An attractive communication solution for IoT and IIoT applications, LoRa is a long-range and low-power wireless communication system that can send small amounts of data over long distances. Built around the LoRaWAN protocol, each LoRa device is required to have a unique ID (called DevEUI) and a unique security master key (called AppKey). From the AppKey are derived a “Network session key” used for integrity and authenticity verifications (data are signed with this key) and an “Application session key” used for confidentiality (data are encrypted with this key).

The security key and identifiers are unique per device and are traditionally provisioned (stored in the device’s persistent memory as well as on a Join server) during its manufacture prior to device activation. This solution generates cost and lacks flexibility. The current solution shows how the bidirectional capability of NFC dynamic tags can help to provision the device at runtime, thus making the manufacturing simpler.

The traditional way to onboard LoRa devices to a gateway or network server

A QR Code is traditionally added onto the product indicating the DevEUI and JoinEUI identifiers (the security key is kept secret).

After acquiring their device, users must install the approved Android/iOS mobile app provided by the manufacturer. The app then asks the user to scan the QR Code present on the LoRa device.

Then the application will communicate with the Join network using the JoinEUI parameter to identify the correct Join server to contact. The Join server knows the AppKey associated to this DevEUI and will propagate the AppKey to the Network and Application servers. The Network server will derive the AppKey to get the Network Session Key; while the Application server will derive the AppKey to get the Application session key.

The LoRa device will then contact a LoRa gateway and perform the Over The Air Activation (OTAA). Once activated, the new device is connected to the LoRa network and starts communicating.

Making the onboarding process easier and more cost-effective for an improved user experience

This method requires a LoRa device with an embedded ST25DV64KC dynamic NFC tag connected to an ultra-low power wireless STM32WL5 MCU supporting LoRa® modulation.

First tap the LoRa device with an NFC-enabled smartphone running the LoRa provisioning app to obtain the device's unique identifiers (DevEUI) and then register it on a LoRaWAN network.

The LoRaWAN server then sends back the unique master key (AppKey) to the mobile app which programs it into the LoRa device’s NVM. The LoRa device will then be able to contact a LoRa gateway to perform the Over The Air Activation (OTAA). Once activated, the new device is connected to the LoRa network.