IoT Device Provisioning Methods

Following are various ways in which a WiFi IoT (Internet of Things) device can be provisioned to connect with home network (Access Point/Router) in a secure way:


  • Credentials like security mode and passphrase for WiFi network needs to be secured
  • Enterprise security in WiFi network is not covered here

Micro-AP with WPA/2 Security

IoT device with micro-AP and WPA2 security mode can serve the purpose along with web/mobile application to provision device.

Pin Based Method (OPEN or Ad-hoc Mode AP)

IoT device will have some manufacturing pin printed on it and then user needs to enter this pin during provisioning on web/mobile application after associating with micro-AP started on device. Based on this pin, a common shared symmetric key will be derived which will be used to encrypt network credentials for selected scanned network list presented from device.

HTTPS Server on Device (OPEN or Ad-hoc Mode AP)

IoT device will start HTTPS server (port 443) with self signed certificate (can be modified by authentic one by OEM) and web/mobile application after associating with micro-AP started on device will provision the device from scanned network list. Since entire session is secured using TLS, no additional security is required.

WPS Method

WPS push-button or pin method to associate device with home router and in turn WiFi network.

IoT Device Sniffer Mode

Some custom protocols to sniff data from multicast packets and/or patterns over wireless channel from mobile clients to get network credentials. E.g. TI’s Smart Config

Apple Wireless Accessory Configuration

Apple custom protocol to MFI Licensees only, requires additional Authentication Coprocessor chip.


  • Simultaneous provisioning of multiple devices
  • Mobile and/or client connectivity with home network
  • Ease-of-use for end-user
  • Security (Authenticity + Privacy) (Known vulnerabilities in WPS etc.)

Reference: TI’s White Paper

This entry was posted in Embedded, Technology and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s