The Commissioning module provides a simple and secure solution for adding off-the-shelf sensors and actuators as nodes to a network. A smart device (like a smart phone) can be used as a trusted third party (TTP) between the device and the router.
Figure 1. Commissioning overview
A TTP that has access to the router and can detect new BLE nodes can be considered an ideal aid to commissioning by overcoming two important constraints:
- immobility/inaccessibility of the node and/or router
- lack of a user interface on the node and/or router
The process of commissioning a new device using a TTP consists of the following stages.
-
Detecting the new node.
Once the node is powered, the TTP helps you detect the new device. At this point the router is still unaware of the new node. You can use BLE, NFC, QR codes, or a combination of these to detect a new device on the TTP. When BLE is used, the node is expected to advertise with a UUID to request to be added to the network. A dedicated proprietary 128-bit UUID in the node's service list is recommended to avoid miscommunication of the node's intent. The TTP should allow you to choose in the user interface which node you want to configure through the user interface.
-
Configuring the node.
To allow the router to establish a secure connection to the node, the node has to have the human-readable part of the router's SSID and a Passkey that will protect against man-in-the-middle attacks during establishing a secure connection between the router and the node. The TTP should allow you to enter the SSID and the OOB data and store these for future use. Once the TTP is provided with the necessary information, it can connect to the selected node and transfer the configuration. When configuration is complete, the TTP can request the node to enter the Joining the network mode. This may result in the node disconnecting from the TTP.
-
Joining the network.
The node starts BLE advertisement with the SSID as manufacturer specific data and the UUID of the Internet Protocol Support Service. Once the BLE connection between the router and the node is established, authentication takes place based on the OOB data.
In addition to Configuration mode and Joining mode, it should be possible to request the node to make itself known to the user. If the Identity mode is requested, the node should make itself easily recognizable with the help of its hardware. In addition, the node can also be configured with a maximum 8 bytes of data that will serve as the scan response data when the node starts advertising. Identity mode can be requested by the TTP at any stage of configuration. When the node enters Identity mode, the connection should remain intact and configuration can continue.
The transport layer used for commissioning is detailed in Commissioning transport layer
To run an example from the IoT SDK with commissioning, please refer to the Commissioning User Guide.