The document discusses the architecture and challenges of building smart, connected products using the WSO2 IoT platform, highlighting features such as device management, event processing, and integration with various communication protocols. It also outlines practical examples, including the implementation of a smart locker and the process of device enrollment, command execution, and data publishing. Additionally, it emphasizes the importance of analytics, edge computing, and privacy in device management and operation.

1. Director - IoT Architecture, WSO2
Building Smart, Connected Products
with WSO2 IoT Platform
Sumedha Rubasinghe

2. Amazon Dash Button
Source : http://www.amazon.com

3. August Smart Lock
Source : https://www.pcmag.com/feature/345176/august-smart-lock-homekit-enabled/3

4. Source : https://www.propellerhealth.com/how-it-works/

5. Rebecca Minkoff, New York
Source : https://www.fungglobalretailtech.com/research/deep-dive-iot-retail-digitalizing-brick-mortar-stores/

6. Rio Tinto Mining
● 73 Self driving Komatsu Trucks
● 1billion material transferred
Source : https://qz.com/874589/rio-tinto-is-using-self-driving-416-ton-trucks-to-haul-raw-materials-around-australia/

7. Smart, Connected Products
are disrupting businesses.

8. Smart, Connected Products
are disrupting adapting businesses.

9. *
Device Registration & Management
Integration
Security - Data
ScalabilityEvent Management
App/Firmware Management
Security – Device Access
App Developers
IoT Device
Admins
Purchase
Use Register
Device Owners
Develop AppsManufacture
Device Cloud
Use Monitor
Challenges in building connected products

10. *
Device Registration & Management
Integration
Security - Data
ScalabilityEvent Management
App/Firmware Management
Security – Device Access
App Developers
IoT Device
Admins
Purchase
Use Register
Device Owners
Develop AppsManufacture
Device Cloud
Use Monitor
Challenges in building connected products

11. *
Device Registration & Management
Integration
Security - Data
ScalabilityEvent Management
App/Firmware Management
Security – Device Access
App Developers
IoT Device
Admins
Purchase
Use Register
Device Owners
Develop AppsManufacture
Device Cloud
Use Monitor
Challenges in building connected products

12. *
Device Registration & Management
Integration
Security - Data
ScalabilityEvent Management
App/Firmware Management
Security – Device Access
App Developers
IoT Device
Admins
Purchase
Use Register
Device Owners
Develop AppsManufacture
Device Cloud
Use Monitor
Challenges in building connected products

13. High Level Architecture
For building smart,
connected products

14. Server side cloud Server side cloud
Server side cloud
with edge computing
TCP / UDP
Ethernet WiFi MFC Bluetooth
Low Energy
MOTT-SN ZigBee MFC Bluetooth
Low Energy
MOTT-SN ZigBee
Communication
Gateway
Communication
Gateway
Edge Computing

15. Web / Portal Dashboard API Management
Event Processing and Analytics
Aggregation / Bus Layer
ESB and Message Broker
Communications
Zigbee, BLE, MFC, MQTT-SN, MQTT, HTTP
DevicesManager
Identity&AccessManagement
Reference Architecture for IoT

16. WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System Applications
HTTP, MQTT, XMPP and Custom Transports
Authenticationand
Authorization
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform

17. WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System Applications
HTTP, MQTT, XMPP and Custom Transports
Authenticationand
Authorization
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform

18. WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System Applications
HTTP, MQTT, XMPP and Custom Transports
Authenticationand
Authorization
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform

19. WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System Applications
HTTP, MQTT, XMPP and Custom Transports
Authenticationand
Authorization
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform

20. WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System Applications
HTTP, MQTT, XMPP and Custom Transports
Authenticationand
Authorization
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform

21. WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System Applications
HTTP, MQTT, XMPP and Custom Transports
Authenticationand
Authorization
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform

22. WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System Applications
HTTP, MQTT, XMPP and Custom Transports
Authenticationand
Authorization
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform

23. WSO2 IoT Platform
Device 1
Device 2
Device n
SDK
Device Binding
Hardware
SDK
Edge Computing Core
Communication
API
Applications
System
Device Management Plugins
Devices
System Applications
HTTP, MQTT, XMPP and Custom Transports
Authenticationand
Authorization
Analytics
Device Management Core Analytics Plugins
Devices AppsIoT Platform

24. Building a connected locker
It’s the journey that matters.
Source : http://www.worldofwanderlust.com/journey-matters-end/

25. Connected Locker - Solution Architecture

27. ESP8266 nodemcu
PCF 8574T Keypad driver
Relay module
DHT11 temperature sensor
Door sensor
IR sensor
Metal detector
Solenoid lock

29. Source https://www.postscapes.com/what-exactly-is-the-internet-of-things-infographic/

30. Source : https://www.postscapes.com/internet-of-things-protocols/

31. 31NEXBOX A95X
XBee on USB explorer
Arduino with XBee shield
Relay module
Device Gateway
Edge Devices
Mix mode connectivity - XBee, Wifi

32. Connecting to IoT Platform

33. Device Management Core
Essential functionality for production grade IoT
architectures.

34. Device Management Core
Device Management Core
Device
Management
Device Type
Management
Configuration
Management
Policy
Management
Operation
Management
User Management
Certificate
Management
Application
Management
Compliance
Monitoring
Push
Notification
Management
APNS FCM
MQTT HTTP
Plugin
Management
Common plugin
for custom device
types
….

