The Internet of Things or IoT is a vague term commonly applied to devices that combine hardware, software, and connectivity to a network, including a public network such as the Internet. The connectivity adds value but it also brings risks of security breaches and unintended behaviors which are often difficult to anticipate at the time of manufacture and installation of the device. Therefore, it is important to provide a means to audit the software of a device and update it as exploits become known. The audit should cover multiple aspects controlling device integrity including, but not restricted to: unintentional changes to the software, hidden or latent behaviors such as malicious communications or denial of service, as well as intentional changes that violate the terms of use associated with the device.
Periodic updates are a common feature of today's connected devices such as smartphones. More sophisticated devices such as an Apple iPhone model 6 include secure hardware elements designed to link update procedures to a vendor's authorized processes. These features are described in publications such as Apple Inc.'s
iOS_Security_Guide_Sept_2014
http://ss1.apple.com/privacy/docs/iOS_Security_Guide_Sept_2014.pdf and incorporated herein by reference. Apple's approach is not designed to easily accommodate modifications to the software without permission from Apple.
Open source software promotes peer review, community support, and facilitates innovation. However, open source software also shifts responsibility away from the device vendor, leading to potential security and trust concerns. Variations on the theme of managing the integrity of software are well known to those skilled in the art. For example, the widely deployed Unified Extensible Firmware Interface or UEFI describes the practice of securing one or more public keys in the hardware and signing software with the corresponding vendor's private key. Restriction on software modification is a concern to the open source community and variations in the practice of hardware vendors have been described and adopted
http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot_criticism.
A third example of secure hardware devices is a secure element with a private key and the ability to sign external challenges. Fast IDentity Online or FIDO http://en.wikipedia.org/wiki/FIDO_Alliance enables a single device to be registered and linked to an unlimited number of servers. The FIDO device includes a vendor's public certificate to prove integrity and a mechanism for user control to prevent unauthorized use or impersonation. Apple, UEFI, and FIDO are examples of trust models focused on the device vendor.
A fourth example of secure devices is protection on the basis of multiple signatures. In particular, Bitcoin multisig https://coincenter.org/2015/01/multi-sig/ is able to distribute responsibility for a secure transaction among multiple parties. Multisig can be used to distribute responsibility and introduce desirable redundancy in the trust model among multiple parties including one or more vendors, licensed prescribers, and patients. In this example the vendor is only one of many votes and no longer has veto power over device updates.
Regulated medical devices are also party to the Internet of Things. Agencies such as the US Food and Drug Administration (FDA) review applications by device vendors for safety and effectiveness relative to the stated Indications for Use of the device. The Indications for Use may restrict use through prescription by a licensed professional such as a physician.