OCF Secure IP Device Framework
The infrastructure that enables secure IP communication of the vertical defined application.
The OCF Secure IP Device Framework is an IoT framework for device discovery, on-boarding and application-layer security, for device-to-device and device-to-cloud connectivity. It can be used with any application layer, using your own data models. The OCF Secure IP Device Framework is published as a ISO/IEC standard, there is a compliant open source stack and a comprehensive certification program in place.
What does it solve:
The OCF Secure IP Device Framework enables vertical agnostic secure IP communication by means of a standardized framework. The open source implementation of the OCF Secure IP Device Framework is IoTivity, which is compliant to the OCF standards and is a verified implementation by means of the OCF certification program.
The OCF Secure IP Device Framework is compliant with most of the known security requirements documents.
Communication mechanisms covered by the OCF Secure IP Device Framework
IoT means interacting with the physical world, hence the physical device is important. This is also the most costly part to develop. The Secure IP Framework therefore is focusing on the code that is needed on the physical device. e.g. it covers:
- Device 2 Device communication
- Device 2 Cloud communication
OCF Secure IP Device Framework on the (Embedded) device
The Secure IP Device Framework has:
- a small footprint of code, for embedded devices and RTOS's
- small payloads, e.g. communication packages
- best in class security (including PKI), by using the latest technologies
- a base of widely accepted internet technologies, based on IETF RFCs
- a minimal required set of features
- a huge set of optional features that are already available for a vendor to use
- a design that allows vendors to concentrate on device function, not on the communication and security aspects
- an ISO/IEC content format, hence it is upgradable
- payloads that can be defined using any (existing) content type:
- For example: CBOR, JSON, XML
- CoAP, allowing the same communication paradigms as used on top of HTTP, but then with smaller communication packages
- The OCF Secure IP Framework architecture is restful, but the application is not limited to that paradigm
Secure IP Device Framework solution space
The OCF Secure IP Device Framework can handle payloads based on CoAP securely. Each Device will be onboarded into a secure domain. Only devices onboarded in the secure domain are allowed to talk to each other. On top of the secure domain, access controls are defined. The access control mechanisms are based per resource (URL) and Methods that are allowed on the resource. This gives a granular control of who is allowed to interact with which part of the functionality on the device. For example a guest is allowed to read the current temperature of the thermostat but not allowed to change the set point of the thermostat.
OCF Specifications that describe the OCF Secure IP Device Framework
The following OCF specifications are agnostic of the function of the device, e.g. vertical agnostic.
- Secure IP Device Framework
- Core Optional Framework (optional, depends on deployment scenario)
- Easy Setup (optional, depends on deployment scenario)
- Bridging (optional, the architecture only, depends on deployment scenario)
- Onboarding Tool
- Device to Cloud Services (optional, depending on deployment scenario)
- Cloud Security (optional, of course required when doing cloud)
- OCF Cloud API for Cloud Services (optional, depending on deployment scenario)