The field of the present invention generally relates to network connections. More particularly, the field of the invention relates to a method and apparatus for remotely provisioning and operating a headless Wi-Fi-enabled “Internet of Things” device.
In the area of network computing, the term “provisioning” generally refers to the process of configuring a computer, or other network-compatible device, selecting an appropriate network, and establishing a connection to the network. A user interface (UI), or a human machine interface (HMI), stored on a computer, a phone, a laptop, or any other similar computing device, generally shows a user a list of available networks and enables the user to select a desired network to which to connect. The HMI further enables the user to enter a suitable username and password required for connecting the network, and then configure the network connection, if need be.
In this day and age, connecting to networks is far simpler than ever before, and many devices enable users to connect simply by selecting a network and entering a password. Connecting to a network becomes more complicated, however, when the device to be connected lacks any kind of HMI or user interface. Such a device is typically referred to as a “headless device.” Those skilled in the art will appreciate that many headless devices may have one or more serial ports, and a common way of configuring the devices is by entering commands via the serial ports. Meanwhile, with Ethernet-enabled devices, connecting to a network may be as simple as plugging in an Ethernet cable. Alternatively, connecting a headless cellular device may often be accomplished with relative ease simply because a Subscriber Identification Module (that is, a SIM card) associated with the cellular device is already provisioned with the connection. In the case of Wi-Fi, however, every network has a different password and settings, which makes provisioning a headless Wi-Fi device without skilled user intervention very difficult, if not nearly impossible.
The advent of the Internet of Things, which envisions a connected world where appliances, such as, for example, an Internet connected thermostat such as the Nest® Thermostat, allow a user to monitor and/or control the appliance or device from anywhere in the world through the Internet. However, the appliance or device, hereinafter “the IoT” device, must be connected to a user's Wi-Fi network before it can be accessed over the Internet.
Provisioning the IoT device may not be simple, even where the IoT device has even a rudimentary interface. In many cases, however, the IoT device lacks a user interface such as a LCD display and/or keypad, and is thus considered a headless devices.
Various methods have been used by IoT device manufactures to provision the devices. For example, the IoT device may be capable of bringing up a Wi-Fi interface in access point mode, with a user using a browser on a computer or smartphone to navigate to a web page where the device may be provisioned. Such a method may require the user to know, and enter, an IP address and reboot the device.
In another method, an IoT device may allow for use of a Service Set Identifier (SSID) and password to facilitate connection to a Wi-Fi beacon. Such a method may be problematic, however, because a Wi-Fi beacon is not typically designed for such a use. There is typically a limit to the length of the password that a user can enter, and if the password of an access point or beacon is longer that the limit, the device cannot be configured. Moreover, such a method does not typically encrypt the data going over the air, which may expose the password to a snooper. Where encryption is enabled, each IoT device typically must be given a separate key for proper security.
While there are other methods that may be used that address most of these shortcomings, each method requires a user with a smartphone or a computer to be located in proximity to the device to effect the provisioning of the device. This may not be practical in all environments.
Another problem with current methods of deploying and provisioning IoT devices is that most users provision their IoT devices onto the Wi-Fi network that is used for the rest of their network. This is especially true where the device is being provisioned onto a home network. When deployed and provisioned in this matter, the IoT devices have access to the private network of the end user. Provisioning the devices in such a manner has the potential to expose confidential files in network shares if the security of the IoT device is breached.
Enterprises and end user can currently manage this problem by creating a separate “guest” Wi-Fi network for their IoT devices. However, such an arrangement creates overhead by the system administrator.
What has been needed, and heretofore unavailable, is a method and apparatus for provisioning and remotely operating Wi-Fi-enabled IoT devices without any need for a user interface or HMI to be installed on the devices. Moreover, it would be advantageous from a security standpoint to have a system where isolation from a local network is built into the system. Further, such a system and method should provide for provisioning of IoT devices without requiring that a user with a computer or smartphone be near the device. The present invention satisfies these and other needs.