End-to-end Data Protection & Integrity
Upstream (Device to cloud)
Downstream (Cloud to Device)
This rotation type specifies that on every encryption request, a new key will be generated and used. After setting this type on the cloud, following command needs to be run (just once) on the device:
This option is available only in upstream
This rotation type specifies that after a set number of days (configurable from 1 to 30), a new encryption key will be automatically generated and used by the encryption algorithm in the module.
This operation corresponds to step 2 in flow diagram above.
Examples - upstream
Important note: all the API responses the you see in the current guide have the unique aim to show which is the response format. The data provided in the response cannot be reused, but you have to retrive your own valid protection parameters from the Thingstream platform.
Continuous key rotation
The command returns the length of the encrypted data and the encrypted data itself:
In this section
Automatic key rotation
In case you are using the automatic rotation option, nothing changes on the device side. The same AT command can be used as above. except for the fact that you have to set the device, just once to use it issuing the AT Command AT+USECOPCMD=”e2e_enc”, 1
Remember that this is default option set in the module, therefore there is no need to send this command if you do not want to change the default working mode.
while this is the response format in case of signing only (integrity)
Running this function with the data from the example we get back our original “HELLO” message.
Examples - downstream
The prerequisite to implement this example are the same one described in the upstream example section.
Response will be
Response will be
E2E Data protection service upstream with continuous key rotation is available in the following FW version an subsequent releases:
SARA-R410M-x3B-01 (x3B = 63B, 73B, 83B)
SARA-R500S-00B-00, SARA-R510S-00B-00, SARA-R510M8S-00B-00
E2E Data protection downstream, Automatic Key rotation feature, and E2E Data Integrity are available starting from the below firmware releases
SARA-R500S-01B-00, SARA-R510S-01B-00, SARA-R510M8S-01B-00