Building enterprise Internet of Things (IoT) systems must start with reviewing and strengthening your current IT security to prepare for potential additional risk exposure. Then, understanding the security posture of connected devices being added to the network determines what smarter edge architectural components, such as IoT gateways, are needed to establish and defend functional integrity and enable protection from risks of less capable connected sensors and legacy equipment. This session will discuss the unique security risks in IoT ecosystems and the strategies and tools for addressing them.
Let soracom help your IoT devices connect to the cloud!
Soracom IoT SIM Card - Connectivity designed for IoT
It's simple, secure, affordable and scalable
Our features:
GLOBAL SCALABILITY: Our secure IoT SIM Card can connect to 2G/3G/LTE/Cat1 data in over 120 countries. LoraWan and Sigfox are available as well.
DEVICE CLOUD ACCESS: Perform encryption over the cloud, reduce device power consumption, and lower data transfer amount to lower your costs. Less power and data on your IoT/M2M devices.
FULL CONTROL VIA CONSOLE/API: Even a single active IoT SIM Card can get you immediate access to our full suite of IoT cellular connectivity services with a full-featured user console and API and data pool for complete control of every connection. Monitor and manage the state of every connection, view active/inactive status, check data usage, adjust speed or even pause/restart or terminate any connection at any time.
IDEAL FOR: Fast prototyping and full-scale deployment. Optimized for IoT/M2M data. Voice & SMS not supported.
PAY AS YOU GO: Only pay for the data and services you use. No minimum commitments.
Let Soracom help your IoT devices connect to the cloud!
You can get a free Soracom IoT SIM Card to test your IoT/M2M devices: https://www.soracom.io/free-sim/
This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.
Developing IoT with Zephyr is a journey from hardware all the way to application. It involves multiple teams and expertise, from hardware to cloud and application development. This talk will cover the options for getting a Zephyr app connected (WiFi, Ethernet, Cellular), selecting the right data encoding (JSON/CBOR), securing the data transfer (DTLS/TLS), and choosing a protocol (HTTP/MQTT/COAP). But that’s not the end of the story, the cloud needs to manage devices allowed to connect, consume the data being received, open up options for using that data, and be aware of the continued state of the hardware. And once you have the data you need to build a user-facing application on top of it. Understanding this lifecycle will help us as developers to make good choices on what Zephyr provides, helping ensure successful IoT projects.
Overview of FIDO Security Requirements and Certifications
1) The FIDO Alliance authentication certification program evaluates and certifies authenticators at different security levels to create trust between relying parties and authenticators.
2) Higher certification levels provide defenses against more sophisticated attacks, with Level 3+ providing the highest security against physical attacks on authenticator devices.
3) The certification process involves security reviews and penetration testing conducted by accredited laboratories. Companion certification programs can reduce the cost and time of certification for vendors.
Learn how FIDO-based authentication can complement federated authentication - and why they are better together.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
The document discusses using FIDO authenticators for IoT devices. It presents eWBM's biometric external FIDO authenticator and its security features. Potential applications of FIDO authentication for IoT are then described, including for device authentication over LoRa networks, drone control, and public WiFi access. The use of a BLE FIDO authenticator for personalized smart speaker services is also proposed. The conclusion recommends slimming down the FIDO client for embedded systems and achieving at least Security Level 2 certification for IoT authenticators.
Rajiv Dholakia, Nok Nok Labs
Basics of how FIDO protocols work, how they fit into the broader identity ecosystem, the benefits of the design and the state of implementation/deployment in the market; appropriate for both technical and non-technical individuals, giving orientation before diving into the details of the specific FIDO protocols.
The document discusses security considerations for IoT devices. It provides an overview of IoTivity, an open source project that implements the OIC standard to define security mechanisms for IoT. IoTivity addresses IoT security issues like device onboarding, provisioning, access control and privacy through features such as secure connectivity, hardware hardening and an access manager. The document also outlines threats to IoT devices from a physical, software and network perspective.
Fra få til mange typer af mobile devices. Lær hvordan du administrerer dine mobile devices via SystemCenter Config Mgr og Windows Intune. Præsentation af Kent Agerlund, CoreTech
This document summarizes a presentation given by Anthony Nadalin from Microsoft on FIDO2 and Microsoft implementations. It discusses the FIDO standards including CTAP2 and WebAuthn, and how Microsoft supports these standards in Windows 10, Microsoft Edge, and Microsoft Accounts. It provides an overview of authentication interactions and the different entities involved, such as relying parties, clients, authenticators, and platforms.
