Abstract: Broadly speaking, the present techniques relate to a computer implemented method for establishing a secure communication session between a client device and a server, the method performed at the client device comprising: obtaining a security object comprising at least one security credential and server connection data for multiple connection options to a first server, wherein the security credential is to be used for each of the multiple connection options; generating, a first server security universal resource identifier (URI), the first Server Security URI comprising server contact information for the first server and a first security binding selected from the server connection data; communicating with the first server using the first Server Security URI and the at least one security credential to establish a secure communication session between the client device and the first server.

Abstract: The present techniques generally describe a machine-implemented method for configuring a retransmission timer, the method performed at the server including: receiving, from a client, a first handshake message as part of a first handshake with the client; deriving a retransmission parameter from the first handshake message; setting a first wait time of the retransmission timer based on or in response to the retransmission parameter.

Abstract: Broadly speaking, embodiments of the present technique provide methods, apparatuses and systems for operating a server in communication with a network-attachable electronic device, comprising: storing, in storage accessible by the server, a device registration and a registration lifetime value for the device; receiving at least one message from the device; analysing the message to derive a confidence modifier associated with a message type associated with that message; applying the derived confidence modifier to a calculation of a confidence score for the device; and responsive to the calculation, determining whether a stored registration lifetime value for the device is to be adjusted based upon the confidence score.

Abstract: Broadly speaking, embodiments of the present technique provide methods, apparatuses and systems for controlling device resource subscriptions by an LwM2M server, comprising receiving at said LwM2M server a registration request message from a LwM2M client device, the message comprising an enumeration of a plurality of subscribable elements of an object hierarchy of the device; storing, using the LwM2M server, an association between the device and the plurality of subscribable elements; and sending from the LwM2M server to the LwM2M client device a subscription message comprising a unitary compressed expression representing plural ones of said plurality of subscribable elements associated with said device.

Abstract: The present techniques generally describe a computer implemented method for establishing a secure communication session between a client device and a first server, the method performed by the client device comprising: obtaining, from a second server, credential data comprising a session identifier and cryptographic key data; performing a connection handshake with the first server to establish the secure communication session; creating a security state record defining one or more parameters used to establish the secure communication session, and associating the session identifier with the security state record; performing a first resumption handshake with the first server using the session identifier to re-establish the secure communication session.

Abstract: Broadly speaking, the present techniques relate to a computer implemented method comprising: receiving, at a first server, one or more device identifiers from a device; determining, with the first server, the availability of a resource template for the device based on or in response to the one or more device identifiers; when the resource template is available for the device: provisioning, from the first server to the device, a template identifier to enable the device to register with a second server using the template identifier.

Abstract: A method of provisioning a device to use a data service provided by a data service provider comprises maintaining a list of unique identifiers of devices to which a trusted certificate has been issued and receiving a data service request for a device. The request will include a unique identifier for the device and a certificate. In response to the data service request, the list of device unique identifiers is consulted in order to verify that the certificate contained in the data service request is a trusted certificate. If the certificate contained in the service request is a trusted certificate, the certificate may then be forwarded to the data service provider.

Abstract: Broadly speaking, the present techniques relate to a computer implemented method for establishing a secure communication session between a client device and a server resource.

Abstract: Broadly speaking, the present techniques relate to a computer implemented method for establishing a secure communication session between a client device and a server, the method performed at the client device comprising: obtaining a security object comprising at least one security credential and server connection data for multiple connection options to a first server, wherein the security credential is to be used for each of the multiple connection options; generating, a first server security universal resource identifier (URI), the first Server Security URI comprising server contact information for the first server and a first security binding selected from the server connection data; communicating with the first server using the first Server Security URI and the at least one security credential to establish a secure communication session between the client device and the first server.

