Tech Briefs Magazine - March 2022 - Sensor-5

Figure 2. Smart buildings have so many sensors that it would be nearly impossible to provision each
one separately. (Image: Zhu Difeng/Shutterstock)
er or service provider that is collecting and
analyzing the sensor outputs. The physical
connection to the network will vary based
on the communications media and being
able to assert an identity will require the
use of digital certificates. In order to support
bulk provisioning, it is best to incorporate
the public/private key pair and the
device's certificate in the supply chain, so
the device comes out of the box ready to
generate the certificate signing request
and handle the provisioning handshake.
Naturally, many IoT devices will be
using a wireless protocol of some sort,
especially if dealing with greenfield
applications. There are a multitude of
choices including cellular, Wi-Fi, Zigbee,
LoRaWAN, SigFox, and more. However, if
we are upgrading a legacy application, it is
still
possible
that
Ethernet,
RS-485,
ProfiBus, or many other older wired technologies,
might be in use. In the case of the
wired interfaces, gaining access to the network
can be as simple as plugging the cable
into the device. However, wireless protocols
are somewhat more complicated.
If the connectivity is via a cellular connection,
the provisioning is likely handled
by the cellular provider in the form
of a subscriber identification module
(SIM) card or one of the newer embedded
eSIM modules. When the carrier
takes the device's International Mobile
Equipment Identity (IMEI) identifier
and associates it with a specific SIM/
eSIM in their internal databases, the carrier
has a unique means to identify the
device. This unique identity is used to
validate the device as a legitimate member
of the carrier's network and to provide
provisioning to the device over the
air. Therefore, by having a list of the
IMEI numbers and their associated
SIM/eSIM, all the devices can be activated/provisioned
without further human
intervention. This same sort of approach
can be applied to other cellular-like
wireless technologies such as LoRaWAN.
Technologies such as Bluetooth mesh,
which is increasingly found in smart buildings,
also have a built-in provisioning strategy
based on the same concepts of a public/private
key pair and a digital certificate
embedded in the device. Through a
well-defined provisioning protocol and
associated security handshakes, a new
device can be securely added to the network
in a matter of milliseconds without
human interaction. This same sort of provisioning
scenario can be found across a
number of IoT connection options.
IoT Provisioning Final Thoughts
Getting your devices connected and
provisioned on your network requires
some considerable thought to security
and the provisioning process. Fortunately,
with supply chain security credentials and
new provisioning protocols and techniques,
the process can be accomplished
with a minimum of human interaction
and significantly less time than was
required in the past. Automated certificate
generation and well-defined security
protocols can ensure that our devices
have a valid identity and will always use
secure key generation and encrypted
communications between themselves and
the servers/service providers.
The major cloud service providers
have put quite a bit of thought behind
their provisioning mechanisms, with
well-defined provisioning steps and protocols.
Figure
3. If connectivity is via a cellular connection, the provisioning is probably from the provider
by means of a SIM card or eSIM module. (Image: Chinnapong/Shutterstock)
Sensor Technology, March 2022
Cov
www.techbriefs.com
ToC
Unfortunately, each service
provider uses a different set of APIs and
approaches. However, the general provisioning
flow is the same between the vendors
and can easily be automated for
cases of mass deployments. There are
also a multitude of companies that focus
on IoT provisioning devices and automation
approaches, if there are legacy or
internal infrastructures needed for the
enterprise. So, while everyone will need
to consider the issues of provisioning at
one point or another, be they consumer
or enterprise, at least you will be able to
capitalize on existing approaches and
not have to blaze new trails.
This article was written by Mike Anderson,
Embedded Systems Architect, and Industry
Consultant. For more information, contact Mr.
Anderson at mandersonptr@gmail.com or visit
http://info.hotims.com/82319-160.
5

http://info.hotims.com/82319-710 http://info.hotims.com/82319-160 http://www.techbriefs.com http://info.hotims.com/82319-780

Tech Briefs Magazine - March 2022

Table of Contents for the Digital Edition of Tech Briefs Magazine - March 2022