The Internet was originally designed to facilitate communication between computers. Increasingly, the Internet is being used to connect devices that are not typically considered to be computers or computing devices. One device currently available is a smart thermostat that can learn the schedule of people in the home and adjust the temperature to accommodate the schedule while reducing energy costs. The future may also bring a smart power grid that can communicate with smart thermostats, smart appliances, and home security systems, to optimize energy usage for an entire city, based on where people are and when tasks need to be completed.
One of the consequences of this vision of the future is a proliferation of connected devices. Every home, workplace, and vehicle could potentially include many connected systems, sensors, controls, and devices that may communicate and cooperate with each other with no human involvement. Even pets and farm animals may have sensors that monitor and report the animal's health and location. Estimates of the number of smart devices that may be connected to the Internet within the next decade vary widely, but range in the tens of billions. An initiative known as the Internet of Things (IoT), originating with the Institute of Electrical and Electronics Engineers (IEEE), promises to provide an impetus for growth in the number of connected devices, while helping to oversee development of standards for communication between devices.
A major concern associated with communication between devices is information security. For example, it may be appropriate for a smart thermostat to query a home security system to determine if anyone is home and which rooms of the house they may be occupying. That information, however, should not be available to people or devices outside the home without authorization by the homeowner. The smart thermostat should also not accept commands from devices in the house next door. Information security concerns become particularly acute with so-called constrained devices, which can respond to control directives from other devices, but lack the computing resources to identify the source or validity of the directives received. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for secure communication between devices.