For uplink messages it's up to the Developer to set up verification in the Application Server. For donwlink messages all message must be signed with a valid token.
Receiving and validating uplink messages:
The application server retrieves the query-parameters of an HTTP post and hashes these WITHOUT the Token QP (Query parameters include the AS_ID and the Time):
code:
query-parameters := LrnDevEui=000000000F1D8693&LrnFPort=2&LrnInfos=UPHTTP_LAB_LORA&AS_ID=app1.sample.com&Time=2016-01-11T14:11:11
From the body of you LoRa message you need some elements which you concatenate without separator: CustomerID, DevEUI, FPort, FCntUp, payload_hex.
code:
body-elements := 100000507000000000F1D8693270110027bd00
Both the KPN servers and your application server should now the secret 128 bits AS Key. You can find the AS-key under your profile
code:
AsKey:= 46ab678cd45df4a4e4b375Eacd096acc
The application server re-computes the token as SHA-256():
code:
token:= SHA 256(100000507000000000F1D8693270110027bd00LrnDevEui=000000000F1D8693&LrnFPort=2&LrnInfos=UPHTTP_LAB_LORA&AS_ID=app1.sample.com&Time=2016-01-11T14:11:1146ab678cd45df4a4e4b375Eacd096acc)
This will result in a hex string that must be the same as the key provided in the token field of the query parameter, so you are sure the sender is valid.
code:
encrypted-token:= 9bf99ba78791ad7f02c8d24dafe0a47da895ded5a0add99584d48d45c0e750a3
Sending downlink messages from the application server
To generate the mandatory token for downlink messages, you should get the query parameters as a string and append the key. Put the resulting key through a SHA-256 function to get your token.
code:
Example query-parameters:= DevEUI=000000000F1D8693&FPort=1&Payload=00&AS_ID=app1.sample.com&Time=2016-01-11T14:28:00
token:= SHA 256(DevEUI=000000000F1D8693&FPort=1&Payload=00&AS_ID=app1.sample.com&Time=2016-01-11T14:28:0046ab678cd45df4a4e4b375Eacd096acc)
Remember that the can be found at you application server in Thingpark or your user profile in the Developer Portal and is 46ab678cd45df4a4e4b375Eacd096acc in this example.
The resulting is encoded as an hex string
code:
Token=b5a84fe9c8921e9de359e3041a37b76c4b122f6f9b83577b5596c842052f7e62
Pro-Tips
- Please refer to this topic on how to send the signed message.
- SHA tokens can be case sensitive, our advise is to always use lower case tokens
- Also the IoT Academy Github contains a step-by-step explanation about how to implement an application server in NodeRed: https://github.com/iotacademy/NodeRed_KPN_LoRa/wiki.
[color=green]
Useful links
[/color]- [color=#094ab1]LoRa:[/color] Starters Guide- [color=#094ab1]LoRa:[/color] Forum and Manuals
- [color=#094ab1]LoRa:[/color] Geolocation
- [color=#094ab1]LoRa:[/color] Dictionary & Definitions
- [color=green]FAQ:[/color] Frequently Asked Questions
- [color=green]Tools:[/color] www.LoRaTools.nl