Google IoT provides a straightforward registration service for IoT devices. Once connected securely by MQTT, the device can then communicate with Google or other cloud-based services.
As an example of the cloud services Google offers, we also provide a tutorial on using the Google Assistant cloud-based voice recognition service.
The Google approach to device credential management is quick to set up and requires no enrollment of device certificates. Key aspects of the Google IoT scheme are as follows.
Relies on a master CA-signed certificate that is registered in the cloud; only a single certificate (not a chain) is registered
Employs individual device certificates, derived from the registered master, that are not stored in the cloud
Checks the device certificate against the registered master certificate during TLS handshake
Allows TLS connection regardless of whether the device certificate is valid
Limits MQTT Connect to devices with a valid key, by using a JSON Web Token (JWT) signed by the device key as the Connect password; the JWT is based on current time and has an expiration time
Only one level (CA to device cert) is permitted; no intermediate certs are allowed.
Additional details are provided in the Google IoT – Verifying Credentials article.
Setting Up Google IoT
You can follow the Google IoT article directly for setting up the tool on an ARTIK Linux gateway module.
Web article: Google IoT