Director - IoT Architecture, WSO2

Building Smart, Connected Products with WSO2 IoT Platform

Sumedha Rubasinghe

Amazon Dash Button

Source : http://www.amazon.com

August Smart Lock

Source : https://www.pcmag.com/feature/345176/august-smart-lock-homekit-enabled/3

Source : https://www.propellerhealth.com/how-it-works/

Rebecca Minkoff, New YorkSource : https://www.fungglobalretailtech.com/research/deep-dive-iot-retail-digitalizing-brick-mortar-stores/

Rio Tinto Mining● 73 Self driving Komatsu Trucks● 1billion material transferred

Source : https://qz.com/874589/rio-tinto-is-using-self-driving-416-ton-trucks-to-haul-raw-materials-around-australia/

Smart, Connected Products are disrupting businesses.

Smart, Connected Products are disrupting adapting businesses.

*

Device Registration & Management

Integration

Security - Data

ScalabilityEvent Management

App/Firmware Management

Security – Device Access

App Developers

IoT Device

Admins

Purchase

Use Register

Device Owners

Develop AppsManufacture

Device Cloud

Use Monitor

Challenges in building connected products

*

Device Registration & Management

Integration

Security - Data

ScalabilityEvent Management

App/Firmware Management

Security – Device Access

App Developers

IoT Device

Admins

Purchase

Use Register

Device Owners

Develop AppsManufacture

Device Cloud

Use Monitor

Challenges in building connected products

*

Device Registration & Management

Integration

Security - Data

ScalabilityEvent Management

App/Firmware Management

Security – Device Access

App Developers

IoT Device

Admins

Purchase

Use Register

Device Owners

Develop AppsManufacture

Device Cloud

Use Monitor

Challenges in building connected products

*

Device Registration & Management

Integration

Security - Data

ScalabilityEvent Management

App/Firmware Management

Security – Device Access

App Developers

IoT Device

Admins

Purchase

Use Register

Device Owners

Develop AppsManufacture

Device Cloud

Use Monitor

Challenges in building connected products

High Level ArchitectureFor building smart,

connected products

Server side cloud Server side cloudServer side cloud

with edge computing

TCP / UDP

Ethernet WiFi MFC BluetoothLow Energy

MOTT-SN ZigBee MFC BluetoothLow Energy

MOTT-SN ZigBee

CommunicationGateway

CommunicationGateway

Edge Computing

Web / Portal Dashboard API Management

Event Processing and Analytics

Aggregation / Bus LayerESB and Message Broker

CommunicationsZigbee, BLE, MFC, MQTT-SN, MQTT, HTTP

Dev

ices

Man

ager

Iden

tity

& A

cces

s M

anag

emen

t

Reference Architecture for IoT

WSO2 IoT Platform

Device 1

Device 2

Device n

SDK

Device Binding

Hardware

SDK

Edge Computing Core

Communication

API

Applications

System

Device Management Plugins

Devices

System ApplicationsHTTP, MQTT, XMPP and Custom Transports

Aut

hent

icat

ion

and

Aut

horiz

atio

n

Analytics

Device Management Core Analytics Plugins

Devices AppsIoT Platform

WSO2 IoT Platform

Device 1

Device 2

Device n

SDK

Device Binding

Hardware

SDK

Edge Computing Core

Communication

API

Applications

System

Device Management Plugins

Devices

System ApplicationsHTTP, MQTT, XMPP and Custom Transports

Aut

hent

icat

ion

and

Aut

horiz

atio

n

Analytics

Device Management Core Analytics Plugins

Devices AppsIoT Platform

WSO2 IoT Platform

Device 1

Device 2

Device n

SDK

Device Binding

Hardware

SDK

Edge Computing Core

Communication

API

Applications

System

Device Management Plugins

Devices

System ApplicationsHTTP, MQTT, XMPP and Custom Transports

Aut

hent

icat

ion

and

Aut

horiz

atio

n

Analytics

Device Management Core Analytics Plugins

Devices AppsIoT Platform

WSO2 IoT Platform

Device 1

Device 2

Device n

SDK

Device Binding

Hardware

SDK

Edge Computing Core

Communication

