Internet of Things Patterns
This is an excerpt of the pattern that was first published in [1].

Medium-Based Bootstrap

Icon of the Medium-Based Bootstrap Pattern

The information a device requires to create the first connection to its communication partners is placed on the device during deployment. A storage medium, such as a USB stick, is put into the device. The device uses the information stored on this medium to create the first connection.


You have a new device which has to communicate with other components to fulfill its purpose. The device is either connected directly to the other components, or it goes through a network and multiple intermediaries. Either way, the new device has to know how to create these connections.


A new device needs some basic information to be able to create connections and to start communication. This information may change over time. How do you get this information onto the device while keeping it as independent as possible?


  • Independence: The device should not depend on third parties for bootstrapping to avoid vendor lock-in.
  • Flexibility: The details needed for first communication may change with time. You possibly need to adapt the device to these changes.
  • Choice: You need a level of choice of how and to whom the device connects but baking this information into the device during production using Factory Bootstrap means personalizing every device. It binds the device to this choice and makes it uninteresting for parties which have other needs.
  • Cost: There may be solutions which offer more flexibility, but may require additional software or hardware components which could increase the overall cost of a device.
  • Security: Security credentials for authentication, authorization, or encryption may be needed for communication, but these credentials have to be brought onto the device without an attacker being able to eavesdrop on them or alter them.
  • Scalability: In some situations, large amounts of devices have to be bootstrapped, which can be a lot of work.
  • Physical Access: Some devices may be hard to reach because they are set up in high places or at remote locations or rough terrain.
  • Resilience: Some devices need to be built to withstand harsh conditions, but some components will decrease their ability to do so, for example, movable parts which break more easily or external ports which could let in water or dust.


Bootstrap, i.e., configure the device on-site from a replaceable storage medium, for example, a USB stick, that contains all necessary bootstrap information. When the device starts, let it read and use the information placed on this medium to start communication. Have the device copy its content for later use.


Solution Details:

This is an excerpt of a previously published pattern. The full pattern can be found in [1].



Related Patterns:

Known Uses:

  1. L. Reinfurt, U. Breitenbücher, M. Falkenthal, F. Leymann, and A. Riegg, “Internet of Things Patterns for Device Bootstrapping and Registration,” in Proceedings of the 22nd European Conference on Pattern Languages of Programs (EuroPLoP), New York, NY, USA, 2017. Available at