Security and interoperability are cornerstones of the OCF Core Framework, which offers a standardized solution to ensure interoperable, reliable, and secure IoT connectivity. To create a genuine smart home or smart building environment, a secure and interoperable IoT is crucial, because devices must interoperate together securely, regardless of vendors, network types, or ecosystems. End users of standardized IoT devices benefit because their data is secure and their products seamlessly communicate with one another, while manufacturers benefit from consumer confidence that devices will interoperate securely. OCF technology is bringing us one step closer to achieving a truly secure and interoperable IoT – and with OCF Certified devices already on the market, OCF has proven to be a mature technology supported by some of the largest technology companies in the world.
In a recent white paper, we outlined “the four legs of secure interoperable IoT” and how the OCF Core Framework offers best-in-class security using the latest technologies and proven standards. Read on to learn how OCF provides a holistic IoT solution with the four legs – specification, certification, implementation, and cloud innovation – together with a security-first approach.
Leg 1: Well-defined, clear specification with a common resource model crated and vetted by industry experts
OCF architecture applies cybersecurity best practices to IoT devices, including the A.I.C. Triad Availability, Integrity, Confidentiality) and A.A.A. Triple (Authorization, Access Control, and Auditing). In addition, the OCF specification has been mapped to the leading IoT security baseline standards from NIST, ETSI, ENISA and CTA. Each baseline requirement is matched to a specific clause within the OCF specification. These mappings are published on the OCF website security section and stand as a testament to the comprehensive security built into the OCF framework.
The OCF Core Framework offers the best-in-class security of the OCF architecture – including device identity, authentication, provisioning, establishing network credentials, authorization, and access control. With the Core Framework, each device is onboarded into a secure domain, and only devices onboarded in the secure domain are allowed to talk to each other. On top of the secure domain, access controls are defined, providing granular control of who is allowed to interact with which part of the functionality on the device.
Leg 2: Rigorous testing and certification strategy that is global in scope
The OCF Certification Program is global in scope and includes conformance testing to ensure robust and secure connectivity and help manufacturers create products that “just work” with other OCF Certified IoT devices, regardless of their form factors, operating systems, service providers or transports. To pass certification, each device must pass a comprehensive, automated, test suite that proves it will work with other OCF certified devices and that it meets the specification’s normative security requirements.
Leg 3: Reference architecture implemented in code that matched the specification, conforms to certification, and provides an example for implementation
This technology is available to the open-source developer community to accelerate the development of secure, interoperable IoT devices. The OCF Developer Program consists of IoTivity and IoTivity Lite, the open-source reference architecture of the OCF Core Framework. The OCF Developer Program provides the resources and solutions to get you started with IoT development using IoTivity APIs. In addition to IoTivity, OCF offers plgd, the open source reference implementation of the OCF Universal Cloud Interface (see below for details). Plgd includes all components to create the OCF Cloud Infrastructure, including the Cloud component of the Device to Cloud Services and OCF Cloud API for Cloud Services specifications.
Leg 4: Innovative and secure cloud
With the addition of the OCF Universal Cloud Interface (UCI), OCF now offers Device-to-Device (D2D), Device-to-Cloud (D2C) and Cloud-to-Cloud (C2C) connectivity. OCF UCI is an Application Programming Interface (API) that offers a standardized way for device manufacturers to securely connect their clouds, making OCF technology a complete connectivity solution. OCF C2C interfaces enable immediate connections between existing clouds from different manufacturers, with no need for device modification or updates. The OCF UCI is included in the OCF 2.2.2 Specification Release, available here.
Security and interoperability of IoT devices is an immediate industry concern, and the OCF Core Framework meets all the requirements to provide a secure and interoperable IoT. Interested in learning more? Read the OCF Core Framework overview page and download the latest OCF specification.