Abstract: The disclosed technology is generally directed to device authentication in an IoT environment. For example, such technology is usable in authenticating IoT devices to an IoT Hub. In one example of the technology, data field targets are received for an IoT device. The data field targets may include at least one device identity data field target and at least one telemetry data field target. Data field entries are received from the IoT device at a first time. The data field entries may include at least one device identity data field entry and at least one telemetry data field entry. A determination is made as to whether the data field entries match the corresponding data field targets for the IoT device. The IoT device is selectively allowed to connect to the IoT hub based on the determination.

Abstract: The disclosed technology is generally directed to device authentication in an IoT environment. For example, such technology is usable in authenticating IoT devices to an IoT Hub. In one example of the technology, data field targets are received for an IoT device. The data field targets may include at least one device identity data field target and at least one telemetry data field target. Data field entries are received from the IoT device at a first time. The data field entries may include at least one device identity data field entry and at least one telemetry data field entry. A determination is made as to whether the data field entries match the corresponding data field targets for the IoT device. The IoT device is selectively allowed to connect to the IoT hub based on the determination.

Abstract: The disclosed technology is generally directed to device authentication in an IoT environment. For example, such technology is usable in authenticating IoT devices to an IoT Hub. In one example of the technology, data field targets are received for an IoT device. The data field targets may include at least one device identity data field target and at least one telemetry data field target. Data field entries are received from the IoT device at a first time. The data field entries may include at least one device identity data field entry and at least one telemetry data field entry. A determination is made as to whether the data field entries match the corresponding data field targets for the IoT device. The IoT device is selectively allowed to connect to the IoT hub based on the determination.

Abstract: The disclosed technology is generally directed to data corroboration, e.g., in IoT systems. In one example of the technology, receiving a first set of data over time from a first external device. A plausibility of the first set of data is determined based upon behavioral pattern matching. The first set of data is selectively authorizing as valid based at least upon the plausibility determination.

Abstract: The disclosed technology is generally directed to data corroboration, e.g., in IoT systems. In one example of the technology, receiving a first set of data over time from a first external device. A plausibility of the first set of data is determined based upon behavioral pattern matching. A second set of data is received from at least a second external device that is separate from the first external device. Whether the second data of data corroborates the first set of data is determined. The first set of data is selectively authorizing as valid based at least upon the plausibility determination and the corroboration determination.

Abstract: The disclosed technology is generally directed to device security in an IoT environment. In one example of the technology, a set of security rules is stored. The set of security rules includes a set of reference signals. Telemetry data is received over time from an external device. A determination is made, based on the received telemetry data, as to whether the set of security rules has been violated. The determination includes behavioral pattern matching between the received telemetry data and at least one reference signal of the set of reference signals. The received telemetry data is selectively authorized as valid based on the determination.

Abstract: The disclosed technology is generally directed to device authentication in an IoT environment. For example, such technology is usable in authenticating IoT devices to an IoT Hub. In one example of the technology, data field targets are received for an IoT device. The data field targets may include at least one device identity data field target and at least one telemetry data field target. Data field entries are received from the IoT device at a first time. The data field entries may include at least one device identity data field entry and at least one telemetry data field entry. A determination is made as to whether the data field entries match the corresponding data field targets for the IoT device. The IoT device is selectively allowed to connect to the IoT hub based on the determination.

Abstract: A system and method for providing services to multiple tenants. A system provides a gateway that acts as an intermediary between the tenants and multiple subsystems that provide resources. A management gateway handles requests to manage resources. A runtime gateway handles requests to perform operations related to the resources. A set of protocol handlers isolates the subsystems from protocols used by the tenants. A pipeline of components provides processing, such as authorization, of requests from tenants. Identification of resources is performed using a mechanism that enables multiple namespaces, which may be designated by tenants.

Abstract: A system and method for providing services to multiple tenants. A system provides a gateway that acts as an intermediary between the tenants and multiple subsystems that provide resources. A management gateway handles requests to manage resources. A runtime gateway handles requests to perform operations related to the resources. A set of protocol handlers isolates the subsystems from protocols used by the tenants. A pipeline of components provides processing, such as authorization, of requests from tenants. Identification of resources is performed using a mechanism that enables multiple namespaces, which may be designated by tenants.