An apparatus and method are described for secure communication between IoT devices and an IoT service. For example, one embodiment of a system comprises: an Internet of Things (IoT) service to establish communication with an IoT device through an IoT hub or a mobile user device; a first encryption engine on the IoT service comprising key generation logic to generate a service public key and a service private key; a second encryption engine on the IoT device comprising key generation logic to generate a device public key and a device private key; the first encryption engine to transmit the service public key to the second encryption engine and the second encryption engine to transmit the device public key to the first encryption engine; the first encryption engine to use the device public key and the service private key to generate a secret; the second encryption engine to use the service public key and the device private key to generate the same secret; and wherein once the secret is generated, the first encryption engine and the second encryption engine encrypt and decrypt data packets transmitted between the first encryption engine and the second encryption engine using the secret or using a data structure derived from the secret.