35. 100% API driven IoT Platform
Build your own experience with our managed REST APIs.

36. Device Management Core
WSO2 APIM
Store in
IoTS
Device Management
Device Group Mgt
Policy Management
Certificate Mgt
User Management
Core APIs available in IoTS
WSO2 APIM
Publisher in
IoTS
Publishing REST APIs
Device Mgt Portal
Subscribing to REST
APIs through API
Application
Accessing the APIs
though various clients
Any other client app

37. Obtaining an OAuth2 token for API access
curl -k -X POST https://localhost:8243/api-application-registration/register
-H 'authorization: Basic <Base64 encoded username:password>'
-H 'content-type: application/json'
-d '{ "applicationName":"device-management-app", "tags":["device_management"]}'
curl -k -d
"grant_type=password&username=admin&password=admin&scope=perm:admin:device-type
perm:device-types:events perm:device-types:events:view perm:device-types:types
perm:devices:operations"
-H "Authorization: Basic <Base64 encoded client credentials>"
-H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
Getting client credentials
Getting token for API access
1
3
2

38. Registering “locker” as a device type
curl -X POST http://localhost:8280/api/device-mgt/v1.0/admin/device-types
-H 'authorization: Bearer <access token>'
-H 'content-type: application/json'
-d '{"name": "smart-lock","deviceTypeMetaDefinition":
{"properties": ["lockId"],"features": [{"code": "lock_code", "name": "Set Lock Code for user",
"description": "Set 4 digit lock code with comma separated username"},{"code": "Allow
Open","name": "allow_open", "description": "Set true to allow open with code, false otherwise"}],
"pushNotificationConfig": {"type": "MQTT", "scheduled": false}, "description": "this is a new remote
control smart lock", "initialOperationConfig": {"operations": ["lock_code"]}}}'
Registering a new device type using APIs
1
Device type is the extension point to introduce new
type of devices to IoT platform.

39. {
"name":"smart-lock",
"deviceTypeMetaDefinition":{
"properties":[
"lockId"
],
"features":[
{
"code":"lock_code",
"name":"Set Lock Code",
"description":"Set 4 digit lock code with comma
separated username"
},
{
"code":"Allow Open",
"name":"allow_open",
"description":"Set true to allow open with code,
false otherwise"
}
],
"pushNotificationConfig":{
"type":"MQTT",
"scheduled":false
},
"description":"this is a new remote control smart
lock",
"initialOperationConfig":{
"operations":[
"lock_code"

40. {
"name":"smart-lock",
"deviceTypeMetaDefinition":{
"properties":[
"lockId"
],
"features":[
{
"code":"lock_code",
"name":"Set Lock Code",
"description":"Set 4 digit lock code with comma
separated username"
},
{
"code":"Allow Open",
"name":"allow_open",
"description":"Set true to allow open with code,
false otherwise"
}
],
"pushNotificationConfig":{
"type":"MQTT",
"scheduled":false
},
"description":"this is a new remote control smart
lock",
"initialOperationConfig":{
"operations":[
"lock_code"
Properties

41. {
"name":"smart-lock",
"deviceTypeMetaDefinition":{
"properties":[
"lockId"
],
"features":[
{
"code":"lock_code",
"name":"Set Lock Code",
"description":"Set 4 digit lock code with comma
separated username"
},
{
"code":"Allow Open",
"name":"allow_open",
"description":"Set true to allow open with code,
false otherwise"
}
],
"pushNotificationConfig":{
"type":"MQTT",
"scheduled":false
},
"description":"this is a new remote control smart
lock",
"initialOperationConfig":{
"operations":[
"lock_code"
Properties
Operations

42. {
"name":"smart-lock",
"deviceTypeMetaDefinition":{
"properties":[
"lockId"
],
"features":[
{
"code":"lock_code",
"name":"Set Lock Code",
"description":"Set 4 digit lock code with comma
separated username"
},
{
"code":"Allow Open",
"name":"allow_open",
"description":"Set true to allow open with code,
false otherwise"
}
],
"pushNotificationConfig":{
"type":"MQTT",
"scheduled":false
},
"description":"this is a new remote control smart
lock",
"initialOperationConfig":{
"operations":[
"lock_code"
Properties
Operations
Communication

43. Registering device type (‘locker’) via UIs
1
2

44. Registering an event stream from ‘locker’
1
curl -X POST http://localhost:8280/api/device-mgt/v1.0/events/locker
-H 'authorization: Bearer <access token>'
-H 'content-type: application/json'
-d '{"eventAttributes": {"attributes": [{"name": "locker_status","type": "String"}, "transport":
"MQTT"}'
Device instance will be sending events to IoT
platform. These event formats need to be
registered.