API

Applications

System

Device Management Plugins

Devices

System ApplicationsHTTP, MQTT, XMPP and Custom Transports

Aut

hent

icat

ion

and

Aut

horiz

atio

n

Analytics

Device Management Core Analytics Plugins

Devices AppsIoT Platform

WSO2 IoT Platform

Device 1

Device 2

Device n

SDK

Device Binding

Hardware

SDK

Edge Computing Core

Communication

API

Applications

System

Device Management Plugins

Devices

System ApplicationsHTTP, MQTT, XMPP and Custom Transports

Aut

hent

icat

ion

and

Aut

horiz

atio

n

Analytics

Device Management Core Analytics Plugins

Devices AppsIoT Platform

WSO2 IoT Platform

Device 1

Device 2

Device n

SDK

Device Binding

Hardware

SDK

Edge Computing Core

Communication

API

Applications

System

Device Management Plugins

Devices

System ApplicationsHTTP, MQTT, XMPP and Custom Transports

Aut

hent

icat

ion

and

Aut

horiz

atio

n

Analytics

Device Management Core Analytics Plugins

Devices AppsIoT Platform

WSO2 IoT Platform

Device 1

Device 2

Device n

SDK

Device Binding

Hardware

SDK

Edge Computing Core

Communication

API

Applications

System

Device Management Plugins

Devices

System ApplicationsHTTP, MQTT, XMPP and Custom Transports

Aut

hent

icat

ion

and

Aut

horiz

atio

n

Analytics

Device Management Core Analytics Plugins

Devices AppsIoT Platform

WSO2 IoT Platform

Device 1

Device 2

Device n

SDK

Device Binding

Hardware

SDK

Edge Computing Core

Communication

API

Applications

System

Device Management Plugins

Devices

System ApplicationsHTTP, MQTT, XMPP and Custom Transports

Aut

hent

icat

ion

and

Aut

horiz

atio

n

Analytics

Device Management Core Analytics Plugins

Devices AppsIoT Platform

Building a connected lockerIt’s the journey that matters.

Source : http://www.worldofwanderlust.com/journey-matters-end/

Connected Locker - Solution Architecture

ESP8266 nodemcu

PCF 8574T Keypad driver

Relay module

DHT11 temperature sensor

Door sensor

IR sensor

Metal detector

Solenoid lock

Source https://www.postscapes.com/what-exactly-is-the-internet-of-things-infographic/

Source : https://www.postscapes.com/internet-of-things-protocols/

31NEXBOX A95XXBee on USB explorer

Arduino with XBee shield

Relay moduleDevice Gateway

Edge DevicesMix mode connectivity - XBee, Wifi

Connecting to IoT Platform

Device Management CoreEssential functionality for production grade IoT architectures.

Device Management Core

Device Management Core

Device Management

Device Type Management

Configuration Management

Policy Management

Operation Management User Management

Certificate Management

Application Management

Compliance Monitoring

Push Notification Management

APNS FCM

MQTT HTTP

Plugin Management

Common plugin for custom device

types

….

100% API driven IoT Platform Build your own experience with our managed REST APIs.

Device Management Core

WSO2 APIM Store in

IoTS

Device Management

Device Group Mgt

Policy Management

Certificate Mgt

User Management

Core APIs available in IoTS

WSO2 APIMPublisher in

IoTS

Publishing REST APIs

Device Mgt Portal

Subscribing to REST APIs through API Application

Accessing the APIs though various clients

Any other client app

Obtaining an OAuth2 token for API access

curl -k -X POST https://localhost:8243/api-application-registration/register -H 'authorization: Basic <Base64 encoded username:password>' -H 'content-type: application/json' -d '{ "applicationName":"device-management-app", "tags":["device_management"]}'

curl -k -d "grant_type=password&username=admin&password=admin&scope=perm:admin:device-type perm:device-types:events perm:device-types:events:view perm:device-types:types perm:devices:operations" -H "Authorization: Basic <Base64 encoded client credentials>" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token

