Device Onboarding

Onboarding a device is the first interaction a consumer will have with an IoT product. As our day-to-day products become smarter, it is important that this first interaction is seamless as possible. If onboarding is a slow and error-prone process, it can present a barrier for users that prevents them from integrating more smart devices into their smart homes. For IoT cloud platforms, it is equally important to provide robust and secure methods to support device onboarding.

Cloud platforms are presented with unique challenges when it comes to device onboarding. Here we present two important methods that provide elegant solutions to those challenges.

What is Device Provisioning?

Before a device can be onboarded, it has to be provisioned. Device provisioning is the process by which a device makes itself known to a platform when it comes online.

Just in Time Registration, or JITR, is a device provisioning method in which a device is registered to a platform until the first time it connects. The process is as follows:

1. A root CA certificate is created and registered to the platform.
2. A device certificate is derived from that root CA and burned into the device's firmware. Each certificate has a unique fingerprint that the device can be identified with.
3. When the device first comes online, it uses its device certificate to connect to a platform.
4. The platform validates the certificate against its registered root CA.
5. If it is valid, the certificate is registered in the backend using its unique fingerprint. Afterward, the device can connect any number of times and the backend can identify each connection belonging to the device.

Since only the device certificate and the connection endpoint need to be known beforehand, this presents a number of advantages:

• No user intervention is required.
• Simpler manufacturing process since less information has to be packaged with the device.
• The platform does not need to configure anything for the device until it is first used.
• Any number of devices can be provisioned this way since the manufacturers can generate an unlimited amount of device certificates from their root CAs.
• There is no additional data that needs to be exchanged between the device and the platform.
• Since the certificate must be validated for the connection to happen, security is guaranteed on registration and consecutive connections. * The device is less error-prone since it only needs to guarantee that it can connect to the platform.

How to Onboard devices using registration codes

After a device has been provisioned, it can be onboarded. Devices based on cloud platforms must solve the problem of being able to associate a user before they can send messages to or operate a device. Registration codes, sometimes referred to as activation codes, can provide a simple yet secure way to associate a user with a device.

Although the exact process varies from product to product, the process is more or less like this. Assuming that the user can communicate with a device through a client such as a mobile application:

1. The user places the device in onboarding mode.
2. The device exchanges a code with the user. Sometimes this is just a sticker on the device or the device exchanges the code with the user through a local network.
3. The user submits the code to the platform along with any necessary information about the device.
4. The platform associates the user with the device and notifies the device of this new association.

The platform associates the user to the device the code belongs to.

Again, this presents a number of advantages:

• No information is exchanged with the platform about the device before the user is associated to it.
• Since this method requires physical proximity to the device, we can ensure that the owner of the device is the one associating to it.
• The device does not need to handle the association or permissions thereafter except for the initial code exchange.
• The process is simple for the user and the device and makes for a good user experience.

Conclusion

Keeping in mind the provisioning and onboarding process during the design of a smart device is important for the success of the product. It is important to take into consideration the security and simplicity of this procedure for the user in any IoT product or platform. A habit-forming IoT product is one that can be integrated into a user’s home and life seamlessly. JITR and registration codes provide a simple and secure way for both the user and the developer to register a device to a platform and associate a user with it.

These two methods are becoming the standard in IoT products. Major IoT platforms such as Azure and AWS, provide JITR as a standard. JITR and registration codes can be used with any type of smart device regardless of the home type they operate in. As the market for IoT products grows, these two methods are becoming industry standards for the advantages they provide.

‍