Intel Secure Device Onboard technology improves IoT deployments; secures managing devices and data


Intel launched on Tuesday Intel Secure Device Onboard (Intel SDO) technology that securely automates and brings IoT devices online within seconds rather than hours. Intel SDO is being offered to IoT platform providers as a service they can provide to customers who wish to onboard thousands of connected devices.

Intel SDO is an automated service that enables a device to be drop-shipped and powered on to dynamically provision to a customer’s IoT platform of choice in seconds. This zero-touch model simpli es the installer’s role and scales the number of devices that can be secured and automatically be deployed in production.

Intel SDO eliminates poor security practices, such as shipping default passwords, and delivers an innovative device privacy model for IoT. With a single imaging step for zero-touch onboarding, device makers can mass produce devices and leave con guration to Intel SDO.

The technology lets users break free from hard-coded or manual activation methods with dynamic discovery of the customer’s IoT platform for fast onboarding at power on. It eliminates passwords with Intel Enhanced Privacy ID (Intel EPID) to anonymously authenticate devices. Helps to prevent hackers from tracing the device from factory to owner, and streamlines distribution by digitally tracing ownership from manufacturer to customer, and provide a rendezvous point in the IoT platform where the owner can claim the device.

It also serves as an ecosystem accelerator that eliminates expensive customer con guration pre-loads with a zero-touch experience that differentiates the solution.

Intel SDO’s “zero touch” model allows devices to dynamically discover the customer’s IoT platform account at power-on for automatic registration. It offers a one-to-many, one-time enablement solution that can be integrated into almost any device or IoT platform, thereby eliminating the need to custom pre-load provisioning configurations for each IoT implementation.

The Intel SDO also leverages Intel’s privacy-preserving IoT identity solution, the Intel Enhanced Privacy ID (Intel EPID), to anonymously authenticate the device and establish an encrypted communication tunnel, thereby preventing hackers from tracing the device from factory to owner. Intel EPID establishes a best practice identity model for IoT onboarding and is a proven method with over 2.7 billion keys distributed in Intel and non-Intel MCU processors since 2008.

Intel has expanded the availability of Intel SDO across the IoT ecosystem. Other silicon providers like Infineon, Microchip and Cypress Semiconductor will embed the EPID identity capability in their hardware. Cloud service platform and device management software providers like Google Cloud, Amazon Web Services (AWS), Microsoft Azure and Intel’s Wind River Helix Device Cloud intend to provide integration to support Intel SDO’s zero touch model.

Intel SDO takes a new approach where Intel EPID, a TCG/ISO identity and authentication standard, is embedded in silicon before it is assembled into a device. The Intel SDO service leverages Intel EPID to cryptographically validate the device.

Unlike typical PKI based authentication methods, Intel SDO does not insert Intel into the authentication path. Intel brokers a “rendezvous URL” to the Intel SDO service, where Intel EPID technology opens a private authentication channel between the device and the customer’s IoT platform.

Intel EPID solves the privacy dilemma for IoT to ensure device onboarding and software provisioning updates are kept anonymous and more secure. Intel EPID establishes a best- practice identity model for IoT onboarding, and it is a proven method with over 2.7 billion keys distributed in Intel and non-Intel MCU processors since 2008.

Intel SDO is now integrated with Wind River Helix Device Cloud, its device lifecycle management platform that enables IoT devices to securely connect, monitor, manage and service devices. With the integration of Intel SDO, Wind River’s latest release of Device Cloud includes zero touch onboarding designed to mitigate the risk of security attacks to a device, ensure privacy and deliver automation that dramatically reduces installation and onboarding time to mere seconds, among other new features and capabilities.

Weatherford, an oil and gas services company, was part of the Intel SDO pilot program. The company wanted to pull data from existing controllers and install new wireless sensors through a gateway to the cloud to drive oil and gas insights.

By adopting the Intel SDO and Wind River’s Device Cloud, Weatherford was able to create a secure, scalable oilfield ecosystem from zero-touch onboarding to continual gateway management. It projects the sheer scale of the market for managed devices could reach 290,000 wells, representing 870,000 sensor data points and nearly 10,000 IoT gateways at a global level.

With these new offerings, Intel is at the forefront of developing critical solutions to deliver on the promise of IoT’s potential.

Leave a Reply

IoT Innovator

IoT Innovator