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
FIDO 2.0 specifications are being developed to standardize strong web authentication across platforms. This includes a Web Authentication API submitted to W3C, key attestation and signature formats. A Client to Authenticator Protocol enables authentication using external devices over transports like USB, Bluetooth, and NFC. FIDO aims to accelerate adoption by providing authentication built into browsers, operating systems, and platforms.
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
Explore how FIDO UAF works, how to perform FIDO registration, and how FIDO is used in the world today, as well as the process from start to finish of UAF authentication.
From FIDO Alliance Seminar in Washington, D.C., October, 2015.
- FortiGate Virtual Appliances combine traditional FortiGate appliances with virtual domains and VLANs to enforce security between virtual zones.
- FortiGate Virtual Appliances are available in versions that support 2, 4, or 8 virtual CPUs and come pre-licensed to use the appropriate number of vCPUs. They require a minimum of 512MB RAM, 2 virtual NICs, and 30GB storage.
- Fortinet's virtual security strategy enables enterprises and service providers to deliver secure offerings across all cloud computing service and deployment models using both physical and virtual FortiGate form factors.
Building enterprise Internet of Things (IoT) systems must start with reviewing and strengthening your current IT security to prepare for potential additional risk exposure. Then, understanding the security posture of connected devices being added to the network determines what smarter edge architectural components, such as IoT gateways, are needed to establish and defend functional integrity and enable protection from risks of less capable connected sensors and legacy equipment. This session will discuss the unique security risks in IoT ecosystems and the strategies and tools for addressing them.
Soracom IoT SIM Card - Connectivity designed for IoT
It's simple, secure, affordable and scalable
Our features:
GLOBAL SCALABILITY: Our secure IoT SIM Card can connect to 2G/3G/LTE/Cat1 data in over 120 countries. LoraWan and Sigfox are available as well.
DEVICE CLOUD ACCESS: Perform encryption over the cloud, reduce device power consumption, and lower data transfer amount to lower your costs. Less power and data on your IoT/M2M devices.
FULL CONTROL VIA CONSOLE/API: Even a single active IoT SIM Card can get you immediate access to our full suite of IoT cellular connectivity services with a full-featured user console and API and data pool for complete control of every connection. Monitor and manage the state of every connection, view active/inactive status, check data usage, adjust speed or even pause/restart or terminate any connection at any time.
IDEAL FOR: Fast prototyping and full-scale deployment. Optimized for IoT/M2M data. Voice & SMS not supported.
PAY AS YOU GO: Only pay for the data and services you use. No minimum commitments.
Let Soracom help your IoT devices connect to the cloud!
You can get a free Soracom IoT SIM Card to test your IoT/M2M devices: https://www.soracom.io/free-sim/
This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.
Developing IoT with Zephyr is a journey from hardware all the way to application. It involves multiple teams and expertise, from hardware to cloud and application development. This talk will cover the options for getting a Zephyr app connected (WiFi, Ethernet, Cellular), selecting the right data encoding (JSON/CBOR), securing the data transfer (DTLS/TLS), and choosing a protocol (HTTP/MQTT/COAP). But that’s not the end of the story, the cloud needs to manage devices allowed to connect, consume the data being received, open up options for using that data, and be aware of the continued state of the hardware. And once you have the data you need to build a user-facing application on top of it. Understanding this lifecycle will help us as developers to make good choices on what Zephyr provides, helping ensure successful IoT projects.
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
1) The FIDO Alliance authentication certification program evaluates and certifies authenticators at different security levels to create trust between relying parties and authenticators.
2) Higher certification levels provide defenses against more sophisticated attacks, with Level 3+ providing the highest security against physical attacks on authenticator devices.
3) The certification process involves security reviews and penetration testing conducted by accredited laboratories. Companion certification programs can reduce the cost and time of certification for vendors.
FIDO, Federation and the Internet of ThingsFIDO Alliance
Learn how FIDO-based authentication can complement federated authentication - and why they are better together.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
Using FIDO Authenticator for IoT DevicesFIDO Alliance
The document discusses using FIDO authenticators for IoT devices. It presents eWBM's biometric external FIDO authenticator and its security features. Potential applications of FIDO authentication for IoT are then described, including for device authentication over LoRa networks, drone control, and public WiFi access. The use of a BLE FIDO authenticator for personalized smart speaker services is also proposed. The conclusion recommends slimming down the FIDO client for embedded systems and achieving at least Security Level 2 certification for IoT authenticators.
