Each device has its own asymmetric keypair. Each sensor on the device is encrypted individually. A central identity manager controls access to each sensor, as well as key distribution via role-based access control. An end-to-end encrypted and signed software upgrade is also provided to the embedded device.