I'm involved in the design of a protocol that allows different manufacturers to share data amongst their products. The protocol uses multicast over Ethernet so any device can join. Note that it's very likely there won't be an internet connection on the network.
Unfortunately they're only now starting to talk about security - primarily making sure commands come from a known device. Since all the devices are made by different manufacturers I can't think of a way of making sure each device is who they say they are. The obvious solution would be certificates but because we can't guarantee internet access we can't add knowledge of new certificates once a device has shipped.
Are there any other standard ways of doing this?