Intel, Arm To Help Create New IoT Standard For Device Onboarding

Intel is working with rival Arm to create a new industry standard for an important issue in the Internet of Things market: making sure that devices are properly configured and connected to the cloud. From a report: The Santa Clara, Calif.-based chipmaker announced on Wednesday that the company is a founding member of the new IoT Technical Working Group within the FIDO Alliance, an industry consortium founded by PayPal, Lenovo and others in 2012 to develop standards for password-less authentication. The goal of FIDO's IoT Technical Working Group, which will also include experts from Microsoft, Google and Amazon, is to create a standard specification for "large-scale IoT onboarding," the process in which devices are configured and connected to IoT cloud management services at the time of installation. Lorie Wigle, the executive in charge of Intel's platform security efforts, told CRN that it is important to create a standard around IoT onboarding because many companies currently face challenges with the practice when it comes to handling large-scale deployments and security. [...] Once FIDO develops the standard, market forces will compel companies to adhere and participate, according to Wigle, who said it will also increase device variety, lower costs and accelerate deployments.

Where's Apple in this group?

[SuperKendall]

While it's nice that such a group exists, I have to wonder why Apple is not a member - Apple very much makes things that also connect to networks.

Re:

[Darinbob]

I believe that's spelled "idIoT".

Re:

[tlhIngan]

While it's nice that such a group exists, I have to wonder why Apple is not a member - Apple very much makes things that also connect to networks.

Probably because this group wants cloud based systems to do it. Apple's doing a very good job pretending to be all about privacy, so they won't be interested in such things - first off, HomeKit devices are generally local only - they're not allowed Internet access for various reasons. (Apple does do security scans for approved devices - probably not much more than

Re:

[DamnOregonian]

first off, HomeKit devices are generally local only

Nope.

I believe you need either a Mac or an AppleTV if you want to have HomeKit accessible over the Internet so they can be the gateway.

Or an iPad. But this is only for the HomeKit external access. The device can have its own kind of external access (and often do)

Re:

[DamnOregonian]

Perhaps because Apple has zero interest in devices connecting to anything other than the iDevices in your home? (HomeKit)
That's my guess.

Re:Where's Apple in this group?

[Ross Finlayson]

"Finlayson's Law of Industry Consortia": To understand the real purpose of an 'industry consortium', note which prominent member of the industry is *not* a member.

Re:

[Tough Love]

Nobody wants Apple in a standards group after they tried to blow off Vulkan.

The offboarding standard is more important

[xack]

We don’t need it to be too easy to connect botnet nodes. Offline by default should be the standard.

Re:

[Anonymous Coward]

I'm not sure offline by default is enough. Not to take away from your point, because I agree with you.

I guess what I mean, is regardless of how things are configured by default, everything should be open, transparent and a little more local than "cloud".

If setting up some sort of automation for your home or business, you should be able to have them route only with one another, you should know how and when things get turned on and are activated, you should be able to update and maintain both the hardware an

Re:

[Rick Schumann]

You screwed it up. It should be 'Special Helper for Internet Technology', or SHIT for short.

No!

[Anonymous Coward]

Connected to the cloud is part of the problem! Inaccessible by other networks is how it should be. LAN of Things not Internet of Things.

Re:

[ShanghaiBill]

Inaccessible by other networks is how it should be. LAN of Things not Internet of Things.

Then how do I control my refrigerator settings from my cellphone?

Re:

[DeVilla]

The same way I'll control your refrigerator settings from my cell phone.

Re:

[Aighearach]

But they made up a new word to describe it, doesn't that mean you'll stop hating it??

So connect insecure crap to insecure crap?

[gweihir]

That will go well...

Re:

[dAzED1]

part of the insecurity is a lack of robust methods for...securely communicating. Without knowing who you're talking to, there's no reason to be secure.

Re:

[skids]

Ironically given the general security nightmare of cloud gadgets, full TNC [strongswan.org] stacks were abandoned by pretty much everyone but certain IoT endeavors.

Let me say this real slow

[rtkluttz]

If you are having to ask another entity to authenticate your device, it isn't secure. Cloud apps are fine. Cloud apps you don't control are not. Cloud doesn't have to mean outsourced to someone else.

