Abstract: Techniques for dynamically generating a trust level for an IoT device are described. A plurality of characteristics for a first device of a first device type are analyzed against a set of expected characteristics of the first device type. Embodiments monitor runtime behavior of the first device over a window of time to collect runtime behavior data and analyze the runtime behavior data for the first device to determine whether the device is operating in a manner consistent with the first device type. Upon determining that the analyzed plurality of characteristics is consistent with the set of expected characteristics and that the first device is operating in a manner consistent with the first device type, embodiments generate a security profile for the first device designating the first device as a trusted device.

Abstract: Techniques for configuring a device with a security context using a security context distribution service are provided. One embodiment receives, from a first device operating on a first network, a request for a security context for the first device, where the request includes a public certificate for the first device. The request is decrypted, and the public certificate is validated. A set of device requirements are determined based on a unique identifier for the first device and device claim information associated with the first device. Embodiments generate a response message that contains at least one Transport Layer Security (TLS) certificate associated with the first network, based on the set of device requirements, where the response message is encrypted using a public key associated with the first device. The response is message is transmitted to the first device.

Abstract: Techniques are described for managing licenses of Internet of Things devices. One embodiment includes receiving, at a network management system, a request to allocate a license to a first endpoint device. Real-time device metadata and state data for the first endpoint device are accessed. Embodiments select a license instance, from a plurality of license instances, to allocate to the first endpoint device, based at least in part on the real-time device metadata and state data for the first endpoint device. The selected license instance is assigned to the first endpoint device and at least an indication that a valid license has been assigned to the first endpoint device is transmitted to the first endpoint device.

Abstract: Techniques for providing a distributed standards registry are provided. A DSR system may include a plurality of distributed standards registry participants that are collectively configured to provide control logic for the distributed standards registry using a consensus voting mechanism to make control decisions. The DSR system includes include a distributed ontology model library maintained on the plurality of distributed standards registry participants and storing a plurality of ontology models, and a distributed federation broker registry maintained across the plurality of distributed standards registry participants.

Abstract: Techniques are described for managing licenses of Internet of Things devices. One embodiment includes receiving, at a network management system, a request to allocate a license to a first endpoint device. Real-time device metadata and state data for the first endpoint device are accessed. Embodiments select a license instance, from a plurality of license instances, to allocate to the first endpoint device, based at least in part on the real-time device metadata and state data for the first endpoint device. The selected license instance is assigned to the first endpoint device and at least an indication that a valid license has been assigned to the first endpoint device is transmitted to the first endpoint device.

Abstract: Techniques are described for managing licenses of Internet of Things devices. One embodiment includes receiving, at a network management system, a request to allocate a license to a first endpoint device. Real-time device metadata and state data for the first endpoint device are accessed. Embodiments select a license instance, from a plurality of license instances, to allocate to the first endpoint device, based at least in part on the real-time device metadata and state data for the first endpoint device. The selected license instance is assigned to the first endpoint device and at least an indication that a valid license has been assigned to the first endpoint device is transmitted to the first endpoint device.

Abstract: Techniques are described for securely routing data with an Internet of Things environment. A data orchestrator receives a plurality of data values collected by the endpoint device from an endpoint device and determines an identifier that uniquely identifies the endpoint device. The data orchestrator accesses one or more routing tables using the determined identifier and device type data corresponding to the plurality of data values to determine one or more data consumers to route the plurality of data values to. The one or more routing tables were dynamically generated based on at least one of (i) device claim information relating to the endpoint device, (ii) license data relating to the one or more data consumers, and (iii) user information associated with the one or more data consumers. The data orchestrator transmits at least a portion of the plurality of data values to the determined one or more data consumers.

Abstract: Techniques for providing a distributed standards registry are provided. A DSR system may include a plurality of distributed standards registry participants that are collectively configured to provide control logic for the distributed standards registry using a consensus voting mechanism to make control decisions. The DSR system includes include a distributed ontology model library maintained on the plurality of distributed standards registry participants and storing a plurality of ontology models, and a distributed federation broker registry maintained across the plurality of distributed standards registry participants.

