Embodiments presented herein generally relate to managing large numbers of interconnected network devices—often referred to as Internet of Things (IoT) devices. More specifically, embodiments presented herein provide techniques for pairing a given IoT device with software applications using a three-way handshake between the IoT device, a mobile device application, and applications on a cloud computing platform.
The “Internet-of-things” (IoT) generally refers to the internetworking of physical devices, vehicles, buildings, and other things with software and computing systems. IoT devices include virtually any device that can be fitted with electronics, software, sensors, actuators, and the like—enabling such devices to collect and exchange data with software applications. For instance, common household appliances may include components that gather and share data with software applications over a network or that allow the device to be monitored and controlled remotely. Other consumer examples include network-connected thermostats, light bulbs, power switches, etc. As an example, an IoT-based thermostat can collect data relating to the schedule of and usage of an HVAC system to program itself based the collected data. As another example, a door lock may be locked, unlocked, or monitored as being locked or unlocked, using sensors on the lock, an actuator, and networking components which exchange sensor data about lock state with other applications. In enterprise contexts, IoT devices can be deployed to a variety of manufacturing, supply chain, and industrial environments.
IoT devices are typically networked via a hub that sends and receives messages between the hub and individual devices, e.g., a hub that communicates with and controls a set of light bulbs throughout a home or business. Such messages can include data received from a device, commands to perform by the device, executable code stored on the device, data sent from one device to another, and the like. Although the hub can be a physical networking device, cloud computing platforms can provide a hub service for IoT devices. Doing so allows a set of IoT devices to connect directly to the cloud and use other services provided by the cloud computing platform, such as storage, big-data analytics, and data stream processing. Indeed, many IoT devices are manufactured to support cloud-based IoT hub subsystems. Further, software applications used to control an IoT device can interact with both a cloud-based hub service and other applications in order to monitor and control a collection of IoT devices.
One issue regarding IoT devices, particularly for large deployments, is pairing each individual device with supporting software applications, and in the case of a cloud-based service provider associating each such IoT device with a service managed user or client identity. That is, an IoT device needs to be paired software applications used to control that devices e.g. to turn on a vacuum cleaner or report the temperature of a home. However, doing so typically requires that the IoT device and applications authorize each other as trusted parties. Generally, the pairing process should allow IoT device manufacturers to develop applications and end users to use these applications to connect to their devices. At the same time, only authorized parties should be able to connect and control an IoT device using the related software applications. Stated conversely, an unauthorized user should not be able to control an IoT device for which they do not have permissions to access. However, given that a device manufacturer may ship millions of IoT devices, it may be impractical for the device manufacturer to develop and maintain a cloud-based hub service that can both scale for millions of IoT devices and provide a pairing workflow and device command workflow that is based on individual user identities. That is, an IoT device provider may be reluctant to maintain a cloud-based hub service which maintains a mapping of what IoT devices are authorized for use by a given user and what permissions each such user has for a given IoT device pairing.