Device security authentication
IoT Platform issues certificates to secure devices. These certificates include product certificates (ProductKey and ProductSecret) and device certificates (DeviceName and DeviceSecret). A device certificate is a unique identifier used to authenticate a device. Before a device connects to IoT Hub over a protocol, it provides the product certificate or the device certificate, depending on the authentication method. A device can connect to IoT Platform only after it passes authentication. IoT Platform provides several authentication methods for different environments.
- One-Device-One-Certificate: Each device is flashed with its own device certificate.
- One-Product-One-Certificate: Devices of the same product are flashed with the same product certificate.
- Sub-device authentication: Authenticates sub-devices after a gateway connects to the cloud.
These methods offer different levels of security and ease of use. You can choose a method based on your required security level and production line conditions. The following table compares these methods.
| Items | Unique-certificate-per-device authentication | Unique-certificate-per-product authentication | Sub-device Registration |
| Information flashed to the device | ProductKey, DeviceName, and DeviceSecret | ProductKey and ProductSecret | ProductKey |
| Whether to enable in IoT Platform | No. Enabled by default. | Yes. Enable dynamic registration. | Yes. Enable dynamic registration. |
| DeviceName pre-registration | Yes. Ensure that the DeviceName is unique within the product. | Yes. Ensure that the DeviceName is unique within the product. | Yes. Pre-registration is required. |
| Production line flashing requirements | Flash a device certificate to each device. Ensure the security of each device certificate. | Batch flash the same product certificate. Ensure the secure storage of the product certificate. | Batch flash the same product certificate to sub-devices. Ensure the security of the gateway. |
| Security | High | Medium | Medium |
| Quota limit | Yes. A maximum of 500,000 devices per product. | Yes. A maximum of 500,000 devices per product. | Yes. A maximum of 200 sub-devices can be registered per gateway. |
| Other external dependencies | None | None | Depends on the security of the gateway. |