All Products
Search

This Product

    IoT Platform:Unique-certificate-per-device verification

    Document Center

    IoT Platform:Unique-certificate-per-device verification

    Last Updated:Sep 18, 2023

    This topic describes how to verify directly connected devices or gateway sub-devices by using the unique-certificate-per-device verification method.

    Background information

    If you use the unique-certificate-per-device verification method, you must install a unique device certificate on each device in advance. A device certificate includes a ProductKey, DeviceName, and DeviceSecret. When you connect a device to IoT Platform, IoT Platform verifies the device based on the certificate. If the device passes the verification, IoT Platform activates the device to enable data communication between the device and IoT Platform.

    We recommend that you use the unique-certificate-per-device verification method because the method provides high security.

    Process:

    Device verification

    Verify directly connected devices

    You can connect directly connected devices to IoT Platform only over MQTT or HTTPS. If you want to register directly connected devices, perform the following steps:

    1. Create a product: When you create a product, set the Node Type parameter to Directly Connected Device.

    2. Add a device: Add a device to the created product and obtain the device certificate.

    3. Burn the device certificate to the device.

      1. Select one of the following protocols to connect the device to IoT Platform: MQTT and HTTPS. Then, specify the information about the device certificate and an endpoint to register and verify the device.

        The following list describes the protocol-specific methods that you can use to register and verify the device.

      2. Configure a Link SDK based on your business requirements. For example, you can configure the following features: Thing Specification Language (TSL) topic-based device communication, custom topic-based device communication, over-the-air (OTA) updates, and device shadows.

        For more information about how to configure a device, see Use a device SDK to connect a device to IoT Platform.

      3. Burn the configured Link SDK to the device in the production line.

    4. Verify the device. After you power on the device and connect the device to IoT Platform, the device sends a verification request that contains the device certificate information to IoT Platform.

    5. Activate the device. IoT Platform verifies the device and establishes a connection with the device Then, the device can communicate with IoT Platform by using topics. For more information, see Topics.

    Verify the sub-devices of a gateway

    The registration method for gateways is the same as the registration method for directly connected devices. This section describes how to verify sub-devices by using the unique-certificate-per-device verification method. In this example, the MQTT protocol is used for communication.

    1. Create a product: Create a product for a gateway and a product for a sub-device. When you create a product for the gateway, set the Node Type parameter to Gateway Device. When you create a product for the sub-device, set the Node Type parameter to Gateway Sub-device.

    2. Add devices: Add devices to the created products and obtain the device certificates of the gateway and the sub-device.

    3. Burn the device certificates to the devices.

      1. Establish MQTT connections over TCP: Specify information about the gateway and the sub-device, and an endpoint. In a Link SDK for the gateway, initialize an instance to manage the sub-device. You must configure the topological relationship between the gateway and the sub-device and register the sub-device.

      2. Configure a Link SDK for the sub-device based on your business requirements. For example, you can implement the feature that allows the sub-device to communicate with IoT Platform by using the gateway.

        For more information about how to configure a sub-device, see Use a Link SDK to connect a device to IoT Platform.

      3. On the production line, burn the configured gateway SDK to the gateway and burn the sub-device certificate to the sub-device.

    4. Verify the gateway and sub-device. After you power on the gateway and sub-device and connect them to IoT Platform, the gateway sends a verification request to IoT Platform. The request includes the certificates of the gateway and sub-device.

      For more information about the data format of the verification request, see Connect or disconnect sub-devices.

    5. Activate the devices. After IoT Platform verifies the gateway and the sub-device and establishes connections with the devices, the devices can communicate with IoT Platform by using topics. For more information, see Topics.