ISO/IEC 30184:2024

ISO/IEC 30184
Edition 1.0 2024-12
INTERNATIONAL
STANDARD
colour
inside
Internet of things (IoT) – Autonomous loT object identification in a connected
home – Requirements and framework

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or
by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either
IEC or IEC's member National Committee in the country of the requester. If you have any questions about ISO/IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews, graphical symbols and the glossary.
committee, …). It also gives information on projects, replaced With a subscription you will always have access to up to date
and withdrawn publications. content tailored to your needs.

IEC Just Published - webstore.iec.ch/justpublished
Electropedia - www.electropedia.org
Stay up to date on all new IEC publications. Just Published
The world's leading online dictionary on electrotechnology,
details all new publications released. Available online and once
containing more than 22 500 terminological entries in English
a month by email.
and French, with equivalent terms in 25 additional languages.

Also known as the International Electrotechnical Vocabulary
IEC Customer Service Centre - webstore.iec.ch/csc
(IEV) online.
If you wish to give us your feedback on this publication or need

further assistance, please contact the Customer Service
Centre: sales@iec.ch.
ISO/IEC 30184
Edition 1.0 2024-12
INTERNATIONAL
STANDARD
colour
inside
Internet of things (IoT) – Autonomous loT object identification in a connected

home – Requirements and framework

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 35.020 ISBN 978-2-8327-0042-6

– 2 – ISO/IEC 30184:2024 © ISO/IEC 2024
CONTENTS
FOREWORD . 3
INTRODUCTION . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 Abbreviated terms . 9
5 Overview . 10
6 Requirements . 10
6.1 General description . 10
6.2 Major system capabilities . 10
6.3 System requirements and recommendations . 11
7 Architecture . 12
7.1 General description . 12
7.2 Functional entities . 12
7.2.1 General . 12
7.2.2 Feature extraction function . 13
7.2.3 Fingerprint and profile generation function . 13
7.2.4 IoT object discovery function . 13
7.2.5 Local IoT object identification function . 13
7.2.6 Local policy manager . 14
7.2.7 Policy application function . 14
7.2.8 Central IoT object identification function . 14
7.2.9 Policy database manager. 14
7.3 Reference points . 14
8 Operation procedure . 15
8.1 Identifier . 15
8.2 Feature . 16
8.3 Fingerprint and profile . 16
8.4 IoT object type identification . 17
8.5 IoT objects association identification . 18
Annex A (informative) Policy enforcement operation . 19
Bibliography . 20

Figure 1 – A typical architecture for autonomous IoT object identification . 12
Figure 2 – A typical operation procedure for IoT object type identification . 18
Figure A.1 – A typical operation procedure for policy enforcement . 19

INTERNET OF THINGS (IoT) –
AUTONOMOUS IoT OBJECT IDENTIFICATION IN A CONNECTED HOME –
REQUIREMENTS AND FRAMEWORK
FOREWORD
1) ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)
form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC
participate in the development of International Standards through technical committees established by the
respective organization to deal with particular fields of technical activity. ISO and IEC technical committees
collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental,
in liaison with ISO and IEC, also take part in the work.
2) The formal decisions or agreements of IEC and ISO on technical matters express, as nearly as possible, an
international consensus of opinion on the relevant subjects since each technical committee has representation
from all interested IEC and ISO National bodies.
3) IEC and ISO documents have the form of recommendations for international use and are accepted by IEC and
ISO National bodies in that sense. While all reasonable efforts are made to ensure that the technical content of
IEC and ISO documents is accurate, IEC and ISO cannot be held responsible for the way in which they are used
or for any misinterpretation by any end user.
4) In order to promote international uniformity, IEC and ISO National bodies undertake to apply IEC and
ISO documents transparently to the maximum extent possible in their national and regional publications. Any
divergence between any IEC and ISO document and the corresponding national or regional publication shall be
clearly indicated in the latter.
5) IEC and ISO do not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC and ISO marks of conformity. IEC and ISO are not
responsible for any services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this document.
7) No liability shall attach to IEC and ISO or their directors, employees, servants or agents including individual
experts and members of its technical committees and IEC and ISO National bodies for any personal injury,
property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including
legal fees) and expenses arising out of the publication, use of, or reliance upon, this ISO/IEC document or any
other IEC and ISO documents.
8) Attention is drawn to the Normative references cited in this document. Use of the referenced publications is
indispensable for the correct application of this document.
9) IEC and ISO draw attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). IEC and ISO take no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, IEC and ISO had not received notice of
(a) patent(s), which may be required to implement this document. However, implementers are cautioned that this
may not represent the latest information, which may be obtained from the patent database available at
https://patents.iec.ch and www.iso.org/patents. IEC and ISO shall not be held responsible for identifying any or
all such patent rights.
ISO/IEC 30184 has been prepared by subcommittee 41: Internet of Things and Digital Twin, of
ISO/IEC joint technical committee 1: Information technology.
The text of this International Standard is based on the following documents:
Draft Report on voting
JTC1-SC41/453/FDIS JTC1-SC41/469/RVD

Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.

– 4 – ISO/IEC 30184:2024 © ISO/IEC 2024
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1, and the ISO/IEC Directives, JTC 1 Supplement
available at www.iec.ch/members_experts/refdocs and www.iso.org/directives.

IMPORTANT – The "colour inside" logo on the cover page of this document indicates
that it contains colours which are considered to be useful for the correct understanding
of its contents. Users should therefore print this document using a colour printer.

INTRODUCTION
The IoT environment has become widespread, dynamic, and complex, and is constantly
evolving. IoT objects and their associations to users, or to other objects, should be identified.
Current identification approaches rely on proper device categorization based on pre-determined
taxonomies. Once categorized, devices advertise themselves to the network. When new types
of IoT objects emerge, the taxonomy is renewed and new IDs are assigned.
As a complement to existing solutions, this document simplifies the requirements imposed on
devices through the adoption of an autonomous procedure. This method reduces the need for
detailed classification, standardization, and certification of device types by eliminating the need
for devices to self-identify and advertise.
This document focuses on the requirements and the framework for autonomous identification
of IoT objects, especially in connected home environments. The objects in this document
include IoT devices and applications. The IoT object identification is to identify the IoT object
type and the associations among the IoT objects.
Inspecting data patterns produced by IoT objects allows for autonomous type and association
identification. The data patterns may be inspected if the IoT object has given explicit consent.
The data patterns to be inspected can be a selected feature from the raw data such as the port
number and protocol number. An accumulated feature set over time can also be used –
minimum or maximum packet size, average input rate, average inter-arrival times of packets,
and so on – if the IoT object gives explicit consent to allow the collection and storage of such
data.
By doing so, the need for detailed classification, standardization, and certification of object
types is reduced; and devices are relieved from the burdens of identifying and advertising
themselves. It will motivate and spread the development of new types of IoT objects.
Developments towards heterogeneous IoT objects will enable increased protections for devices
and users against malicious attacks, hazards from malfunctions, or health-related critical issues.

– 6 – ISO/IEC 30184:2024 © ISO/IEC 2024
INTERNET OF THINGS (IoT) –
AUTONOMOUS IoT OBJECT IDENTIFICATION IN A CONNECTED HOME –
REQUIREMENTS AND FRAMEWORK
1 Scope
This document specifies the following items for the autonomous IoT object identification in a
connected home:
– requirements;
– architecture, functional entities and interfaces;
– operation procedures.
Information model formats, data formats, and identifier assignment are out of scope of this
document.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following
addresses:
• IEC Electropedia: available at https://www.electropedia.org/
• ISO Online browsing platform: available at https://www.iso.org/obp
3.1
autonomous IoT object identification
identification of the IoT object (3.11) type and the associations among the IoT objects with
limited human intervention
3.2
home
physical structure used as a dwelling place
EXAMPLE A house or an apartment.
Note 1 to entry: A home can be an individual building, part of a larger building or more than one building.
Note 2 to entry: A home can include small business premises, e.g. nursing homes and home offices.
[SOURCE: ISO/IEC 11801-4:2017 [1], 3.1.5, modified – Note 2 to entry has been added.]
3.3
connected home
home that is equipped with a home network