Getting client credentials

Getting token for API access

1

32

Registering “locker” as a device type

curl -X POST http://localhost:8280/api/device-mgt/v1.0/admin/device-types -H 'authorization: Bearer <access token>' -H 'content-type: application/json' -d '{"name": "smart-lock","deviceTypeMetaDefinition": {"properties": ["lockId"],"features": [{"code": "lock_code", "name": "Set Lock Code for user", "description": "Set 4 digit lock code with comma separated username"},{"code": "Allow Open","name": "allow_open", "description": "Set true to allow open with code, false otherwise"}], "pushNotificationConfig": {"type": "MQTT", "scheduled": false}, "description": "this is a new remote control smart lock", "initialOperationConfig": {"operations": ["lock_code"]}}}'

Registering a new device type using APIs1

Device type is the extension point to introduce new type of devices to IoT platform.

{ "name":"smart-lock", "deviceTypeMetaDefinition":{ "properties":[ "lockId" ], "features":[ { "code":"lock_code", "name":"Set Lock Code", "description":"Set 4 digit lock code with comma separated username" }, { "code":"Allow Open", "name":"allow_open", "description":"Set true to allow open with code, false otherwise" } ], "pushNotificationConfig":{ "type":"MQTT", "scheduled":false }, "description":"this is a new remote control smart lock", "initialOperationConfig":{ "operations":[ "lock_code" ] } }}

{ "name":"smart-lock", "deviceTypeMetaDefinition":{ "properties":[ "lockId" ], "features":[ { "code":"lock_code", "name":"Set Lock Code", "description":"Set 4 digit lock code with comma separated username" }, { "code":"Allow Open", "name":"allow_open", "description":"Set true to allow open with code, false otherwise" } ], "pushNotificationConfig":{ "type":"MQTT", "scheduled":false }, "description":"this is a new remote control smart lock", "initialOperationConfig":{ "operations":[ "lock_code" ] } }}

Properties

{ "name":"smart-lock", "deviceTypeMetaDefinition":{ "properties":[ "lockId" ], "features":[ { "code":"lock_code", "name":"Set Lock Code", "description":"Set 4 digit lock code with comma separated username" }, { "code":"Allow Open", "name":"allow_open", "description":"Set true to allow open with code, false otherwise" } ], "pushNotificationConfig":{ "type":"MQTT", "scheduled":false }, "description":"this is a new remote control smart lock", "initialOperationConfig":{ "operations":[ "lock_code" ] } }}

Properties

Operations

{ "name":"smart-lock", "deviceTypeMetaDefinition":{ "properties":[ "lockId" ], "features":[ { "code":"lock_code", "name":"Set Lock Code", "description":"Set 4 digit lock code with comma separated username" }, { "code":"Allow Open", "name":"allow_open", "description":"Set true to allow open with code, false otherwise" } ], "pushNotificationConfig":{ "type":"MQTT", "scheduled":false }, "description":"this is a new remote control smart lock", "initialOperationConfig":{ "operations":[ "lock_code" ] } }}

Properties

Operations

Communication

Registering device type (‘locker’) via UIs

1

2

Registering an event stream from ‘locker’ 1

curl -X POST http://localhost:8280/api/device-mgt/v1.0/events/locker -H 'authorization: Bearer <access token>' -H 'content-type: application/json' -d '{"eventAttributes": {"attributes": [{"name": "locker_status","type": "String"}, "transport": "MQTT"}'

Device instance will be sending events to IoT platform. These event formats need to be registered.

Device Enrollment ProcessCapabilities of every device type is unique.

Device Provisioning Methodologies

Keys, Certs burnt to hardware

Device Provisioning Methodologies

Keys, Certs burnt to hardware Keys, Certs burnt to firmware

Device Provisioning Methodologies

Keys, Certs burnt to hardware Keys, Certs burnt to firmware

TPM (Trusted Platform Module) or UUID

Device Provisioning Methodologies

Keys, Certs burnt to hardware Keys, Certs burnt to firmware

TPM (Trusted Platform Module) or UUID User initiated

Device Provisioning Methodologies

Enrolling a locker instance 1

curl -X POST /api/device-mgt/v1.0/device/agent/enroll -H 'accept: application/json' -H 'authorization: Bearer <accessToken>' -H 'content-type: application/json' -d '{ "name": "devicename", "type": "locker", "description": "description", "deviceIdentifier": "1234", "enrolmentInfo": {"ownership": "BYOD", "status": "ACTIVE"} ,"properties": [{"name": "propertyName","value": "propertyValue"}]}'

