Mesh network commissioning

摘要

Securely joining devices to a mesh network using Datagram Transport Layer Security (DTLS) is described. A secure commissioning session is established between a joiner device and a commissioning device of the mesh network, in response to a joiner router receiving a DTLS-ClientHello message from the joining device, which is requesting to join the mesh network, and relaying the received message, encapsulated in a DTLS Relay Receive Notification message, to the commissioning device. The commissioning device transmits commissioning messages to the joining device over the secure session to enable the joining device to join the mesh network. The joiner router receives an indication from the commissioning device, that the joining device is to be entrusted to receive network credentials for the mesh network, and receives a key to securely transmit the network credentials from the joiner router to the joining device to complete commissioning the joining device to the mesh network.

主权项

1. A method of securely joining a joining device to a mesh network, the method comprising:
receiving, at a joiner router, a Datagram Transport Layer Security (DTLS)-ClientHello message from the joining device requesting to join the mesh network; encapsulating the received DTLS-ClientHello message in a DTLS Relay Receive Notification message; transmitting the DTLS Relay Receive Notification message to a commissioning device of the mesh network; receiving, from the commissioning device, a DTLS Relay Transmit Notification message; transmitting content of the DTLS Relay Transmit Notification message to the joining device, the content effective to enable the joining device to join the mesh network; receiving, from the commissioning device, an indication that the joining device is to be entrusted to receive network credentials for the mesh network; receiving, from the commissioning device, a Key Encryption Key (KEK) that is shared between the commissioning device and the joining device; and responsive to the receiving the indication, transmitting the network credentials from the joiner router to the joining device using the KEK to secure communication of the network credentials.