1 - End Device Activation
This book covers LoRaWAN® end-device activation in depth.
Todo
Add more details
Data Stored in End Device After Activation
Three pieces of data are set on the device by the activation process: the Network Session Key (NwkSKey), Application Session Key (AppSKey), and end device address (DevAddr). These are generated and stored when the device first attempts to connect to the network through the OTAA process for devices implementing OTAA, or are stored directly in the device at the time of manufacturing for devices implementing ABP.
Network Session Key (NwkSKey)
The network server and end device both use the Network Session Key (NwkSKey) to verify the integrity of all data frames. In addition, the NwkSKey is used by both the network server and the end device to encrypt and decrypt MAC commands sent as MAC-only data frames.
Application Session Key (AppSKey)
The application server and end device use the Application Session Key (AppSKey) to encrypt and decrypt the Frame Payload (FRMPayload) field of application-specific data frames.
Note
The application server is referred to separately from the network server in the LoRaWAN® 1.0.4 specification. The messages are first sent from the end device to the network server. Internally, the network server then passes the frame payload of application-specific data frames to an application server.
One benefit of separating the network server and application server is that the network server does not need to know the AppSKey and thus cannot decrypt the application messages.
Learn more about the separation of network server and application server in TS2-1.1.0 LoRaWAN Backend Interfaces Specification.
Device Address (DevAddr)
The Device Address (DevAddr) is a 32-bit identifier allocated by the network server. The DevAddr is used along with the NwkSKey to identify the device in the current network.
Warning
It is possible for a network server to allocate the same DevAddr to multiple devices. This does not cause any issues on the network server because the network server identifies the device using the combination of DevAddr and NwkSKey, and the NwkSKey is unique to each device. Use the Device EUI (DevEUI) to uniquely identify your devices in your own applications; this is fixed and will not change when you move the device between networks.