Ownership Transfer and Provisioning

1 minute read
Edit on GitHub

The plgd d2d client can become an owner of a new, unowned device. Supported ownership transfer methods by the plgd d2d client are:

  • Just Works
  • Manufacturer Certificate

Supported credentials which are provisioned on the device to verify the client are:

  • Pre-shared key
  • Identity Certificate

With the default configuration, the plgd d2d client provisions the device with the pre-shared key, generated during the startup. This one is then used for every device.

Part of the device ownership transfer is the credentials provisioning. As you know from the d2d client initialization, there are more options, depending on your setup, on how to request and provision credentials. The same requirements and flow applies also for device credential provisioning.

The pre-shared key is setup on the device by the D2D client service.

The d2d client service requests the identity certificate from the plgd Certificate Authority for the device on its own.

The d2d client service is unable to reach the plgd Certificate Authority service. Therefore the plgd d2d web app gets the Identity CSR from the d2d client service and requests the certificate from the plgd Certificate Authority on its own, which is then sent back to the d2d client service. The web app is in the mediator role, assuming the PC where it’s loaded has access to both, plgd hub as well as to the d2d client service.

    Aug 18, 2022

    Get started

    plgd makes it simpler to build a successful IoT initiative – to create a proof of concept, evaluate, optimize, and scale.

    Get Started Illustration Get Started Illustration