Zero-touch provisioning of IOT devices with multi-factor authentication
First Claim
1. A non-transitory computer-readable storage medium storing instructions executable to perform an operation for provisioning identifying credentials to an Internet of Things (loT) device, based on generic credentials provided by the loT device, the operation comprising:
- receiving, from the loT device of a plurality of loT devices, a request to provision the loT device with identifying credentials for registering the loT device with a first loT service, wherein the first loT service is accessible via generic credentials, wherein the request is received by the first loT service, wherein the request specifies the generic credentials, which include a provisioning certificate stored in memory of each of the plurality of loT devices, wherein the request further specifies additional credentials for the loT device;
upon validating the request, authenticating the request via multi-factor authentication based at least in part on the generic credentials and the additional credentials specified in the request;
granting, to the loT device, access to a second loT service that is accessible via the identifying credentials, by generating the identifying credentials for the loT device based at least in part on the generic credentials and the additional credentials and by operation of one or more computer processors when executing the instructions, the identifying credentials comprising device-specific credentials uniquely identifying the loT device in the plurality of loT devices;
sending the identifying credentials to the loT device, wherein the loT device installs and activates the identifying credentials; and
associating the identifying credentials with the loT device in a registry of the first loT service, whereafter the loT device accesses the second loT service based on the identifying credentials.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are disclosed for provisioning device-specific credentials to an Internet of Things device that accesses a cloud-based IoT service. The IoT service receives, from the IoT device, a request for device-specific credentials. The request comprises a provisioning certificate including information identifying a group of devices associated with the IoT device. The provisioning certificate is authenticated by evaluating the information with expected information. The device-specific credentials are generated based, at least in part, on the information provided in the provisioning certificate. The device-specific credentials are sent to the IoT device, and the IoT device installs and activates the device-specific credentials. The device-specific credentials are associated with the IoT device in a registry of the IoT service.
-
Citations
20 Claims
-
1. A non-transitory computer-readable storage medium storing instructions executable to perform an operation for provisioning identifying credentials to an Internet of Things (loT) device, based on generic credentials provided by the loT device, the operation comprising:
-
receiving, from the loT device of a plurality of loT devices, a request to provision the loT device with identifying credentials for registering the loT device with a first loT service, wherein the first loT service is accessible via generic credentials, wherein the request is received by the first loT service, wherein the request specifies the generic credentials, which include a provisioning certificate stored in memory of each of the plurality of loT devices, wherein the request further specifies additional credentials for the loT device; upon validating the request, authenticating the request via multi-factor authentication based at least in part on the generic credentials and the additional credentials specified in the request; granting, to the loT device, access to a second loT service that is accessible via the identifying credentials, by generating the identifying credentials for the loT device based at least in part on the generic credentials and the additional credentials and by operation of one or more computer processors when executing the instructions, the identifying credentials comprising device-specific credentials uniquely identifying the loT device in the plurality of loT devices; sending the identifying credentials to the loT device, wherein the loT device installs and activates the identifying credentials; and associating the identifying credentials with the loT device in a registry of the first loT service, whereafter the loT device accesses the second loT service based on the identifying credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system to provision identifying credentials to an Internet of Things (loT) device, based on generic credentials provided by the loT device, the system comprising:
-
one or more computer processors; and one or more memories storing instructions, which, when executed on the one or more computer processors, cause the one or more computer processors to perform an operation comprising; receiving, from the loT device of a plurality of loT devices, a request to provision the loT device with identifying credentials, wherein the request is received by a first loT service that is accessible via generic credentials, wherein the request specifies the generic credentials in the form of a provisioning certificate stored in memory of each of the plurality of loT devices, wherein the request further specifies additional credentials for the loT device; upon validating the request, initiating a first workflow, wherein the first workflow is configured to authenticate the loT device with the first loT service via multi-factor authentication based at least in part on the generic credentials and the additional credentials specified in the request; initiating a second workflow, wherein the second workflow is configured to grant, to the loT device, access to a second IoT service that is accessible via the identifying credentials, by generating the identifying credentials for the loT device based at least in part on the generic credentials and the additional credentials, the identifying credentials comprising device-specific credentials uniquely identifying the loT device in the plurality of loT devices; and sending the identifying credentials to the loT device, whereafter the loT device accesses the second loT service based on the identifying credentials. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer-implemented method for provisioning identifying credentials to an Internet of Things (loT) device, based on generic credentials provided by the loT device, the computer-implemented method comprising:
-
receiving, from the loT device of a plurality of loT devices, a request to provision the loT device with identifying credentials in the form of a digital certificate, wherein the request is received by a first loT service that is accessible via generic credentials, wherein the request specifies the generic credentials, which include a provisioning certificate stored in memory of each of the plurality of loT devices, wherein the request further specifies additional credentials for the loT device; validating the request by determining that a count of digital certificates previously claimed for the provisioning certificate is less than a count of a plurality of digital certificates generated for the provisioning certificate; and upon authenticating the provisioning certificate via multi-factor authentication based at least in part on the generic credentials and the additional credentials, associating the digital certificate, comprising a first digital certificate of the plurality of generated digital certificates, by operation of one or more computer processors, with the loT device in a registry of the first loT service and issuing the digital certificate to the loT device, whereafter the loT device accesses a second loT service based on the digital certificate. - View Dependent Claims (18, 19, 20)
-
Specification