Solution Description
An attractive communication solution for IoT and IIoT applications, LoRa is a long-range and low-power wireless communication system that can send small amounts of data over long distances. Built around the LoRaWAN protocol, each LoRa device is required to have a unique ID (called DevEUI) and a unique security master key (called AppKey). From the AppKey are derived a “Network session key” used for integrity and authenticity verifications (data are signed with this key) and an “Application session key” used for confidentiality (data are encrypted with this key).
The security key and identifiers are unique per device and are traditionally provisioned (stored in the device’s persistent memory as well as on a Join server) during its manufacture prior to device activation. This solution generates cost and lacks flexibility. The current solution shows how the bidirectional capability of NFC dynamic tags can help to provision the device at runtime, thus making the manufacturing simpler.
The traditional way to onboard LoRa devices to a gateway or network server
A QR Code is traditionally added onto the product indicating the DevEUI and JoinEUI identifiers (the security key is kept secret).
After acquiring their device, users must install the approved Android/iOS mobile app provided by the manufacturer. The app then asks the user to scan the QR Code present on the LoRa device.
Then the application will communicate with the Join network using the JoinEUI parameter to identify the correct Join server to contact. The Join server knows the AppKey associated to this DevEUI and will propagate the AppKey to the Network and Application servers. The Network server will derive the AppKey to get the Network Session Key; while the Application server will derive the AppKey to get the Application session key.
The LoRa device will then contact a LoRa gateway and perform the Over The Air Activation (OTAA). Once activated, the new device is connected to the LoRa network and starts communicating.
Making the onboarding process easier and more cost-effective for an improved user experience
This method requires a LoRa device with an embedded ST25DV64KC dynamic NFC tag connected to an ultra-low power wireless STM32WL5 MCU supporting LoRa® modulation.
First tap the LoRa device with an NFC-enabled smartphone running the LoRa provisioning app to obtain the device's unique identifiers (DevEUI) and then register it on a LoRaWAN network.
The LoRaWAN server then sends back the unique master key (AppKey) to the mobile app which programs it into the LoRa device’s NVM. The LoRa device will then be able to contact a LoRa gateway to perform the Over The Air Activation (OTAA). Once activated, the new device is connected to the LoRa network.
Provisioning method | When | Constraints / Comments | Cost |
QR code | At factory | Fixed keys HSM to store keys | $$$ |
Bluetooth® Low Energy | In the field | Bluetooth stack (HW and SW) | $$ |
NFC | In the field | Device remains generic at the end of the factory | $ |
-
Key Product Benefits
Establishes a secure transfer channel over NFC Convenient way of provisioning by the end user thanks to ST25 Dynamic NFC tag Higher flexibility (provisioning can be handled in the field), thanks to ST25 Dynamic NFC tag Improved provisioning process speed, thanks to Fast Transfer mode
Ultra-low-power MCU supporting LoRa® modulation Receive sensitivity:–148 dBm for LoRa® (at 10.4 kHz, spreading factor 12)
-
All Features
- Advanced functionality
- Fast Transfer Mode (FTM)
- Secure HTTPS requests through TLS/SSL.
- Key programming into the LoRa device
- LoRa communications
- MQTT notifications
- Performance benefits
- NFC provisioning method is more flexible, and is more cost-effective than other methods
- NFC allows the automatic installation of the mobile app (Android, iOS)
- Allows the registration of the GPS location (at install time)
- Simplifies industrialization with key provisioning by the end user
- Enables sealed housing (e.g. gas meters) thanks to contactless interface
- Improved visibility by providing logs of the device to service engineers
- NFC allows additional use cases: diagnostics, configuration, firmware upgrade, and more
- Cost benefits
- No more key provisioning at the end of the production line (cost saving)
- No need for an HSM to store the keys associated to all the LoRa devices produced
- Provisioning keys can be updated along product life cycle to reuse the same device in other LoRa networks
- Certifications
- NFC Forum certified product (ST25DV64KC) -> guarantee interoperability with mobile phones
- Advanced functionality