3.4
home network
internal network for information transport in a home or on business premises of similar
complexity, providing defined access points and using one or more media in any topology
3.5
fingerprint
digital fingerprint
technology that deploys algorithms that analyse a large number of technical characteristics and
settings on devices to generate unique identifiers that can identify a specific computing device
producing a machine ID, and which can be personally identifiable
Note 1 to entry: In this document, a fingerprint is a selection of features. It can be an accumulated set of features
over time.
[SOURCE: ISO 19731:2017 [2], 3.17, modified – Note 1 to entry has been replaced and Note 2
to entry has been deleted.]
3.6
feature
measurable property of an object or event with respect to a set of
characteristics
Note 1 to entry: Features play a role in training and prediction.
Note 2 to entry: Features provide a machine-readable way to describe the relevant objects. As the algorithm will
not go back to the objects or events themselves, feature representations are designed to contain all useful
information.
[SOURCE: ISO/IEC 23053:2022 [3], 3.3.3]
3.7
ground truth
value of the target variable for a particular item of labelled input data
Note 1 to entry: The term ground truth does not imply that the labelled input data consistently corresponds to the
real-world value of the target variables.
[SOURCE: ISO/IEC 22989:2022 [4], 3.2.7]
3.8
identifier
information that unambiguously distinguishes one entity from other entities in a given identity
context
[SOURCE: ISO/IEC 20924:2024 [5], 3.1.19]
3.9
IoT application
software functional element specific to the solution of a problem in the IoT environment
Note 1 to entry: An application can be distributed among resources and can communicate with other applications.
[SOURCE: IEC 61800-7-1:2015 [6], 3.2.2, modified – The term and definition have been made
specific to the IoT environment.]

– 8 – ISO/IEC 30184:2024 © ISO/IEC 2024
3.10
IoT device
endpoint that interacts with the physical world through sensing or actuating
Note 1 to entry: An IoT device can be a sensor or an actuator.
[SOURCE: ISO/IEC 20924:2024 [5], 3.2.11]
3.11
IoT object
IoT device (3.10) and IoT application (3.9)
3.12
IoT system
system providing functionalities of IoT
Note 1 to entry: An IoT system can include, but not be limited to, IoT devices (3.10), IoT gateways, sensors, and
actuators.
[SOURCE: ISO/IEC 20924:2024 [5], 3.2.15]
3.13
machine learning
ML
process of optimizing model parameters (3.15) through computational techniques, such that the
model's (3.14) behaviour reflects the data or experience
[SOURCE: ISO/IEC 22989:2022 [4], 3.3.5]
3.14
model
physical, mathematical or otherwise logical representation of a system, entity, phenomenon,
process or data
[SOURCE: ISO/IEC 22989:2022 [4], 3.1.23]
3.15
model parameter
parameter
internal variable of a model (3.14) that affects how it computes its outputs
Note 1 to entry: Examples of parameters include the weights in a neural network and the transition probabilities in
a Markov model.
[SOURCE: ISO/IEC 22989:2022 [4], 3.3.8]
3.16
meta-data
data that define and describe other data
[SOURCE: ISO/TR 3985:2021 [7], 3.10]
3.17
personally identifiable information
PII
information that can be used in a given context to identify, contact, or locate a single person,
or to identify an individual in context
[SOURCE: ISO 19414:2020 [8], 3.1]

3.18
profile
set of attributes generated from one or more fingerprints (3.5) that represents characteristics of
an IoT object
3.19
test data
evaluation data
data used to assess the performance of a final model (3.14)
Note 1 to entry: Test data are disjoint from training data (3.20) and validation data (3.21).
[SOURCE: ISO/IEC 22989:2022 [4], 3.2.14]
3.20
training data
data used to train a machine learning model
[SOURCE: ISO/IEC 22989:2022 [4], 3.3.16]
3.21
validation data
development data
data used to compare the performance of different candidate models
Note 1 to entry: Validation data are disjoint from test data (3.19) and generally also from training data (3.20).
However, in cases where there are insufficient data for a three-way training, validation and test set split, the data
are divided into only two sets – a test set and a training or validation set. Cross-validation or bootstrapping are
common methods for then generating separate training and validation sets from the training or validation set.
Note 2 to entry: Validation data can be used to tune hyperparameters or to validate some algorithmic choices, up
to the effect of including a given rule in an expert system.
[SOURCE: ISO/IEC 22989:2022 [4], 3.2.15]
4 Abbreviated terms
CF central functions
CHCE connected home control entity
COIF central IoT object identification function
FEF feature extraction function
FPGF fingerprint and profile generation function
ID identifier
LF local functions
LOIF local IoT object identification function
LPM local policy manager
ODF IoT object discovery function
PAF policy application function
PDM policy database manager
PII personally identifiable information