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
Rajiv Dholakia, Nok Nok Labs
Basics of how FIDO protocols work, how they fit into the broader identity ecosystem, the benefits of the design and the state of implementation/deployment in the market; appropriate for both technical and non-technical individuals, giving orientation before diving into the details of the specific FIDO protocols.
The document discusses security considerations for IoT devices. It provides an overview of IoTivity, an open source project that implements the OIC standard to define security mechanisms for IoT. IoTivity addresses IoT security issues like device onboarding, provisioning, access control and privacy through features such as secure connectivity, hardware hardening and an access manager. The document also outlines threats to IoT devices from a physical, software and network perspective.
Fra få til mange typer af mobile devices. Lær hvordan du administrerer dine mobile devices via SystemCenter Config Mgr og Windows Intune. Præsentation af Kent Agerlund, CoreTech
This document summarizes a presentation given by Anthony Nadalin from Microsoft on FIDO2 and Microsoft implementations. It discusses the FIDO standards including CTAP2 and WebAuthn, and how Microsoft supports these standards in Windows 10, Microsoft Edge, and Microsoft Accounts. It provides an overview of authentication interactions and the different entities involved, such as relying parties, clients, authenticators, and platforms.
Case study from NTT DOCOMO for UAF. Learn about how FIDO-enabled products using UAF have helped NTT DOCOMO reach their goals in achieving simple and secure authentication.
FIDO Technical Overview at FIDO KWG HackathonKi-Eun Shin
FIDO is an authentication standard that provides a more secure alternative to passwords. It uses public-key cryptography where a private key is stored securely on a user's device and never leaves it. During registration, a public key and attestation are stored on the server and associated with a user account. Authentication involves the device signing a challenge with the private key in a way that can be verified with the public key. This allows for strong, passwordless authentication that is compatible across platforms and browsers. Popular companies like Microsoft and Google have implemented FIDO to improve security.
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
This document discusses advanced features of OpenID Connect including:
- The use of Authorization Cross-Domain Code (ACDC) and Proof Key for Code Exchange (PKCE) to enable authentication flows for native mobile applications.
- How ACDC allows native apps to leverage an enterprise or social identity provider to obtain tokens without embedding credentials in the app.
- The concept of a Token Agent that performs authentication on behalf of other native apps to provide single sign-on capabilities.
Current centralized data sharing infrastructures fail to provide a reliable, GDPR-compliant, and ethical mechanism to share data, thus, impeding the development of the flourishing data economy. Indeed, the future of technology and, consequently, the flourishing economy and society should be built on a paradigm of decentralization. This is known more widely as the Web3 movement, which is being celebrated as the future of the internet, and which seeks to endow everyday internet users with the capacity to have full control of their digital footprint. It aims to provide a trustless, secure, unmediated, and verifiable infrastructure that spreads control throughout the community, putting the individual at the center of it all.
Aiming to tangibly implement this paradigm shift, decentralized data access control enabled by EcoSteer’s Data Ownership Platform, provides a key to a trustless, unmediated ecosystem of data exchange where all the players are rewarded for participating. This is achieved by means of EcoSteer’s patented Multicast End-to-End Encryption Scheme and Blockchain Smart Contracts. The former hands the control back to the data owner by protecting the data at the point of its generation. The latter provides a possibility for Data Owners to control visibility over third-party access to their data granularly and establish a 1-to-1 relationship with all the interested Data Users. Furthermore, Blockchain also enables a straightforward compensation mechanism for data sharing in exchange of goods and services, which is an enormous incentive and an imperative for a lively ecosystem of data sharing.
Similar to Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at Intel.pdf (20)
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfNeo4j
Presented at Gartner Data & Analytics, London Maty 2024. BT Group has used the Neo4j Graph Database to enable impressive digital transformation programs over the last 6 years. By re-imagining their operational support systems to adopt self-serve and data lead principles they have substantially reduced the number of applications and complexity of their operations. The result has been a substantial reduction in risk and costs while improving time to value, innovation, and process automation. Join this session to hear their story, the lessons they learned along the way and how their future innovation plans include the exploration of uses of EKG + Generative AI.