Abstract: Broadly speaking, embodiments of the present technique provide methods, apparatuses and systems for operating a configuration server in communication with a client electronic device, comprising: receiving a handshake initiation message from the client electronic device specifying a registration at a specified server; receiving, from the client electronic device, a first enumeration of client features supported; responsive to detecting no stored client provisioning configuration for the client electronic device, retrieving, from the specified server, a second enumeration of server features supported; performing a comparison between the first and the second enumeration to detect a match between the client features supported and the server features supported; responsive to detecting a match, creating a client provisioning configuration; storing the client provisioning configuration in a configuration store; and sending a provisioning message comprising the client provisioning configuration to the client electron

Abstract: The present techniques generally describe a machine-implemented method for configuring a retransmission timer, the method performed at the server comprising: receiving, from a client, a first handshake message as part of a first handshake with the client; deriving a retransmission parameter from the first handshake message; setting a first wait time of the retransmission timer based on or in response to the retransmission parameter.

Abstract: A method implemented e.g. in a Lightweight Machine-to-Machine (LwM2M) server, comprises establishing a secure communication session with a client and transmitting an observation request to the client. The observation request identifies a first resource at the client, one or more criteria relating to the first resource to trigger a notification to be transmitted from the client to the server, and one or more resources at the client comprising at least one resource other than the first resource, the value of which is to be included in the notification.

Abstract: Broadly speaking, the present techniques relate to a computer implemented method for enabling template-based registration, the method performed by an intermediary apparatus in communication with a first device and a server, the method comprising: receiving, from the first device, a registration request comprising one or more device identifiers for the first device; determining the availability of template information for the first device based on or in response to the one or more device identifiers; when the template information for the first device is unavailable: generating template information for the first device; or requesting, from the server, the template information.

Abstract: Broadly speaking, embodiments of the present technique provide methods, apparatuses and systems for operating a server in communication with a network-attachable electronic device, comprising: storing, in storage accessible by the server, a device registration and a registration lifetime value for the device; receiving at least one message from the device; analysing the message to derive a confidence modifier associated with a message type associated with that message; applying the derived confidence modifier to a calculation of a confidence score for the device; and responsive to the calculation, determining whether a stored registration lifetime value for the device is to be adjusted based upon the confidence score.

Abstract: Broadly speaking, the present techniques relate to a machine-implemented method for registering a device with a server, the method performed at the device comprising: applying a data-reducing function to at least one object, object instance, resource and/or resource instance at the device to generate resource data comprising compressed data representative of the at least one object object instance, resource and/or resource instance; transmitting a registration message comprising said resource data to register said device with server.

Abstract: Broadly speaking, the present techniques relate to a computer implemented method comprising: receiving, at a first server, one or more device identifiers from a device; determining, with the first server, the availability of a resource template for the device based on or in response to the one or more device identifiers; when the resource template is available for the device: provisioning, from the first server to the device, a template identifier to enable the device to register with a second server using the template identifier.

Abstract: Broadly speaking, embodiments of the present technique provide methods, apparatuses and systems for controlling device resource subscriptions by an LwM2M server, comprising receiving at said LwM2M server a registration request message from a LwM2M client device, the message comprising an enumeration of a plurality of subscribable elements of an object hierarchy of the device; storing, using the LwM2M server, an association between the device and the plurality of subscribable elements; and sending from the LwM2M server to the LwM2M client device a subscription message comprising a unitary compressed expression representing plural ones of said plurality of subscribable elements associated with said device.

Abstract: A method of assigning tenancy to a device during bootstrapping between a device and a server in a network includes transmitting a device identifier to a bootstrap server. The method further includes receiving, at the device, a device server address to enable the device to register with the device server. The tenancy is assigned to the device with the device server address.

Abstract: A gateway apparatus for registering a device with a resource server, the GW apparatus comprising a GW server, the GW apparatus to: receive gateway credential data having a verifiable chain of trust to a root authority to authenticate with the resource server; receive, at the GW server, GW server credential data comprising a trust anchor to verify whether device credential data presented by the device has a chain of trust to the root authority and a GW server certificate comprising a verifiable chain of trust to the root authority; authenticate, at the GW server, the device using the GW server credential data; and in response to successful authentication of the device, register, using the GW server, the device with the resource server.

Abstract: A method of assigning tenancy to a device during bootstrapping between a device and a server in a network includes transmitting a device identifier to a bootstrap server. The method further includes receiving, at the device, a device server address to enable the device to register with the device server. The tenancy is assigned to the device with the device server address.