The Sidewalk devices that you want to onboard to AWS IoT Core for Amazon Sidewalk can be in either of the following three stages:
Prototype devices are devices that are created by third party users using the prototyping flow. These devices are primarily used for testing purposes and to explore the Amazon Sidewalk onboarding workflow.
Pre-production devices are devices that are manufactured in limited quantities using the mass production flow. These devices are primarily created to obtain the Amazon Sidewalk qualification so that they can be used in production.
Production devices are devices that are manufactured in large quantities without any device limit using the mass production flow. These devices can be manufactured after Sidewalk qualification is obtained.
The following diagram shows the various stages in the lifecycle of your Sidewalk prototype, pre-production, or production devices.
Sidewalk devices can be created either using the prototyping flow or the mass production flow.
- In the prototyping flow, you manually flash the data onto the edge device, and the two certificate chains are used for authentication.
- In the mass production flow, the contract manufacturer (CM) ingests the device data into Amazon’s EDI system after which the devices are created. If the device data cannot be authenticated, the device entry will be rejected with a notification to the factory to correct the data.
Device associated with account
In this state, after the Sidewalk device is created, it will be associated with an AWS account. The device is now assigned to a Cloud partner for associating the devices with the right developer account. The mapping between device and developer will be owned by the Cloud partner.
During device registration, device presents with device certificates to the Sidewalk cloud. If device is successfully authenticated, then secure channel is formed between device and Sidewalk cloud and then device and application server to establish mutual network and application session keys respectively. These session keys are used for device communication until de-registered.
Device can be registered using developer mobile application (integrated with Sidewalk Mobile SDK) or using a Sidewalk gateway.
De-registration process, also triggered by the end customer, leads to removal of device and end customer association at the cloud partner end. Sidewalk continues to own the same mapping from creation between the device and cloud partner. De-registration also leads to removal of all the keys established as part of registration process in the cloud and device. De-registration and registration cycle can occur multiple times in the life-cycle of a device.
The validity of a device on the network is derived from authenticity of the chain of trust. Under unusual circumstances, Sidewalk can revoke certificates for a particular device or device type which would inhibit that device from communicating with the application server. The developer can also revoke established permission between their own device and cloud partner account.