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Bert Blevins
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
Best Practices for Effectively Running dbt in Airflow.pdfTatiana Al-Chueyr
As a popular open-source library for analytics engineering, dbt is often used in combination with Airflow. Orchestrating and executing dbt models as DAGs ensures an additional layer of control over tasks, observability, and provides a reliable, scalable environment to run dbt models.
This webinar will cover a step-by-step guide to Cosmos, an open source package from Astronomer that helps you easily run your dbt Core projects as Airflow DAGs and Task Groups, all with just a few lines of code. We’ll walk through:
- Standard ways of running dbt (and when to utilize other methods)
- How Cosmos can be used to run and visualize your dbt projects in Airflow
- Common challenges and how to address them, including performance, dependency conflicts, and more
- How running dbt projects in Airflow helps with cost optimization
Webinar given on 9 July 2024
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
INDIAN AIR FORCE FIGHTER PLANES LIST.pdfjackson110191
These fighter aircraft have uses outside of traditional combat situations. They are essential in defending India's territorial integrity, averting dangers, and delivering aid to those in need during natural calamities. Additionally, the IAF improves its interoperability and fortifies international military alliances by working together and conducting joint exercises with other air forces.
Support en anglais diffusé lors de l'événement 100% IA organisé dans les locaux parisiens d'Iguane Solutions, le mardi 2 juillet 2024 :
- Présentation de notre plateforme IA plug and play : ses fonctionnalités avancées, telles que son interface utilisateur intuitive, son copilot puissant et des outils de monitoring performants.
- REX client : Cyril Janssens, CTO d’ easybourse, partage son expérience d’utilisation de notre plateforme IA plug & play.
Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment.
How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.
Implementations of Fused Deposition Modeling in real worldEmerging Tech
The presentation showcases the diverse real-world applications of Fused Deposition Modeling (FDM) across multiple industries:
1. **Manufacturing**: FDM is utilized in manufacturing for rapid prototyping, creating custom tools and fixtures, and producing functional end-use parts. Companies leverage its cost-effectiveness and flexibility to streamline production processes.
2. **Medical**: In the medical field, FDM is used to create patient-specific anatomical models, surgical guides, and prosthetics. Its ability to produce precise and biocompatible parts supports advancements in personalized healthcare solutions.
3. **Education**: FDM plays a crucial role in education by enabling students to learn about design and engineering through hands-on 3D printing projects. It promotes innovation and practical skill development in STEM disciplines.
4. **Science**: Researchers use FDM to prototype equipment for scientific experiments, build custom laboratory tools, and create models for visualization and testing purposes. It facilitates rapid iteration and customization in scientific endeavors.
5. **Automotive**: Automotive manufacturers employ FDM for prototyping vehicle components, tooling for assembly lines, and customized parts. It speeds up the design validation process and enhances efficiency in automotive engineering.
6. **Consumer Electronics**: FDM is utilized in consumer electronics for designing and prototyping product enclosures, casings, and internal components. It enables rapid iteration and customization to meet evolving consumer demands.
7. **Robotics**: Robotics engineers leverage FDM to prototype robot parts, create lightweight and durable components, and customize robot designs for specific applications. It supports innovation and optimization in robotic systems.
8. **Aerospace**: In aerospace, FDM is used to manufacture lightweight parts, complex geometries, and prototypes of aircraft components. It contributes to cost reduction, faster production cycles, and weight savings in aerospace engineering.
9. **Architecture**: Architects utilize FDM for creating detailed architectural models, prototypes of building components, and intricate designs. It aids in visualizing concepts, testing structural integrity, and communicating design ideas effectively.
Each industry example demonstrates how FDM enhances innovation, accelerates product development, and addresses specific challenges through advanced manufacturing capabilities.
The Rise of Supernetwork Data Intensive ComputingLarry Smarr
Invited Remote Lecture to SC21
The International Conference for High Performance Computing, Networking, Storage, and Analysis
St. Louis, Missouri
November 18, 2021
Measuring the Impact of Network Latency at TwitterScyllaDB
Widya Salim and Victor Ma will outline the causal impact analysis, framework, and key learnings used to quantify the impact of reducing Twitter's network latency.
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
Best Programming Language for Civil EngineersAwais Yaseen
The integration of programming into civil engineering is transforming the industry. We can design complex infrastructure projects and analyse large datasets. Imagine revolutionizing the way we build our cities and infrastructure, all by the power of coding. Programming skills are no longer just a bonus—they’re a game changer in this era.