Enrolling a locker instance

curl -X POST /api/device-mgt/v1.0/device/agent/enroll -H 'accept: application/json' -H 'authorization: Bearer <accessToken>' -H 'content-type: application/json' -d '{ "name": "devicename", "type": "locker", "description": "description", "deviceIdentifier": "1234", "enrolmentInfo": {"ownership": "BYOD", "status": "ACTIVE"} ,"properties": [{"name": "propertyName","value": "propertyValue"}]}'

API endpoint

Access token

Instance name

Instance id

Enrolling a locker instance (via App)

Pushing lock_code command to locker1

curl -X POST https://localhost:9443/api/device-mgt/v1.0/devices/locker/operations -H 'authorization: Bearer <accessToken>' -d '{ "deviceIdentifiers": ["1234"], "operation": {

"code": "lock_code", "type": "PROFILE", "status": "PENDING", "isEnabled": true, "payLoad": "1234,sumedha"

}}'

Pushing allow_open command to locker1

curl -X POST https://localhost:9443/api/device-mgt/v1.0/devices/locker/operations -H 'authorization: Bearer <accessToken>' -d '{ "deviceIdentifiers": ["1234"], "operation": {

"code": "allow_open", "type": "PROFILE", "status": "PENDING", "isEnabled": true, "payLoad": "true"

}}'

Publishing sensor data from locker - HTTP1

curl -k -X POST https://localhost:8243/api/device-mgt/v1.0/device/agent/events/publish/locker/1234

-H 'authorization: Bearer <accessToken>'

-H 'content-type: application/json'

-d '{"temperature":0.0,"humidity":0.0,"metal":false,"occupancy":false,"open":false,"attempt":"string"}'

Publishing sensor data from locker - MQTT1

MQTT Topic :carbon.super/locker/1234/events

Device Event Payload : {"temperature":0.0,"humidity":0.0,"metal":false,"occupancy":false,"open":false,"attempt":"string"

Data stream processingfor continuous in flow of close to real time data.

Data Stream Processing

Data Stream Processing● Lock usage anomaly detection

○ object inside, door open● Lock access detection● Temperature / Humidity changes● Identifying metal objects

Event Receivers Execution Plan Event PublishersEvent Sources

Input Stream

Input Stream

Output Stream

Output Stream

Batch Processing● Lock access statistics over a month

Event ReceiversEvent Sources

Input Stream

Input Stream

Event Store

Spark Script

Result Store

Console:Spark Query

Output Stream

Event Publishers

Data Stream Processing● Event Flow

Data sharing capabilitiesCollect, share, exchange

App details page

API Store

Built-in geo based functionalityEvery device is located somewhere.

• Devices can be moving / stationary

• Analytics on moving devices

– Real time location updates– Geo Fencing– Geo Tagging– Geo Messaging– Alerting

• Analytics on stationary devices

– Location Map– Geo location based groups

Location based services

Location based services

+

Location based services

Support for Edge / Fog computingPrivacy, latency, offline operations matters.

• Why?– Safeguard privacy– Reduce latency– Minimize bandwidth usage– Avoid connectivity issues

• A platform specific packaged offering of WSO2 Siddhi, e.g. – Edge Computing Engine for Android– Edge Computing Engine for Yocto Linux

• WSO2 Siddhi– Lightweight, easy-to-use open source CEP engine– https://github.com/wso2/siddhi

• Centralized distribution of rules and offline execution mode

Edge / Fog Computing

• Firebase Cloud Messaging (FCM) or local push notifications

• Auto enroll device with mutual SSL

• Integrate with Android system service apps (sign with vendor firmware signing key)

– Reboot, firmware upgrade, silent app install/update/remove

• Data containerization

• Android for work support

• Device ownership application via device owner APIs (for COPE)

Android-Based Device Management

wso2.com