Before a device can be connected to IoT Platform, the device must pass identity verification. IoT Platform allows you to use DeviceSecrets to verify devices.
Use DeviceSecrets to verify devices
When you create a product, set the Authentication Mode parameter to Device Secret. When you add a device to the product, IoT Platform issues a ProductSecret and a DeviceSecret to the device. When you connect a device to IoT Platform, IoT Platform verifies the device by using the ProductKey and the DeviceSecret of the device.
IoT Platform supports various verification methods to meet the requirements of different environments.
- Unique-certificate-per-device verification: A device certificate is burned to each device. The device certificate includes a ProductKey, DeviceName, and DeviceSecret. For more information, see Unique-certificate-per-device verification.
- Pre-registration unique-certificate-per-product verification: A product certificate is burned to all devices of a product. The product certificate includes a ProductKey and ProductSecret. For more information, see Unique-certificate-per-product verification. Enable dynamic registration for the product, and use dynamic registration to obtain a DeviceSecret for a device.
- Preregistration-free unique-certificate-per-product verification: A product certificate is burned to all devices of a product. The product certificate includes a ProductKey and ProductSecret. For more information, see Unique-certificate-per-product verification. Enable dynamic registration for the product, and use dynamic registration to obtain a combination of ClientID and DeviceToken instead of a DeviceSecret.
- Sub-device verification: After a sub-device connects to IoT Platform by using a gateway, you can use dynamic registration to obtain a DeviceSecret for the sub-device.
The preceding methods have their own benefits in terms of accessibility and security. You can select a method based on the security requirements of the device and the actual production condition. The following table describes the differences between the methods.
| Item | Unique-certificate-per-device verification | Pre-registration unique-certificate-per-product verification | Preregistration-free unique-certificate-per-product verification | Sub-device verification |
|---|---|---|---|---|
| Information burned to the device | ProductKey, DeviceName, and DeviceSecret | ProductKey and ProductSecret | ProductKey and ProductSecret | ProductKey |
| Enable dynamic registration in IoT Platform | Not required. By default, the dynamic registration feature is enabled. | Required. | Required. | Required. |
| Create a device in IoT Platform and register the DeviceName | Required. Make sure that the specified DeviceName is unique in a product. | Required. Make sure that the specified DeviceName is unique in a product. | Not required. | Required. Make sure that the specified DeviceName is unique in a product. |
| Certificate burning requirement | Burn a unique device certificate to each device. Ensure the security of each device certificate. | Burn the same product certificate to all devices of a product. Make sure that the product certificate is safely kept. | Burn the same product certificate to all devices of a product. Make sure that the product certificate is safely kept. |
|
| Security | High | Medium | Medium | Medium |
| Upper limit for registrations | The limit varies based on the product, instance, or Alibaba Cloud account that you use to connect a device to IoT Platform. For more information, see Limits. | A maximum of 1,500 sub-devices can be registered in a gateway. | ||
| Other external reliance | N/A | Security of the gateway. | ||