Technology is revolutionizing civil engineering by integrating advanced tools and techniques. Programming allows for the automation of repetitive tasks, enhancing the accuracy of designs, simulations, and analyses. With the advent of artificial intelligence and machine learning, engineers can now predict structural behaviors under various conditions, optimize material usage, and improve project planning.
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc
Six months into 2024, and it is clear the privacy ecosystem takes no days off!! Regulators continue to implement and enforce new regulations, businesses strive to meet requirements, and technology advances like AI have privacy professionals scratching their heads about managing risk.
What can we learn about the first six months of data privacy trends and events in 2024? How should this inform your privacy program management for the rest of the year?
Join TrustArc, Goodwin, and Snyk privacy experts as they discuss the changes we’ve seen in the first half of 2024 and gain insight into the concrete, actionable steps you can take to up-level your privacy program in the second half of the year.
This webinar will review:
- Key changes to privacy regulations in 2024
- Key themes in privacy and data governance in 2024
- How to maximize your privacy program in the second half of 2024
2. FDO Deployment Issues
Device Manufacturer
Ownership
Voucher (OV)
FDO
Manufacturing
tool
FDO Client &
Credentials
Device Initialization (DI)
Target Cloud
FDO owner
Rendezvous
server (RV)
FDO Client &
credentials
TO0 & TO1
Device Discovers
Server
T02 protocol
Device Onboards
Onboarding
Data
→
• The Ownership Voucher is invalidated after the device onboards. The Target
Cloud gets a new OV, to allow only it to use FDO in the future.
Where is device?
Where to Send OV?
TO0 protocol
TO1 protocol
Device
shipped
Device
installed
Is Target Cloud on Prem / Internet?
Single- Multi-tenant?
3. We need Zero Trust → Ownership Voucher
• Ownership Voucher is a new concept in FDO
• Popular Zero trust security model is “never trust, always verify.”
• Problem for onboarding, device doesn’t know server yet!
• Ownership Voucher provides credentials for the device to trust,
because OV & Device both came from same factory
Target Cloud
FDO owner
FDO Client &
credentials
Onboarding
Data
→
Ownership
Voucher (OV)
SERVER
TRUST
FROM
FACTORY
CLIENT
TRUST
FROM
FACTORY
Zero Trust
Concept
in FDO
Verify Trust
4. Choosing the right FDO deployment model for
your application
FDO is very flexible. Several architectures are available.
Architectures are based on network configuration:
Single Cloud
Multi-Cloud
Closed Network
Cloud Service
Multi-Tenant Cloud
Service
X
In this presentation, we look at scenarios with
FDO deployments for different network configurations
5. Scenario 1: Onboarding devices with direct
internet access, single cloud/platform
Cloud 1
Devices
6. Scenario 1: Onboarding devices with direct
internet access, single cloud/platform
Customer Cloud
Manufacturer
Manufacturer Server
• Sets FDO device
credentials
• Creates FDO Ownership
Voucher
FDO Device
Initialize (DI)
FDO Device under
manufacture
RV
Cloud Controller (FDO
Owner)
• Receives Ownership Vouchers
• Runs FDO server to onboard
• Runs cloud services
Ownership Vouchers
for each device
TO2
Protocol
FSIM’s download
configs, code,
data, keys, etc.
Device is drop-shipped
to customer location.
Device access
via Internet
TO1
Protocol After onboard,
access cloud
services
Manufacturer sends OV for each
device to same customer cloud
7. Scenario 2: Onboarding devices with direct
internet access, multiple clouds
Cloud 1
US
Cloud 2
Asia
Clouds can be in
different geographies
Same type of
hardware is
deployed to
different Clouds
8. Scenario 2: Onboarding devices with
direct internet access, multiple clouds
Customer Cloud 2
RV
Manufacturer
Manufacturer Server
• Sets FDO device
credentials
• Creates FDO Ownership
Voucher
FDO Device
Initialize (DI)
FDO Device under
manufacture
TO2
Protocol
FSIM’s download
configs, code, data,
keys, etc.
