The zero-touch device-onboarding service, Intel® Secure Device Onboard (Intel® SDO), scales IoT deployments to put more devices into service faster. For large-scale IoT solutions in smart manufacturing, smart retail, smart cities, and many other use cases, Intel® SDO enables developers and their customers to deliver better privacy protection and a more secure device baseline, ready for update.
Imagine you’re going to install 10,000 smart light bulbs in a factory. How much time should you schedule? Before they can start streaming data, you need to key in each device identity, coordinate network credentials with IT, and register each device with the operational technology (OT) smart building control platform.
If you guessed 20 minutes per bulb, you’re about right. For 10,000 bulbs, you’d need almost two years. Analysts predict tens of billions of connected devices by 2020, but the burden of onboarding devices is huge, and it could keep the Internet of Things (IoT) industry from achieving the penetration and scale we all hope to see.
Surmounting a Major Barrier to IoT Provisioning and Security
As IoT use cases move from proof of concept to deployment, OT teams are making increasing requests to provision devices onto corporate networks. IT security experts want to first ensure devices are properly authenticated, but this can interfere with the deployment schedule as the OT team strives to achieve production scale.
Manual activation is often problematic, with numerous “headless” IoT devices that require re-keying and authentication to get onto the network. Security issues can be introduced via misconfiguration, shipping of default credentials, or use of software-only security mechanisms. That is why Intel created a scalable, zero-touch, automated solution for security, to provision not only Intel devices, but those of other microcontroller unit (MCU) providers, as well.
Scaling Identity for All Devices
Intel SDO enables owners to simply power on devices, then the service dynamically sets up the initial connectivity, authenticates the device, and registers it with the IoT platform’s methods—all automatically—in seconds.
Automated, secure, in seconds.
At its heart, Intel SDO is based on Intel® Enhanced Privacy ID (Intel® EPID) to deliver a means of anonymously authenticating devices to remote IoT platforms. Intel EPID is a Trusted Computing Group/International Standards Organization (TCG/ISO) open standard that is distributed within Intel® processors as well as by MCU providers such as Microchip*, Cypress*, Andes Technology*, NationZ*, and Infineon*. It’s fast becoming a best practice identity model for IoT, with over 2.7 billion keys distributed since 2008.
Scaling Device Enablement
In a typical scenario, a device manufacturer will build and sell a large quantity of devices through multiple distribution channels. That means the manufacturer cannot know where a device will be deployed, which cloud it will connect to, or how the device will be used. That causes one-off staging and expensive pre-loading for device manufacturers to support customer orders. But the alternative of shipping a standard image has the downside of increasing the manual provisioning configuration for installers in the field.
Intel SDO solves these problems by providing a rendezvous service where transfer of ownership can be established dynamically after the first boot of the device. Intel commissioned a device manufacturer research report through Kaiser Associates that shows a dramatic reduction in configuration steps and tremendous ROI with Intel SDO. With a single imaging step for zero-touch onboarding, device makers can mass-produce devices and leave the target IoT platform configuration to the Intel SDO service, saving time and labor at every step.
Intel has created Intel SDO software development kits (SDKs) and application programming interfaces (APIs) for the IoT platform ecosystem—available for free. Partners such as Kontron*, SuperMicro*, ADLINK*, Nexcomm*, ARROW Electronics*, and others are using these tools to enable zero-touch-capable IoT gateways, devices, and distribution channels.
Scaling IoT Platform Choices and Unlocking Flexibility
Many of today’s device provisioning methods are proprietary. Because they are software-based, they do not fully protect the keys and shared secrets required to provision a device into production. Also, once a customer enables devices to a particular platform, it may hard-code their choices to onboard to a single vendor. But increasingly, devices will need to onboard to local edge/fog infrastructure, industry exchanges, or partner IoT platforms, as well as their primary device management or cloud analytics platforms.
Through its dynamic discovery method, Intel SDO will rendezvous any device with its owner to any IoT platform. For IoT platform providers, this will speed the number of devices that can be put under management—while benefiting from a large ecosystem of pre-enabled devices for faster time to production.
Intel is pre-enabling cloud service platform marketplaces such as Microsoft* Azure*, Google* Cloud Platform service, and Amazon* Web Services (AWS) IoT; targeted IoT platform ISVs such as Device Authority*, Neustar*, Forgerock*, Hitachi* Lumada*, and Wind River* Helix* Device Cloud; and solution providers such as British Telecom*, NTT* Communications, and Schneider Electric*.
This broad industry is reflected in the growing adoption of Intel SDO by major cloud service providers. According to Antony Passemard, Google Cloud Head of IoT Product Management, “Google Cloud Platform (GCP) service has partnered with Intel to launch the Intel SDO solution. At power on, our customers will be able to automatically, and securely, register devices and stream data into GCP for faster command, control, and analytics.“
Real World Customer Proving Grounds for Scalable Onboarding
To prove the zero-touch concept at scale in the real world, Intel worked closely with oil and gas provider Weatherford*, who operates ForeSite*, a production optimization IoT platform. The pilot leveraged Intel SDO to provision wireless sensors on pumping units and Weatherford IoT gateways to the latest release of the Wind River Helix Device Cloud secure device management platform, which in turn forwards data to ForeSite for predictive analytics. Weatherford projects the solution could be applied to a market potential of 290,000 wells representing 870,000 sensor data points and nearly 10,000 IoT gateways at a global level.
According to Colin Tait, Weatherford IT Director, Enterprise Field Operation Software, “The Intel SDO and Device Cloud enables us to create a secure, scalable oilfield ecosystem from zero-touch onboarding to continual gateway management.”
Onboarding Tens of Billions of IoT Devices Just Got Simpler
Intel SDO vastly accelerates trusted onboarding of IoT devices—from minutes to seconds—with a zero-touch, automated process, with a baseline chain of trust from the silicon provider through the installation.
“Intel provides the industry a comprehensive portfolio of products, technologies, and roadmaps for building and deploying interoperable market ready solutions… edge to fog to cloud. Intel Secure Device Onboard delivers the first step by connecting the unconnected, with maximum security designed in, and low implementation complexity,” said Tom Lantzsch, Senior VP and leader of Intel’s Internet of Things Group.