Secure device to cloud invocations

Below diagram provides an overview of the steps involved in securely invoking the REST API on the reference cloud from the device. As an example in the reference cloud implementation provide support to securely post device notifications to the cloud endpoint and eventually to a reference mobile app.

../_images/device-cloud-invocation.jpg

  • Secure Connection Establishment: The device establishes a secure, persistent connection with the reference cloud using mTLS.

  • JWT Token Provisioning: Upon connection, the cloud computes and provides a signed JWT token to the device.

  • Notification Posting: The device uses this secure short lived token to authenticate its connection to the cloud. In the reference cloud setup, the device employs the signed JWT token to securely post real-time notifications to the cloud, which are then forwarded to the client via a CSP specific push notification service.

  • Customizability: The setup is highly customizable, allowing the device to securely post notifications or invoke REST APIs to any HTTPS endpoint.