Devices drop-shipped to
customer locations. After onboard,
access cloud
services
Customer Cloud 1
RV
TO1 TO2 FSIM’s
Cloud Controller
(FDO Owner)
Cloud Controller
(FDO Owner)
Orders for each device
include cloud address to
send OV
Order Processing
Orders specify where to send OV
(e.g., by geography, by ordering
company)
Ownership Vouchers for
each device determine
which cloud onboards
TO0
Protocol
9. Scenario 3: Onboarding devices: no direct internet access
(on-premises/Closed Network)
Customer Premise
10. Scenario 3: Onboarding devices without direct internet access
(on-premise/Closed Network)
Customer Premise
Manufacturer
Manufacturer Server
• Sets FDO device
credentials
• Creates FDO Ownership
Voucher
FDO Device
Initialize (DI)
FDO Device under
manufacture
RV
Cloud Controller (FDO
Owner)
• Receives Ownership Vouchers
• Runs FDO server to onboard
• Offers network services
Ownership Vouchers for
each device, sent to
customer
TO2
Protocol
FSIM’s
download
configs, code,
data, keys,
etc.
Device powers
on and
onboards using
FDO
Device is drop-shipped
to customer location.
Customer
Portal or
Email
Customer retrieves
Ownership Vouchers and
places them in FDO server
in closed network.
Manufacturer can send
Ownership Vouchers by
email instead of using a
portal.
After onboard,
access network
services
Customer distributes OV
12. Scenario 4: Onboarding devices – some with and some
without direct internet access
Roaming Devices
Manufacturer
Manufacturer
Server
• Sets FDO device
credentials
• Creates FDO
Ownership Voucher
FDO
Device
Initialize
(DI)
FDO Device under
manufacture
TO2
Protocol
FSIM’s download
configs, code,
data, keys, etc.
Device is drop-
shipped to customer
location.
Customer
Premise
RV
Shared FDO Owner
• Receives Ownership
Vouchers
• Runs FDO server to onboard
• Application servers
Ownership
Vouchers
TO2 FSIM’s
etc
TO1
Protocol
TO1
After onboard,
access intranet
services
13. Scenario 5: Onboarding devices with direct internet
access, single cloud/platform, multi-tenant
Cloud 1
Tenant 1
Tenant 2
Tenant 3
Customer 1
Customer 2
Customer 3
14. Scenario 5: Onboarding devices on internet,
single multi-tenant cloud
Multi-Tenant Host Cloud
Customer N
Premise
(= Tenant A)
Customer N
Infrastructur
e
Customer N
Infrastructur
e
Manufacturer
Manufacturer Server
• Sets FDO device credentials
• Creates FDO Ownership
Voucher
FDO Device
Initialize (DI)
FDO Device under
manufacture
Ownership Vouchers for each
device, labeled with Tenant ID
TO2
Protocol
FSIM’s download
configs, code, data,
keys, etc.
Device powers on
and onboards using
FDO. Device
connects to tenant
infrastructure within
Host Cloud
Device is drop-shipped to
customer location.
Orders with Tenant ID
Tenant A
Infrastructure
RV
Cloud Controller (FDO
Owner)
• Receives Ownership Vouchers
• Runs FDO server to onboard
TO1
Protocol
Tenants
Tenant
A
Tenant
B
Tenant
C
15. Scenario 6: Onboarding devices on internet and closed network,
single cloud/platform, Roaming customers and multi-tenant
Cloud 1
Tenant 1
Tenant 2
Tenant 3
Customer 1
Internet &
embedded cloud 2
Customer 2
Customer 3 (roaming)
Cloud 2
16. Scenario 6: Onboarding devices with internet access and Closed
Network, single cloud/platform, multi-tenant
Closed Network
Manufacturer
Manufacturer Server
• Sets FDO device
credentials
• Creates FDO
Ownership Voucher
FDO-DI
FDO Device under
manufacture
RV
Cloud Controller (FDO
Owner)
Services for all devices
Customer
Portal /
Email
FDO Protocols
Ownership Vouchers
Internet Multi-Tenant
Orders by Tenant ID
Ownership Vouchers with Tenant ID RV
Cloud Controller (FDO
Owner)
Tenant Servers
FDO Protocols
Tenant Services
Intranet + Roaming
RV
Cloud Controller (FDO
Owner)
Application Servers for
all users
FDO Protocols
Intranet + Roaming
FDO Protocols
Local Services
Intranet Services
17. Conclusion
Ownership Voucher allows FDO to implement Zero Trust
Many client configurations are supported by sending
Ownership Vouchers to servers using combinations of:
Single Cloud
Multi-Cloud
Closed Network
Cloud Service
Multi-Tenant Cloud Service
X