The Internet of Things (IoT) is the networking of physical objects, such as devices, vehicles, buildings and other items, which are embedded with electronics, software, sensors, and network connectivity that enables these objects to collect and exchange data. IoT as a new communications and interaction paradigm is rapidly developing to offer many new and useful features in applications such as smart home, smart city, industrial control, and smart transportation. Just as traditional computer networks require security solutions to facilitate reliable and private end-to-end communications, IoT deployments will oftentimes require robust security.
Secure grouping IoT endpoint devices, such as sensors, actuators, and the like, into secure domains generally requires administrative management of member devices, membership keys, and credentials. Performing these types of administrative functions has been a challenge in the context of IoT endpoint devices. For instance, IoT endpoint devices have a diverse range of computing and communications capabilities. A group-enrollment protocol should be able to support both, more capable devices, and resource-constrained devices, for robust security.
In addition, it is desirable for the administrative management of IoT device domains to be simple and user-friendly, particularly for layperson users/administrators. IoT endpoint devices tend to have very limited (or sometimes non-existent) user interfaces, further complicating the setup process. Even in the case of sophisticated users, such as businesses employing information technology (IT) professionals, the scale of deployment of devices, which may number in the hundreds, thousands, tens of thousands, etc., presents practical challenges if per-unit setup procedures are called for.
The group-management and registration of new devices should be a process with minimal, and simple, human involvement. Traditional domain management generally involves the use of a centralized registration entity for enrollment of new devices. A number of challenges arise with this type of arrangement, including the possibility that the registration point and administrators may not be able to support the diverse range of communications, networking, and user-interface limitations of endpoint devices, or the sheer number of devices in large deployments. Practical solutions are needed to these, and other, challenges.