How does device anti-spoofing work in Azure IoT hub?

Question

From Azure development guide https://azure.microsoft.com/en-us/documentation/articles/iot-hub-devguide, there is a small section (shown as below) talking about device anti-spoof

Answer 1

In IoT Hub there is a device registry that is used to authorize devices to the gateway. After authentication the device is checked against the registry.

When a device is registered with IoT Hub, the device's identity and key are saved in the device registry. This device and key is what the device uses to authenticate to the service.

The generation ID is a key part of this too. When the device is first registered with IoT Hub, a generation ID is assigned to the device. The purpose of this is to distinguish between identity registrations of the same device ID (added, removed, and then later added).

If you're interested in a deeper dive into the IoT Hub architecture see Clemen's 2015 Build talk here.