The present disclosure relates to networked devices, IoT devices, and more particularly to deployment, automatic configuration, identification and access of IoT devices. Embodiments of the present disclosure generally relate to improvements to networking systems including, but not limited to, networking of IoT devices.
The Internet of Things (IoT) is the network of physical objects, devices, or “things” embedded with electronics, software, sensors, and network connectivity, which enables these objects, devices, etc. to collect and exchange data. The IoT, for example, allows objects to be sensed and controlled remotely across existing network infrastructure, creating opportunities for more direct integration between the physical world and computer-based systems, and resulting in improved efficiency, accuracy, and economic benefit. Each IoT thing is uniquely identifiable through its embedded computing system but is able to interoperate within the existing Internet infrastructure. Experts estimate that the IoT will consist of almost 50 billion objects by 2020.
Typically, IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and covers a variety of protocols, domains, and applications. The interconnection of these embedded devices (including smart objects), is expected to usher in automation in nearly all fields, while also enabling advanced applications like a Smart Grid and expanding to the areas such as smart cities.
“Things,” in the IoT sense, may refer to a wide variety of devices, including but not limited to, devices such as heart monitoring implants, biochip transponders on farm animals, electric clams in coastal waters, automobiles with built-in sensors, or field operation devices that assist firefighters in search and rescue operations, etc. These devices collect useful data with the help of various existing technologies and then autonomously flow the data between other devices. Consumer market examples include, but are not limited to, devices such as smart thermostat systems and washer/dryers that use Wi-Fi for remote monitoring, etc.
Besides the wide variety of new application areas for Internet connected automation to expand into, IoT is also expected to generate large amounts of data from diverse locations that is aggregated very quickly, thereby increasing the need to better index, store, network, and process such data.
As increasingly more devices (e.g., servers, computers, phones, equipment, appliances, etc.) are connected to the Internet, the need to connect them in a meaningful, fast, secure, and cost-effective way becomes increasingly difficult. Specific scalability challenges related to Domain Name System (DNS) capability and Secure Sockets Layer (SSL) certificate deployment are evident. The function of the DNS, carried out by one or more DNS servers, is to associate various information with Internet domain names. More specifically, it translates more easily memorized domain names (e.g., www.example.com) to their associated numerical IP addresses (e.g., IPv4 or IPv6 addresses) needed for the purpose of locating computer services and devices worldwide. DNS servers resolve (e.g., translate to an IP address) a domain name (e.g., www.example.com) in a hierarchical manner, looking first at the top level domain or TLD (e.g., “.com”), then the domain name (e.g., “example”), and then the sub domain (e.g., “www”). More sub domains (e.g., a second sub domain, a third sub domain) can be included in the URL (e.g., m.www.example.com), limited by a maximum of 123 levels, and a maximum of 253 characters for the entire domain name.
An SSL certificate is a digital certificate that authenticates the identity of a website, application, or device and encrypts exchanged information (e.g., 256-bit encryption) using SSL technology. SSL certificates can secure a single domain name with a single domain certificate (e.g., www.example.com), secure multiple domain names with a multi-name certificate (e.g., both www.example.com and mail.example.com), and secure multiple subdomains of a domain with a wildcard certificate, for example, (e.g., *.example.com). There is an annual cost (e.g., USD$150-$300) and setup resources required (e.g., for generating the CSR, private key, renewal, etc.) when deploying wildcard certificates.
Legacy DNS capability in consideration of SSL certificate limitations presents challenges to secure and cost-effective Internet device scalability. In particular, the handling of wildcards in both the DNS and SSL certificates impacts scalability. For example, legacy DNS capability (e.g., as outlined in Network Working Group RFC 4592, and RFC 1034 sections 4.3.2 and 4.3.3) will only accept wildcards in the left-most subdomain (e.g., *.example.com). To have multiple subdomains translate to two different servers (e.g., servers s1 and s2 to manage resource loading), multiple wildcard DNS records unique to each server (e.g., *.s1.example.com and *.s2.example.com) are required. Likewise, a wildcard SSL certificate can only serve one subdomain level (e.g., *.s1.example.com), so a separate certificate for each server would be required, given the aforementioned DNS addressing limitation. The restrictions of these legacy protocols and systems therefore limit the scaling of devices on the Internet (e.g., adding servers, subdomains, etc.) in a secure and cost-effective manner (e.g., minimizing the deployment of SSL certificates, managing server loading, etc.).
