Securely accessing IoT devices
Secure device access (SDA) enables you to give specific users who may belong to a different organization, such as service technicians, permissions to access and control your deployed IoT devices. Authorized service technicians can connect to IoT devices using the SDA technician application after they receive authorization from Device Management.
You can use access policies to give each group of users or API keys different levels of access to an IoT device. For example, as the device owner, you may have a different level of access to the service company technician or the original equipment manufacturer (OEM) technician. You can set these permissions in Device Management and update them as required, ensuring the security of your IoT devices and protecting them from unauthorized access or from authorized users accidentally changing settings they should not.
Device Management supports policy-based access to devices when the device is offline or online, enabling you to achieve a higher level of operational security.
The Secure Device Access feature is available only for commercial accounts; contact Device Management support for access.
A secure device access use case
Using SDA, you can give authorized service engineers access to heating, ventilation and air conditioning (HVAC) systems that require maintenance. You can also allow the OEM equipment service engineers to perform specific tasks, such as a firmware upgrade, which the service technician may not be able to perform.
If one of your HVAC systems needs maintenance, you call the service company, which sends out a technician. Onsite, the service technician can access and reconfigure the HVAC system, consistent with the permissions you have set up. The service technician uses the SDA technician application, which the HVAC manufacturer provides, to configure the HVAC. The HVAC controller validates that the technician has been given authorization to perform this change.
The IoT devices (HVAC controllers) can be assigned to a Device Management account during factory provisioning.
How to enable SDA
Enabling SDA on IoT devices requires:
- The device manufacturer to incorporate SDA components into the device development and manufacturing process and develop the SDA technician application, as described in Manufacturing an IoT device with SDA.
- The device owner to set up the authorized users and operations for the IoT device in Device Management Portal, as described in Managing access.
SDA reference implementation
We provide a reference implementation for an Android phone or tablet, which connects to an IoT device (FRDM-K64F) over a serial interface. The implementation includes both the SDA technician application and the IoT application.
For more information, see the SDA demo tutorial.