regulated industries and mission‑critical systems.

TLS 1.3 • PKI • Vault
Zero‑copy Edge
4‑Tier PKI
Low‑latency MQTTs

AIoT Foundation Platform

Security by Design
ETSI EN 303 645 Cybersecurity Compliance
Secure AIoT Connectivity
MQTTs & HTTPs (Server-TLS & mTLS)
Smart Data Schema & Industrial Domains
Validation and Live Telemetry
ETL for Edge AI
Data Labelling for Edge AI Inference
Digital Twin
AI Agents and Real-time Product Design & Development
Live Telemetry
Auth. & IoTS Chip
Cyber-Physical Systems
CLS-Ready IoT Product

Who Benefits from TESIoT Platform?

Accelerating Thailand's IoT ecosystem to meet global markets and cybersecurity standards

IoT Product Designers

  • Skip 3-6 months of security implementation
  • Pre-integrated PKI, mTLS, and device management
  • Focus on product innovation, not infrastructure

Platform Providers

  • White-label ready for industry verticals
  • Proven architecture handling millions of devices
  • Healthcare, Smart City, Industry 4.0 templates

Investors & VCs

  • De-risked IoT investments with proven tech
  • 70% faster time-to-market for portfolio companies
  • Built-in compliance for global expansion

Cybersecurity Policy Makers

  • ETSI EN 303 645 & ISO 27402 compliant
  • National IoT security framework ready
  • Zero-Trust architecture as standard

Engineering Students

  • Learn production-grade IoT architecture
  • Free tier for academic projects
  • TESA certification pathway included

Startups & Enterprises

  • From MVP to scale without re-architecting
  • Enterprise SLAs and 24/7 support
  • Multi-tenant ready with cost optimization

Key Capabilities & Architectural Strengths

Security‑first foundation, analytics by default — built for production AIoT.

Security‑First Design

PKI with automated certificates, HSM integration, and zero‑trust model.

Compliance‑Ready

RBAC, GDPR/PDPA flows, CLS-Ready (ETSI EN 303 645).

MQTT QUIC

Next-gen transport with 0-RTT, connection migration, multiplexing.

BDH AI

Knowledge management with RAG, embedding vectors, and AI agents.

Authentication Modes

Server-TLS

Username and password authentication. Ideal for simpler deployments.

mTLS

Digital certificates for both device and server. Enhanced security with mutual authentication.

OPTIGA™ Trust M

Hardware-based onboarding with Infineon factory certificate, protected update for TESAIoT credential rotation.

Product Model Store

3D Model, Product Industrial Design and Immersive & Interactive Digital Twin.

Edge AI Dashboard

Real-time telemetry visualization, ETL pipelines, and ML model metrics.

Knowledge Graph

Neo4j-powered relationship mapping for device dependencies and insights.

API Keys

Secure API integration tokens for live data streaming via MQTT/WSS.

Certificate Management

4-Tier
PKI Hierarchy
Auto
CSR & Renewal
HSM
Key Protection
Vault
Secret Engine

Vault PKI

National Root CA & certificate issuance.

Device Mgmt

Lifecycle, fleet ops & edge processing.

RBAC & PDPA

Access control & privacy compliance.

Provisioning

Zero-touch onboarding & configuration.

API Gateway

APISIX multi‑protocol gateway.

TimescaleDB

Time-series analytics & retention.

TESIoT Architecture

Zero Trust Security Flow

End-to-end security with mTLS, PKI, and encrypted data pipelines

Zero Trust Security

mTLS authentication, encrypted channels, and certificate-based identity

Edge AI Ready

Digital twin support, real-time analytics, and ML pipeline integration

High Performance

Low-latency MQTT, optimized data pipelines, and scalable architecture

Use Cases

Healthcare, Smart City, Industry 4.0, Energy — powered by Edge AI and secure connectivity.

Healthcare IoTFDA / CE / PDPA Compliant
  • Fall detection for seniors (Edge AI)
  • Continuous vital signs monitoring
  • Baby cry & siren recognition
  • HIPAA/PDPA privacy compliance
Smart CityConnected Infrastructure
  • Gesture control for smart homes
  • Object & human detection
  • Low-latency event alerts
  • Secure telemetry & analytics
Industry 4.0OT / SCADA / Digital Twin
  • Factory alarm detection (audio AI)
  • Predictive maintenance
  • Visual inspection of parts
  • OT network segmentation
Smart EnergyGrid / EV / Solar
  • Energy-efficient edge computing
  • Smart grid integration
  • EV charging optimization
  • Solar & battery forecasting

Security & Compliance with Advanced PKI

Certificate‑based identity, encrypted data paths, RBAC, and auditable operations. Supports ISO 27001, ETSI EN 303 645, GDPR/PDPA.

ISO 27001ETSI EN 303 645GDPR / PDPAmTLS / TLS 1.3

TESAIoT PKI Architecture

PKI Architecture

Root CA (offline, 10–20 yrs), Intermediate CA (Vault‑managed, ~5–10 yrs), Device certs (auto‑issued, 90‑day rotation).

Security Features

HSM integration, CRL/OCSP responders, automated lifecycle & renewal notifications.

Operational Workflows

Secure bootstrap enrollment, mutual TLS auth, audit logging & compliance reporting.

Key Innovation: 4‑Tier PKI Strategy

Tier 1 (Battery)
ECC P‑256
Sensors <1 mW – optimize for 10‑year battery life.
Tier 2 (Controllers)
ECC P‑384
<100 mW controllers – enhanced security.
Tier 3 (Gateways)
RSA 3072
>100 mW gateways – HW acceleration ready.
Tier 4 (Critical)
RSA 4096
Critical infrastructure – maximum protection.

Certificates sized by tier balance cryptographic strength, packet overhead, and device power budgets.

Join the Future of Secure AIoT

Provision identities, stream data securely, and unlock AI at the edge with TESAIoT.