Furthermore, legacy networking environments and systems often include a web server (e.g., Apache web server) that receives mapping directives such as:
ProxyPass/foo/http://s1.example.com/
This directive, for example, will direct a request for “http://example.com/foo/device1” to be mapped into a proxy request to “http://s1.example.com/device1”. This mapping can, for example, direct a user request to host server at “example.com” for connection to “device1” to be redirected to a remote server at “s1.example.com” associated with (e.g., physically co-located with) “device1” to complete the connection. Similarly, the reverse mapping,
ProxyPassReverse/foo/http://s1.example.com/
converts or maps, for example, “http://s1.example.com/device1” back to “http://example.com/foo/device1” before forwarding the response from the server at “s1.example.com” back to the user. From the user or client side, the request satisfied by the server at “s1.example.com” appears to have been satisfied by “example.com”.
While the aforementioned legacy structure (e.g., syntax and semantics) for proxy server mapping provides some simplification of addressing multiple network servers and devices, the structure has limits to scaling of devices on the Internet (e.g., adding devices, servers, subdomains, etc.) in a flexible and efficient manner. Techniques are needed to address the problem of flexibly and efficiently mapping to a large number of devices connected to the Internet using domain names.
The above scenario is further complicated by the fact that many sorts of devices can be connected via the Internet. However, applications pertaining to certain types of connected devices rely on characteristics of the connected network that can be set up during the course of installation and configuration. Legacy installation and configuration fails to account for the specifics of certain connected devices, and in some cases, legacy installation and configuration relies on pre-existing network component configurations that may not fully serve the needs of the aforementioned connected devices. Further, techniques are needed to address the problem of deployment and ongoing management of internet connected devices. The hereinabove problems with deployment are exacerbated since Device deployers and manufacturers need a way to identify deployed devices to the Internet in a way that provides security and authentication. Legacy techniques as are used by applications such as Dropbox and YouTube have offered developers app identification codes (“id's”) and/or shared keys that were typically embedded in the app or device. Unfortunately, legacy use of such keys did not include security such as authentication and encryption. Implementation of security was left up to the user. In many cases, identification codes (“id's”) and/or shared keys and were often left open in plain text (e.g., unencrypted), and accessible in plain text at or from the device, and/or embedded in plain text in various components of the application (e.g., in plain text embedded in the binary modules of the application).
Techniques are needed to address the security problems that developers and manufactures face, namely how to identify their deployed devices to Internet edge services in a way that provides a specified level of security and authentication. Security and authentication becomes increasingly more important as increasingly more devices (e.g., servers, computers, phones, equipment, cameras, appliances, etc.) are connected to the Internet. The need to connect them in a meaningful, fast, secure, and cost-effective way becomes increasingly difficult. Specific scalability challenges related to managing the messaging between devices are evident.
There are legacy approaches that enable inter-device communication (e.g., between a home security camera and a homeowner's smartphone, etc.). However, these legacy techniques are not well suited to quickly and cost-effectively enable communications from a large number of devices (e.g., all security cameras of a multi-national corporation, etc.). Specific challenges arise in balancing the connection and messaging load on the communication system servers. Techniques are therefore needed to address the problem of cost-effectively scaling the communications with an increasing number of devices connected to the Internet.
None of the aforementioned legacy approaches achieve the capabilities of the herein-disclosed techniques for deploying and maintaining Internet-connected networked devices. There is a need for improvements.