Broadly, VESPA powered IoT Device must run the following procedures -
- Device Allocation
- Device Capability Exchange
at the end of these calls, Server issues following objects to every device
a) unique Device Key
b) unique Device certificate to be used in the subsequent communications
c) MQTT Topic to send data
d) MQTT server CA-certificate to validate the server
VESPA is bundled with CA-Cert that is used to validate the authenticity of the HTTPS/REST server.
First step for any IoT Device is to run authentication call. Device sends credentials securely over HTTPS call. While the TLS connection is established, the certificate presented by REST Server is validated with the pre-bundled CA-Cert. Only upon successful validation, the credentials are presented.
VESPa follows thru the calls to download the Objects mentioned above.
Now on, MQTT Connection is established over TLS, with mutual authentication. ie, server validates the device and vice versa.