# Device Management
# Overview
This specification describes the Z-Mesh management protocol. It contains functions such as network key- and feature configuration as well as software update scheduling.
# Device onboarding
Devices can be onboarded using a QR-code, containing the DID, Device management Encryption key and Device management Encryption IV. Creating a new device in the Network Server, will cause the following to happen:
- A Network Configuration Content message will be generated and stored in a Content Store
- One of more Feature Configuration Content messages will be generated and stored in a Content Store
- The monitoring server will send an Event Interest subscribe message
When the Device is started up for the first time, the following will happen:
- Device requests it's network configuration by sending an Interest message with:
- Net ID set to 1
- Content Name set to the Device Command content-name
- FSEQ = 1
- Device sends Interest to network time Content Name
- Device sends Interest with Content Name set to the Device Command content-name (FSEQ = last+1)
- Device sends Device Information event
- Device sends Features Status event
The Content Store(s) / Forwarder(s) between the Network Server and the Device, will, after having received the Content Announcement messages, be able to route interest- and content messages and content between the two.
When the Network Configuration and possibly Feature Configuration content is available, and the Device issues the Interest Query message for the Device Command content-name, it will receive the queued messages, allowing it to set the network configuration (MAC-key) and configure itself to send out or receive content.
When changes occur to the Device Information or the Feature configuration, the Device SHOULD send out a corresponding event message.
The Network Server MAY use the Features Status content message to populate the Device Features in it's own model of the device. This just means that when the device is being setup, it will not receive the Features Configuration Content message until the user has chosen what Content Name to assign which features.
# Content names for Device Management
Z-Mesh Content Names are hashes of the original resource-identifier. Content Names are generated using a combination of the Device ID and the name of content. These are:
| Content Name description | Content name |
|---|---|
| Device Commands | zdm/d/<DID>/cmd |
| Device Events | zdm/d/<DID>/evt |
<DID> = The Device identifier.
# Content Names for Network Information
Network resources, such as getting the Network Time, has fixed Content Names. These are:
| Message description | Content name |
|---|---|
| Network time | zni/time |
# Verifying Network configuration message
Devices that has not been provisioned, cannot verify the message using the MAC of the network configuration message. However, as the Network configuration message is encrypted using the device key, the device can decrypt the message and then use the NwkKey from the decrypted payload, to verify the message. If the MAC can be verified, then the Network Key configuration message is authentic.
# Payload encryption
A device MAY choose to implement functions for management, and if so, they SHOULD have a unique 64-bit Device Identifier (DID), and a 128-bit device management encryption key (IV and KEY). It is not mandatory to use encryption, although stongly encouraged. Messages for management functions SHOULD be encrypted and authenticated in order to prevent unauthorized access to device management functions. Messages related to device management are encrypted using the device's own encryption key and IV. Anyone that can optain the IV and KEY of a device, is able to manage it. These are therefore considered secret.
# Device Commands
Please refer to the Device Commands specification page.
# Device Events
Please refer to the Device Events specification page.
# Network Information
The Network MUST provide information needed for the devices to function, such as Network Time. This section describes the network content names it provides:
# Network Time (zni/time - e86d18f8b9cc)
This Content Name SHOULD be used by devices to set their time or by wireless devices to scan frequencies and detect nearby Forwarders. Device interested in retrieving the current network time MAY send an Interest message to this Content-name. The Interest SHOULD be served by the nearest Content Store and SHOULD be in time-synchronization with some NTP server or similar.
The payload of the Content packet reply, sent by the Content Store, is not encrypted, but SHOULD contain a MAC.