Device Authentication
Overview
IoTDA authenticates a device when the device attempts to access the platform. The authentication process depends on the access method.
Access Type |
Authentication Mode |
|---|---|
Device using LwM2M over CoAP |
A device is registered, either by calling the API Creating a Device or using the IoTDA console. If the device does not use DTLS/DTLS+, the device carries the node ID to get authenticated and connect to the platform. If the device uses DTLS/DTLS+, the device carries the secret and node ID to get authenticated and connect to the platform. See the figure below. |
Device using native MQTT or MQTTS |
|
Authentication for Devices Using LwM2M over CoAP
1. An application calls the API Creating a Device to register a device. Alternatively, a user uses the IoTDA console to register a device.
- The secret can be defined during device registration. If no secret is defined, the platform allocates one.
- If the device is not connected to the platform within the duration specified by timeout, the platform deletes the device registration information.
4. The user hardcodes the secret into the device hardware, software, or firmware.
5. After being powered on, the device sends a connection request carrying the node ID (such as the IMEI) and secret if it is a security device, or carrying the node ID if it is a non-security device.
6–7. If the authentication is successful, the platform returns a success message, and the device is connected to the platform.
Authentication for Devices Using Native MQTT or MQTTS
- An application calls the API Creating a Device to register a device. Alternatively, a user uses the IoTDA console to register a device.
During registration, use the MAC address, serial number, or IMEI of the device as the node ID.
- The user hardcodes the device ID and secret to the device hardware, software, or firmware.
- (Optional) The user integrates the preset CA certificate on the device. This step is required only for devices connected using MQTTS.
- After being powered on, the device sends a connection request carrying the device ID and secret.
- If the authentication is successful, the platform returns a success message, and the device is connected to the platform.
Authentication for Devices Using an X.509 Certificate
An X.509 certificate is a digital certificate used for communication entity authentication. Currently, only MQTT devices can use X.509 certificates for authentication, and you can upload a maximum of 100 device CA certificates.
- A user uploads a device CA certificate on the IoTDA console.
- An application calls the API Creating a Device to register a device. Alternatively, a user uses the IoTDA console to register a device.
During registration, use the MAC address, serial number, or IMEI of the device as the node ID.
The platform allocates a globally unique device ID to the device.
- The user hardcodes the device ID to the device hardware, software, or firmware.
- After being powered on, the device sends a connection request carrying the X.509 certificate to the platform.
- If the authentication is successful, the platform returns a success message, and the device is connected to the platform.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
