Dear Mesh Experts, what's the recommended approach to recover lost mesh keys? Imagine, for example, an industrial mesh installation with hundreds of nodes, all provisioned and operated by a single smartphone. Now, what if the smartphone gets lost without a backup of the mesh configuration/keys? How can we recover without resetting and re-provisioning the whole mesh? What's the recommended approach? My current idea is to implement it the following: Push a button on one of the nodes to temporarily enable a key/mesh-recovery GATT service/characteristic. Connect with a new smartphone to the GATT service/characteristic to recover the keys/mesh configuration. In theory quite simple. And because the user needs physical access to the mesh, it's also sufficiently secure for our usecase. Question are: Is there a better way to do it? How would you approach this requirement? Your advise is very much appreciated, Thank you.

This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to recover lost mesh keys/configuration?

Dear Mesh Experts,

what's the recommended approach to recover lost mesh keys?

Imagine, for example, an industrial mesh installation with hundreds of nodes, all provisioned and operated by a single smartphone. Now, what if the smartphone gets lost without a backup of the mesh configuration/keys? How can we recover without resetting and re-provisioning the whole mesh? What's the recommended approach?

My current idea is to implement it the following:

Push a button on one of the nodes to temporarily enable a key/mesh-recovery GATT service/characteristic.
Connect with a new smartphone to the GATT service/characteristic to recover the keys/mesh configuration.

In theory quite simple. And because the user needs physical access to the mesh, it's also sufficiently secure for our usecase.
Question are:

Is there a better way to do it?
How would you approach this requirement?

Your advise is very much appreciated,
Thank you.

Parents

0 Hung Bui over 5 years ago

Hi BlueMike,

It's always recommended to back up the data to a safe place, especially when it's the configuration data for large deployment.
Also it's suggested to use a dedicated machine (e.g PC) for the purpose. We provide the remote provisioning solution to aid this approach.

What you described is a good way to recover the network key and maybe some application keys. However, it's not that simple to recover the device keys. It's the unique key for each node that the provisioner uses to communicate/re-configure the node. With the network key and application keys, you can still provision new device to the network but it's not possible to re-configure older device, and it's also not possible to black list a device without the device keys.

I have forwarded your question to our mesh team and will keep you updated when I get a reply from our team.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Hung Bui over 5 years ago

Hi BlueMike,

It's always recommended to back up the data to a safe place, especially when it's the configuration data for large deployment.
Also it's suggested to use a dedicated machine (e.g PC) for the purpose. We provide the remote provisioning solution to aid this approach.

What you described is a good way to recover the network key and maybe some application keys. However, it's not that simple to recover the device keys. It's the unique key for each node that the provisioner uses to communicate/re-configure the node. With the network key and application keys, you can still provision new device to the network but it's not possible to re-configure older device, and it's also not possible to black list a device without the device keys.

I have forwarded your question to our mesh team and will keep you updated when I get a reply from our team.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data