Abstract: Techniques for dynamically generating a trust level for an IoT device are described. A plurality of characteristics for a first device of a first device type are analyzed against a set of expected characteristics of the first device type. Embodiments monitor runtime behavior of the first device over a window of time to collect runtime behavior data and analyze the runtime behavior data for the first device to determine whether the device is operating in a manner consistent with the first device type. Upon determining that the analyzed plurality of characteristics is consistent with the set of expected characteristics and that the first device is operating in a manner consistent with the first device type, embodiments generate a security profile for the first device designating the first device as a trusted device.

Abstract: Techniques for providing a distributed standards registry are provided. A DSR system may include a plurality of distributed standards registry participants that are collectively configured to provide control logic for the distributed standards registry using a consensus voting mechanism to make control decisions. The DSR system includes include a distributed ontology model library maintained on the plurality of distributed standards registry participants and storing a plurality of ontology models, and a distributed federation broker registry maintained across the plurality of distributed standards registry participants.

Abstract: Techniques are described for managing licenses of Internet of Things devices. One embodiment includes receiving, at a network management system, a request to allocate a license to a first endpoint device. Real-time device metadata and state data for the first endpoint device are accessed. Embodiments select a license instance, from a plurality of license instances, to allocate to the first endpoint device, based at least in part on the real-time device metadata and state data for the first endpoint device. The selected license instance is assigned to the first endpoint device and at least an indication that a valid license has been assigned to the first endpoint device is transmitted to the first endpoint device.

Abstract: Techniques for configuring a device with a security context using a security context distribution service are provided. One embodiment receives, from a first device operating on a first network, a request for a security context for the first device, where the request includes a public certificate for the first device. The request is decrypted, and the public certificate is validated. A set of device requirements are determined based on a unique identifier for the first device and device claim information associated with the first device. Embodiments generate a response message that contains at least one Transport Layer Security (TLS) certificate associated with the first network, based on the set of device requirements, where the response message is encrypted using a public key associated with the first device. The response is message is transmitted to the first device.

Abstract: Embodiments provide techniques for dynamically linking device data models and asset data models. A first data model link between a first one or more asset data model components of an asset data model and a first one or more device data model components of a device data model is dynamically updated. The device data model is processed to determine normalized data relationship paths utilized by an inference engine to populate a device element data set. Embodiments execute an asset data model query against the asset data model comprising analyzing asset data model component metrics by querying the device element data set, based on the updated first data model link, and generate an asset data model descriptive analytics determination output, based on the execution of the asset data model query.

Abstract: Techniques for providing a distributed standards registry are provided. A DSR system may include a plurality of distributed standards registry participants that are collectively configured to provide control logic for the distributed standards registry using a consensus voting mechanism to make control decisions. The DSR system includes include a distributed ontology model library maintained on the plurality of distributed standards registry participants and storing a plurality of ontology models, and a distributed federation broker registry maintained across the plurality of distributed standards registry participants.

Abstract: Methods and systems for a meta federation broker extend requests for computing services across multiple different cloud computing environments using ontology models. The meta federation broker may receive, from a federation participant, a federation participant query that includes semantic query data. At least one federation service from a plurality of federation services can be determined, based on processing the federation participant query and ontological data defining a ontology model, each ontology model describing federation services based on relationships between components of a federated cloud computing environment. The meta federation broker can validate a federation cloud broker that provides the at least one federation service to the federation participant and facilitate brokering of the at least one federation service to the federation participant by the federation cloud broker.

Abstract: Systems and methods for a progressive network connectivity architecture allow companies to selectively enable and disable network or cloud-based services according to customer and/or internal requirements. Depending on the application and/or environment, connected elements may be progressively connected to the cloud to facilitate sensing, actuation, data capture, data storage, or data processing in increasing or decreasing connected environments. Each connected element may be operated or utilized progressively in various connected environments, from completely isolated to completely connected.