Smashing the IoT Deployment Hurdle: Introducing the Intel® Secure Device Onboard Service

Device Management Platforms Infographic Place Power Provision

Imagine you’re going to install 10,000 smart light bulbs in a factory. How much time should you schedule?  Before they can start streaming data, you need to key in each device identity, coordinate network credentials with IT, and register each device with the operational technology (OT) smart building control platform.

If you guessed 20 minutes per bulb, you’re about right. For 10,000 bulbs, you’d need almost two years! Analysts predict tens of billions of connected devices by 2020, but the burden of onboarding devices is huge, and it could keep the Internet of Things (IoT) industry from achieving the penetration and scale we all hope to see.

On Oct. 3, Intel announced a zero-touch device-onboarding service, Intel® Secure Device Onboard (Intel® SDO). It will scale IoT deployments to put more devices into service faster. Intel SDO enables owners to simply power on devices, then the service dynamically sets up the initial connectivity, authenticates the device, and registers it with the IoT platform’s methods—all automatically—in seconds. The service delivers privacy protection and a secure device baseline, ready for update.

Intel SDOAutomated, secure, in seconds.

Surmounting a Major Barrier to IoT Provisioning and Security

As IoT use cases move from proof of concept to deployment, OT teams are making increasing requests to provision devices onto corporate networks. IT security experts want to first ensure devices are properly authenticated, but this can interfere with the deployment schedule as the OT team strives to achieve production scale.

Manual activation is often problematic, with numerous “headless” IoT devices that require re-keying and authentication to get onto the network. Security issues can be introduced via misconfiguration, shipping of default credentials, or use of software-only security mechanisms. That is why Intel created a scalable, zero-touch, automated solution for security, to provision not only Intel® devices, but those of other microcontroller unit (MCU) providers, as well. 

Scaling Identity for All Devices 

At its heart, Intel SDO is based on Intel® Enhanced Privacy ID (Intel® EPID) to deliver a means of anonymously authenticating devices to remote IoT platforms. Intel EPID is a Trusted Computing Group/Intenational Standards Organization (TCG/ISO) open standard that is distributed within Intel® processors as well as by MCU providers such as Microchip*, Cypress*, Andes Technology*, NationZ*, and Infineon*. It’s fast becoming a best practice identity model for IoT, with over 2.7 billion keys distributed since 2008. Read a VDC Research IoT identity comparison paper for more information.

Scaling Device Enablement

In a typical scenario, a device manufacturer will build and sell a large quantity of devices through multiple distribution channels. That means the manufacturer cannot know where a device will be deployed, which cloud it will connect to, or how the device will be used. That causes one-off staging and expensive pre-loading for device manufacturers to support customer orders. But the alternative of shipping a standard image has the downside of increasing the manual provisioning configuration for installers in the field.

Device Drop Ship Infographic

Intel® SDO solves these problems by providing a rendezvous service where transfer of ownership can be established dynamically after the first boot of the device. Intel commissioned a device manufacturer research report through Kaiser Associates that shows a dramatic reduction in configuration steps and tremendous ROI with Intel SDO. With a single imaging step for zero-touch onboarding, device makers can mass-produce devices and leave the target IoT platform configuration to the Intel SDO service, saving time and labor at every step.
Intel has created Intel SDO software development kits (SDKs) and application programming interfaces (APIs) for the IoT platform ecosystem—available for free here. Partners such as Kontron*, SuperMicro*, ADLINK*, Nexcomm*, ARROW Electronics*, and others are using these tools to enable zero-touch-capable IoT gateways, devices, and distribution channels. 

Scaling IoT Platform Choices and Unlocking Flexibility

Many of today’s device provisioning methods are proprietary to an IoT platform’s provisioning model. Because they are software-based, they do not fully protect the keys and shared secrets required to provision a device into production. Also, once a customer enables devices to a particular platform, it may hard-code their choices to onboard to a single vendor. But increasingly, devices will need to onboard to local edge/fog infrastructure, industry exchanges, or partner IoT platforms, as well as their primary device management or cloud analytics platforms. 
Intel is pre-enabling cloud service platform marketplaces such as Microsoft Azure*, Google Cloud Platform* service, and Amazon Web Services (AWS)* IoT; targeted IoT platform ISVs such as Device Authority*, Neustar*, Forgerock*, Hitachi Lumada*, and Wind River Helix* Device Cloud; and solution providers such as British Telecom*, NTT Communications*, and Schneider Electric*. 
Through its dynamic discovery method, Intel SDO will rendezvous any device with its owner to any IoT platform. For IoT platform providers, this will speed the number of devices that can be put under management—while benefiting from a large ecosystem of pre-enabled devices for faster time to production. 
“Google Cloud Platform (GCP) service has partnered with Intel to launch the Intel SDO solution. At power on, our customers will be able to automatically, and securely, register devices and stream data into GCP for faster command, control, and analytics,“ said Antony Passemard, Head of IoT Product Management, Google Cloud. 

Real World Customer Proving Grounds for Scalable Onboarding

To prove the zero-touch concept at scale in the real world, Intel worked closely with oil and gas provider Weatherford*, who operates ForeSite*, a production optimization IoT platform. The pilot leveraged Intel SDO to provision wireless sensors on pumping units and Weatherford IoT gateways to the latest release of the Wind River Helix* Device Cloud secure device management platform, which in turn forwards data to ForeSite for predictive analytics. Weatherford projects the solution could be applied to a market potential of 290,000 wells representing 870,000 sensor data points and nearly 10,000 IoT gateways at a global level. 
According to Colin Tait, Weatherford IT Director, Enterprise Field Operation Software, “The Intel SDO and Device Cloud enables us to create a secure, scalable oilfield ecosystem from zero-touch onboarding to continual gateway management.” 

Onboarding Tens of Billions of IoT Devices Just Got Simpler

Intel SDO vastly accelerates trusted onboarding of IoT devices—from minutes to seconds—with a zero-touch, automated process, with a baseline chain of trust from the silicon provider through the installation.  
“Intel provides the industry a compreshensive portfolio of products, technologies, and roadmaps for building and deploying interoperable market ready solutions… edge to fog to cloud. Intel Secure Device Onboard delivers the first step by connecting the unconnected, with maximum security designed in, and low implementation complexity,” said Tom Lantzsch, Senior VP and leader of Intel’s Internet of Things Group. 
Intel is excited to bring this breakthrough model to market, to scale all IOT ecosystems.  We plan to work with the Open Connectivity Foundation (OCF), the IoTivity project, and other IoT standards organizations to contribute concepts and toolkits, and our real-world experiences onboarding devices at scale. 
We invite you to take action:
  • Go here to learn more about Intel® Secure Device Onboard
  • Find free ecosystem enabling tools here
  • To join the Intel SDO program as a partner, email iotonboarding@intel.com
*©2017, Intel Corporation. Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation. Other names may be claimed as the property of others. 
 

 

Learn More

For more complete information about compiler optimizations, see our Optimization Notice.