当前位置:网站首页>04. Tencent cloud IOT device side learning - network connection and device authentication
04. Tencent cloud IOT device side learning - network connection and device authentication
2022-06-24 16:55:00 【fancyxu】
The main purpose of this series is to record the learning notes of Tencent cloud Internet of things device , And on the device side SDK Make a supplementary explanation .
network connections
MQTT Is based on reliable protocols , It's usually used TCP、 perhaps TCP+TLS, among TLS Based on PSK Authentication and certificate based authentication .
Tencent cloud Internet of things C SDK adopt network The network layer implements different adaptations to the network protocols under , It mainly includes three categories :
- TLS:SDK Mainly adapted to mbedtls The corresponding interface of , Use tls Access can be directly adapted mbedtls
- TCP socket: about TCP Access mode , Most uses are socket Interface form , Through adaptation HAL Layer of socket Interface can be implemented TCP Access
- AT: For partial use AT Command controlled equipment ,SDK It also provides general AT frame , By adapting the underlying AT Instruction can realize access
Because it involves security , Most scenarios use mbedtls Mode access , This requires the equipment to mbedtls adapter , Fortunately mbedtls The adaptation is very mature , And not complicated .
Device access authentication
For equipment type , It can be divided into two categories :
- PSK equipment :
- TCP: in the light of TCP Connect , Key authentication is used , adopt PSK Use MQTT Of user name and password For authentication , Please see the Key authentication device access guide
- TCP+TLS+PSK: according to PSK be based on TLS_PSK_WITH_AES_128_CBC_SHA or TLS_PSK_WITH_AES_256_CBC_SHA Suite for authentication and key exchange , This can be done by capturing packets in Client Hello see .
- Certificate equipment : Use TLS Certificate mode for authentication , You can see TLS The handshake process
Other authentication
In addition to device access authentication , Other authentication is also included in the whole Tencent cloud IOT , No more details. , Briefly describe , Understanding can . It mainly includes :
- Device log upload authentication : Use equipment PSK Or certificate key pair hmac_sha1 Sign the time and log content
- Dynamic registration authentication : Use the product key ( Note here is the product PSK, Not equipment PSK), use hmac_sha1 For device information 、 Random number and time
- Dynamic binding authentication of sub devices : Adopt sub equipment PSK Or certificate key pair hmac_sha1 For device information 、 Random number and time
Because it is convenient for device implementation and code reuse , Most authentications are similar , Mainly through the key to the device information , random number 、 Time stamp 、 Other information HMAC, Generate message authentication code , Thus, the server can confirm that the message is sent by the device according to the message authentication code .
边栏推荐
- How to use the national standard streaming media server to view the video stream of the surveillance camera? How to correctly use UDP and TCP protocols?
- Analysis and introduction of NFT meta universe source code construction
- It may be a good idea to use simulation software in the cloud for simulation
- Kubernetes 1.20.5 setting up Sentinel
- 构建跨公链平台解决DApp开发问题
- Can you remember the code of a programming boss? Can you hit it out without Baidu?
- The mystery of redis data migration capacity
- [playing with Tencent cloud] a solution to the impassability of cross-border access to foreign websites using Tencent cloud CVM
- Mathematics in machine learning -- point estimation (IV): maximum posteriori probability (map)
- Zblog determines whether a plug-in installs the enabled built-in function code
猜你喜欢

A survey on dynamic neural networks for natural language processing, University of California

MySQL learning -- table structure of SQL test questions

A survey on model compression for natural language processing (NLP model compression overview)

Applet wxss

Daily algorithm & interview questions, 28 days of special training in large factories - the 15th day (string)

Ui- first lesson

Ps\ai and other design software pondering notes

Cognition and difference of service number, subscription number, applet and enterprise number (enterprise wechat)

Problems encountered in the work of product manager
![[go] concurrent programming channel](/img/6a/d62678467bbc6dfb6a50ae42bacc96.jpg)
[go] concurrent programming channel
随机推荐
Don't let [mana] destroy your code!
Kubernetes 1.20.5 setting up Sentinel
Saying "Dharma" Today: the little "secret" of paramter and localparam
Data acquisition and transmission instrument reservoir dam safety monitoring
Talk about some good ways to participate in the project
Development analysis of main chain system
How FEA and FEM work together
A very good educational man and resource center planning scheme, with word file download
MySQL learning -- table structure of SQL test questions
Tencent releases the full platform version of reasoning framework TNN, and supports mobile terminal, desktop terminal and server terminal at the same time
Serial of H3CNE experiment column - VLAN configuration experiment, access and trunk
NFT元宇宙源码搭建解析与介绍
Swift array map/flatmap/compactmap/filter/reduce/chaining Usage Summary
[leetcode108] convert an ordered array into a binary search tree (medium order traversal)
集体突破之后,中国公有云的下一步落在哪里?
Enterprise service growth path (7): what key factors will affect SaaS' sales performance?
How to perform concurrent stress testing on RTSP video streams distributed by audio and video streaming servers?
区块哈希游戏竞猜系统开发(成熟代码)
Edit distance (linear dp+ violence matching)
Abstract factory pattern