Zero Touch provisioning is an automatic and secure way to onboard devices in any IoT cloud platform that uses X.509 authentication technology.
Zero Touch Provisioning (ZTP) supports X. 509 standard as the format of public-key certificates and so any platform supporting it, is compatible with this service. Amazon Web Services (AWS), Microsoft Azure and Alibaba cloud are some example platforms fully supported by ZTP.
The solution provides an out-of-the-box, simple and cost effective way to provision over-the air and securely digital certificates and private key in the device, thus significantly minimizing the operational burden and simplifying the supply chain and connection to the IoT platform.
Zero Touch Provisioning feature includes also the availability of several trusted Root CA certificates to support all you use cases.
Following are the steps in ZTP cloud onboarding procedure:
In this section we will go to details and explain these steps with more details.
IoT platform registration
This step has the goal to register in the IoT platform the Root CA certificate used to sign all the device certificates. The registration is a prerequisite to automate the onboarding of the device in the IoT platform, avoiding the need to create each single device manually and attach the digital certificate to it.
The operation take place only once for the entire set of devices that use the same RooT CA certificate. When uploading the Root CA certificate in the IoT platform to enable automatic onboarding, you will be provided with a registration code to prove the possession of corresponding private key. This code will be used to generate a Proof of Possession (PoP) certificate signed with the private key. In the diagrams bellow AWS is mentioned as the example of a platform supporting X.509 standard. PoP certificate generation is fully automated.
Please note that ISEP and CSP are two components of u-blox Thingstream platforms.