November 4, 2021

How do you speed up the onboarding of thousands or millions of IoT devices for quicker time to value?

Device onboarding is the process of installing secrets and configuration data into a device, so it can connect and interact securely with an IoT platform. An IoT platform could range from an application on a user’s computer, phone or tablet, to an enterprise server, to a cloud service spanning multiple geographic regions. The device owner uses the IoT platform to manage the device by patching security vulnerabilities, installing or updating software, retrieving sensor data, interacting with actuators, and more.

So, how long does it typically take to manually onboard a device (gateway or a sensor) to a solution or to a platform? Assuming out-of-box to then streaming data to an IoT platform, is estimated to be 20 minutes per device!! Hence manual onboarding does not work out well for IoT at scale. Also consider other friction points such as high costs, need for additional resources and untrusted installer.

How will the organisations scale with their IoT deployments, in terms of volumes and velocity? Even the existing automated “Zero Touch” solution in the market are proprietary i.e either linked to a particular cloud service provider or silicon vendor, hence limiting in scope. The other challenge being the device-to-cloud binding decision happens at the point of manufacturing, so imagine the number of SKUs the manufacturer would carry in the inventory, resulting in high customisation costs & a complex supply chain.

The FIDO Device Onboard (FDO) standard solves all these challenges by bringing in simplicity, flexibility, and security to IoT device onboarding. The new protocol is expected to bring in this balance between user convenience and security to the IoT industry thus fostering IoT device secure deployment at a scale.


To lead these efforts the FIDO Alliance has formed the IoT Technical Working Group (IoT TWG) and using Intel SDO (Secure Device Onboard) as a base, developed use cases, target architectures and specifications covering:

  • IoT device attestation/authentication profiles to enable interoperability between service providers and IoT devices.
  • Automated onboarding, and binding of applications and/or users to IoT devices.
  • IoT device authentication and provisioning via smart routers and IoT hubs.

Specification were developed by leading Cloud Service Providers, Semiconductor companies and security companies. The way it works is that the IoT device maker installs the FDO software client along with a Root of Trust key, an ownership voucher and other FDO credential. The user that buys the device sends the ownership voucher to the preferred cloud platform and a rendezvous server receives the ownership voucher. When the device is powered on and connected, it identifies itself to the rendezvous server which matches it to the cloud platform. The device then contacts the cloud platform and provides its Root of Trust key and the cloud platform provides the ownership voucher creating a secure, encrypted channel between the two and then necessary credentials or software agents can be downloaded through the channel.

Main features of FIDO Device Onboard are:

  • Late binding – IoT device software and security customization happens at the end of the supply chain instead of point of manufacture.
  • Flexibility – as many credentials, data, updates as needed
  • FIDO IoT protocol will address trusted-and untrusted-installer
  • FIDO Device Onboard can be deployed in multiple operating environments which include a MCU with a hardware root of trust, or OS using keys securely stored in a TPM or a Secure Element.

FIDO Device Onboard provides numerous benefits:

  • Onboarding is fast & more secure ~1 minute
  • Zero touch onboarding – integrates readily with existing zero touch solutions
  • Can greatly lower onboarding costs
  • Late binding of device to cloud greatly reduces number of SKUs vs. other zero touch offerings. Results in one device SKU for “any” IOT platform.
  • Hardware flexibility – any hardware – from ARM MCU to Intel® Xeon® processors.
  • Any cloud – Internet & On-Premises.
  • Industry standard via FIDO Alliance – Open specification.

Use cases where FIDO IOT delivers maximum value

  • Industrial and Enterprise devices such as Gateways, servers, sensors, actuators, control systems, medical, etc.
  • Multi-ecosystem applications and services – not tied to specific cloud/platform framework.
  • Distributor sales – deliver from stock, specify binding info after sale to customer.

Having an industry onboarding specification with FIDO is a major step forward. However, mass deployment will require multiple companies in the supply chain (device manufacturers, semiconductor companies, cloud service providers, etc.) to create and deploy FDO compliant software and associated tools. To jump start this, the FIDO Alliance has made early versions of the FDO specification available publicly so that software development could take place within the Open Source community. LF-Edge SDO project with FDO 1.0 production code is now available on GitHub.

Device Authority is part of the IoT TWG and will be one of the first security platform provider to support & integrate the FIDO device onboarding (FDO) specification in our IoT security platform, KeyScaler.

Device Authority KeyScaler is the first device identity centric IAM to address the complex end-to-end challenges of IoT Security lifecycle management. KeyScaler has support for the FDO standard within the platform, that allows devices to securely enrol themselves and be provisioned with the security assets needed to do their job. Current and future customers will be able to leverage FDO in their IoT projects.

Later this year, FIDO is planning to launch FDO certification which covers Functional certification / interoperability testing & Security certification testing

In summary, FIDO Device Onboarding will enable businesses with replacing the current manual onboarding process with an automated, cost effective and highly secure industry solution, thus simplifying deployment of IoT at scale.

Find out more about FIDO Device Onboarding in this webcast with Intel from our Virtual IoT Security Summit.

Amit Rao