Thread Commissioning Over Authenticated TLS

Thread Commissioning Over Authenticated TLS (TCAT) was developed to address the needs of professional installation and commercial building scenarios. It makes it easy to wirelessly onboard Thread devices that are pre-installed in difficult-to-reach places, such as inside a ceiling or embedded in a wall. Instead of scanning physical install codes once the pre-installed devices are powered, Thread commissioning can be implemented over authenticated TLS (Transport Layer Security) by exchanging security certificates. TCAT can be performed using a mobile device (such as a phone, tablet) while in close proximity to the pre-installed device over a wireless connection such as Bluetooth® Low Energy. The nRF Connect SDK currently provides experimental support for TCAT. To test this feature, build the Thread: CLI sample with the TCAT snippet enabled.

After flashing the sample to the device, use the following command to enable TCAT:

uart:~$ ot tcat start

Currently, BBTC Client is the only available TCAT commissioner tool, and can be found in the OpenThread repository. Refer to the tool’s documentation for more information.