45. Device Enrollment Process
Capabilities of every device type is unique.

46. Device Provisioning Methodologies

47. Keys, Certs burnt to hardware
Device Provisioning Methodologies

48. Keys, Certs burnt to hardware Keys, Certs burnt to firmware
Device Provisioning Methodologies

49. Keys, Certs burnt to hardware Keys, Certs burnt to firmware
TPM (Trusted Platform Module)
or UUID
Device Provisioning Methodologies

50. Keys, Certs burnt to hardware Keys, Certs burnt to firmware
TPM (Trusted Platform Module)
or UUID
User initiated
Device Provisioning Methodologies

51. Enrolling a locker instance
1
curl -X POST /api/device-mgt/v1.0/device/agent/enroll
-H 'accept: application/json'
-H 'authorization: Bearer <accessToken>'
-H 'content-type: application/json'
-d '{
"name": "devicename", "type": "locker",
"description": "description",
"deviceIdentifier": "1234",
"enrolmentInfo": {"ownership": "BYOD", "status": "ACTIVE"} ,
"properties": [{"name": "propertyName","value": "propertyValue"
}]}'

52. Enrolling a locker instance
curl -X POST /api/device-mgt/v1.0/device/agent/enroll
-H 'accept: application/json'
-H 'authorization: Bearer <accessToken>'
-H 'content-type: application/json'
-d '{
"name": "devicename", "type": "locker",
"description": "description",
"deviceIdentifier": "1234",
"enrolmentInfo": {"ownership": "BYOD", "status": "ACTIVE"} ,
"properties": [{"name": "propertyName","value": "propertyValue"
}]}'
API endpoint
Access token
Instance name
Instance id

53. Enrolling a locker instance (via App)

54. Pushing lock_code command to locker
1
curl -X POST https://localhost:9443/api/device-mgt/v1.0/devices/locker/operations
-H 'authorization: Bearer <accessToken>'
-d '{
"deviceIdentifiers": ["1234"],
"operation": {
"code": "lock_code",
"type": "PROFILE",
"status": "PENDING",
"isEnabled": true,
"payLoad": "1234,sumedha"
}
}'

55. Pushing allow_open command to locker
1
curl -X POST https://localhost:9443/api/device-mgt/v1.0/devices/locker/operations
-H 'authorization: Bearer <accessToken>'
-d '{
"deviceIdentifiers": ["1234"],
"operation": {
"code": "allow_open",
"type": "PROFILE",
"status": "PENDING",
"isEnabled": true,
"payLoad": "true"
}
}'

56. Publishing sensor data from locker - HTTP
1
curl -k -X POST https://localhost:8243/api/device-mgt/v1.0/device/agent/events/publish/locker/1234
-H 'authorization: Bearer <accessToken>'
-H 'content-type: application/json'
-d '{"temperature":0.0,"humidity":0.0,"metal":false,"occupancy":false,"open":false,"attempt":"string"}'

57. Publishing sensor data from locker - MQTT
1
MQTT Topic :carbon.super/locker/1234/events
Device Event Payload :
{"temperature":0.0,"humidity":0.0,"metal":false,"occupancy":false,"open":false,"attempt":"string"

58. Data stream processing
for continuous in flow of close to real time data.

59. Data Stream Processing

60. Data Stream Processing
● Lock usage anomaly detection
○ object inside, door open
● Lock access detection
● Temperature / Humidity changes
● Identifying metal objects
Event Receivers Execution Plan
Event
Publishers
Event Sources
Input Stream
Input Stream
Output Stream
Output Stream

61. Batch Processing
● Lock access statistics over a month
Event
Receivers
Event Sources
Input Stream
Input Stream
Event
Store
Spark Script
Result
Store
Console:
Spark Query
Output
Stream
Event
Publishers

62. Data Stream Processing
● Event Flow

63. Data sharing capabilities
Collect, share, exchange

65. App details page

66. API Store

67. Built-in geo based functionality
Every device is located somewhere.

68. • Devices can be moving /
stationary
• Analytics on moving
devices
– Real time location updates
– Geo Fencing
– Geo Tagging
– Geo Messaging
– Alerting
• Analytics on stationary
devices
– Location Map
– Geo location based groups
Location based services

69. Location based services
+

70. Location based services

71. Support for Edge / Fog computing
Privacy, latency, offline operations matters.

72. • Why?
– Safeguard privacy
– Reduce latency
– Minimize bandwidth usage
– Avoid connectivity issues
• A platform specific packaged offering of WSO2 Siddhi, e.g.
– Edge Computing Engine for Android
– Edge Computing Engine for Yocto Linux
• WSO2 Siddhi
– Lightweight, easy-to-use open source CEP engine
– https://github.com/wso2/siddhi
• Centralized distribution of rules and offline execution mode
Edge / Fog Computing

73. • Firebase Cloud Messaging (FCM) or local push notifications
• Auto enroll device with mutual SSL
• Integrate with Android system service apps (sign with vendor
firmware signing key)
– Reboot, firmware upgrade, silent app install/update/remove
• Data containerization
• Android for work support
• Device ownership application via device owner APIs (for
COPE)
Android-Based Device Management

75. wso2.com