Re:

[PolygamousRanchKid]

If you are having to ask another entity to authenticate your device, it isn't secure.

It's not supposed to be secure . . .

Only collect data which Intel and ARM can sell . . .

Re:

[gtall]

You don't really understand ARM's business, do you?

'Configuring'

[Rick Schumann]

My preferred tool for 'configuring' IoT devices is a waffle-faced framing hammer.

Re:

[DamnOregonian]

No, it's most definitely Arm.
This is why you should know what the fuck you're talking about before you call someone names, lest you look like... well, an idiot.

Re:

[Aighearach]

If you're getting your underpants bunched up over capitalization... you're not an embedded programmer!

You're lucky if you have 24 or 25 letters, and if you didn't have to convert to BCD you should be grateful.

Re:

[angel'o'sphere]

I'm really happy, I have 26 chars when I write german and about 59 or 77 when I write Thai, depending how you count :P

Re:

[Aighearach]

I'm still trying to find a Thai font that can fit in 12pt without losing anything. Right now we're basically just using graphics and hand-drawing the pixels because it all has to be squashed together in a different way for each word because of the super/sub script.

At first it seems easy, Chinese fits in 12pt, and Thai symbols are simpler. But the superscript and subscript just blows that idea up.

Re:

[angel'o'sphere]

Thai fonts on iOS and Macs are a mess.
On Android they seem to work fine, or lets say: my GFs android phone and windows system has big enough looking texts ... I know it is in principle possible to increase Mac fonts in relative size, but did not figure so far how to do it exactly.

"market forces will compel companies..."

[dAzED1]

Ha ha ha ha ha. That's cute. How about no, fark you, gov forces should compel you to stop making horribly insecure products that invade privacy without informing the consumers. "market forces" don't do anything other than invade privacy even more.

Re:

[Tough Love]

Without Apple on board, too the fuck bad for Apple.

Resist

[ceoyoyo]

First they verbed the nouns and I rolled my eyes but said nothing. Then they verbed the adjectives and I threw up a little in my mouth but said nothing.

At least my spell check is advanced enough to reject "verbed."

Re:

[Aighearach]

You can also noun the verbs in English, Spanky.

Re:

[ceoyoyo]

To be fair, you have to modify them first, and they really only work as proper nouns, Sparky.

Re:

[Opportunist]

You're not supposed to say that, that's not marketable. Same reason the ads for Actimel/DanActive talk a lot about L. casei immunitas (which is about as much a bullshit term as "the cloud") but don't tell you the L is for Lactobacillus, and they also don't talk about the Streptococcus salivarius that's also found in the gunk. Some bacillus and streptococcus ain't what you want to drink, right?

And connecting to "the cloud" also sounds a lot more friendly than having the device you bought and paid for connect

Re:

[Opportunist]

Then it won't work and at the same time you voided your warranty. As the manufacturer, I wouldn't mind, after all, you paid for it and you won't bring it back, so it's all good.

Required XKCD

[Durrik]

https://xkcd.com/927/

I already know of different standards from Amazon, Google and Microsoft for their IoT cloud.

Re:

[Aighearach]

There is nothing insightful about pointing at individual companies calling their preferred system a "standard." That's not what a standard is.

If ARM is involved in a standard, that is big news because it might really be an actual standard. Most of these devices are programmed using CMSIS (Cortex Microcontroller Software Interface Standard) compatible libraries which largely standardize the common interfaces. If this ends up being part of that ecosystem it will take over and most of the companies you list wi

Re:

[ItsJustAPseudonym]

That's not what a standard is.

Yes, that was the insightful point of the XKCD comic.

Re:

[Aighearach]

lol never heard that before

Surely it was actually about a programming truism based in human nature?!?!

Re:

[Cid Highwind]

Also relevant to IoT/cloud stories: https://xkcd.com/2166/ [xkcd.com]

Re:

[Opportunist]

Watch? Since they control the brush they'll want to know how long you do it, whether you reach every tooth and how much your gums are bleeding in the process.

The only standard IoT needs right now

[Opportunist]

is a security standard. A mandated security standard. With crap not meeting it being disallowed from being sold.

And with that security standard NOT being defined by companies that have an interest of it being weak enough that it could just as well not exist at all.

'til we have that, don't bother waking me.