– 10 – ISO/IEC 30184:2024 © ISO/IEC 2024
5 Overview
As a complement to existing IoT unique device identification solutions, which remain crucial,
like in cyber-physical forensics investigations, this document defines requirements, architecture,
functional entities, and operation procedures for the autonomous identification and discovery
of IoT devices and applications on the IoT devices. Inspecting data and patterns that IoT objects
(3.11) produce is required in order to autonomously identify types and association of IoT objects.
This document focuses on the requirements and the framework for autonomous identification
of IoT objects, especially in connected home environments. The IoT object identification is to
identify the IoT object type and the associations among the IoT objects.
There can be architectures or operation procedures for similar purposes, which are different
from those specified in this document.
The structure of this document is as follows.
Clause 6 specifies the requirements for the autonomous IoT object identification. The
requirements are divided into major system capabilities and requirements.
Clause 7 specifies the architecture, the functional entities, and the interfaces between the
entities. The architecture includes the local functions located at connected home servers and
the central functions that are placed in cloud service platforms.
Clause 8 specifies the operation mechanisms and procedures for the autonomous IoT object
identification, which involves participation and communication among end devices, connected
home servers, and a cloud service platform.
6 Requirements
6.1 General description
This Clause 6 specifies the requirements for the autonomous IoT object identification. The
requirements are divided into major system capabilities and system requirements.
6.2 Major system capabilities
IoT systems with the IoT object identification function shall have the following capabilities.
a) Autonomy: IoT systems with the IoT object identification function shall be able to operate
with limited human intervention. The framework for this capability is covered in 7.2.
b) Scalability: IoT systems with the IoT object identification function shall be able to manage a
large number of device and application types and learn to identify new types as they emerge.
The framework for this capability is covered in 7.2.
c) Stability: IoT systems with the IoT object identification function shall be able to work
consistently and effectively regardless of the lifecycle stage (e.g. whether in induction or
normal operation stage) or operational mode (e.g. whether in standby or active mode) of the
target IoT object or application. The framework for this capability is covered in 7.2.
d) Privacy: IoT systems with the IoT object identification function shall protect PII. The
framework for this capability is covered in 7.2.2, 8.4, and 8.5.

6.3 System requirements and recommendations
This subclause 6.3 specifies the requirements and recommendations for systems with IoT object
identification function. The requirements and recommendations are categorized based on the
major system capabilities defined in 6.2.
a) Requirements and recommendations for autonomy of IoT object identification function.
1) It shall be able to identify the type of IoT object. The type of an IoT object is an indication
for the object, which can be determined based on the purpose, manufacturer, model
number, version of firmware or software, or any combination of these attributes.
2) It should be able to inspect the transferred data from unidentified IoT objects. Data
including packet headers of all the layers, and unencrypted packet payload should be
monitored.
3) It should be able to extract selected features from the inspected data. Features from
multiple packets over time should be able to be extracted.
4) It shall be able to summarize accumulated features into a brief format, which is suitable
as an input to the identification procedures.
b) Requirements and recommendations for scalability of IoT object identification function.
1) It should be able to discover IoT objects and their identity through identity information
exchange between the IoT objects and the functional entity responsible for the
identification. Identity information and features of an IoT object obtained by this
procedure should be used for accurate identification of other related IoT objects.
2) It should be able to collect the essence of features of IoT objects from multiple connected
homes and send them to a central computing system, such as a cloud or fog platform.
3) It shall be able to identify IoT objects on a central computing system.
c) Requirements for stability of IoT object identification function.
1) It shall be able to collect data transferred by IoT objects and identify data contents
generated by IoT objects, if the consent is granted for the collection and transference of
data from IoT objects.
2) It shall provide a secure and safe communication environment for transmitting the
features or fingerprints in the procedure of identifying IoT objects.
d) Requirements and recommendations for privacy in IoT object identification function.
1) It shall give IoT objects the option to allow for the collection and processing of IoT object
data.
2) It should be able to identify the IoT object's allowance level to the identification
procedure. IoT objects can be categorized into
i) identification allowed, or
ii)
...