User Manual
Table Of Contents
- Preface
- Contents
- 1 AT command settings
- 2 General operation
- 3 IPC - Inter Processor Communication
- 4 General
- 4.1 Manufacturer identification +CGMI
- 4.2 Manufacturer identification +GMI
- 4.3 Model identification +CGMM
- 4.4 Model identification +GMM
- 4.5 Firmware version identification +CGMR
- 4.6 Firmware version identification +GMR
- 4.7 Request product serial number identification +CGSN
- 4.8 IMEI identification +GSN
- 4.9 Identification information I
- 4.10 TE character set configuration +CSCS
- 4.11 International mobile subscriber identification +CIMI
- 4.12 Card identification +CCID
- 4.13 Repeat last command A/
- 5 Mobile equipment control and status
- 5.1 Phone activity status +CPAS
- 5.2 Module switch off +CPWROFF
- 5.3 Set module functionality +CFUN
- 5.4 Indicator control +CIND
- 5.5 Configuration of indicator control +UCIND
- 5.6 Mobile termination event reporting +CMER
- 5.7 Clock +CCLK
- 5.8 Set greeting text +CSGT
- 5.9 Automatic time zone update +CTZU
- 5.10 Report mobile termination error +CMEE
- 6 Call control
- 7 Network service
- 7.1 Network parameters definition
- 7.2 Subscriber number +CNUM
- 7.3 Signal quality +CSQ
- 7.4 Extended signal quality +CESQ
- 7.5 Operator selection +COPS
- 7.6 Radio Access Technology (RAT) selection +URAT
- 7.7 Network registration status +CREG
- 7.8 Network selection control +PACSP
- 7.9 Channel and network environment description +UCGED
- 7.10 Edit Verizon wireless APN table +VZWAPNE
- 7.11 Read RSRP values +VZWRSRP
- 7.12 Read RSRQ values +VZWRSRQ
- 7.13 Signalling connection status +CSCON
- 7.14 eDRX setting +CEDRXS
- 7.15 eDRX read dynamic parameters +CEDRXRDP
- 7.16 Set MNO profile +UMNOPROF
- 7.17 Band selection bitmask +UBANDMASK
- 7.18 Device service domain configuration +USVCDOMAIN
- 7.19 CIoT optimization configuration +CCIOTOPT
- 7.20 NB-IoT band scan tuning +UDCONF=77
- 8 Device lock
- 9 Short Messages Service
- 9.1 Introduction
- 9.2 Select message service +CSMS
- 9.3 Preferred message storage +CPMS
- 9.4 Preferred message format +CMGF
- 9.5 Save settings +CSAS
- 9.6 Restore settings +CRES
- 9.7 Show text mode parameters +CSDH
- 9.8 New message indication +CNMI
- 9.9 Read message +CMGR
- 9.10 New message acknowledgement to MT +CNMA
- 9.11 List message +CMGL
- 9.12 Send message +CMGS
- 9.13 Write message to memory +CMGW
- 9.14 Send message from storage +CMSS
- 9.15 Set text mode parameters +CSMP
- 9.16 Delete message +CMGD
- 9.17 Service center address +CSCA
- 9.18 Read concatenated message +UCMGR
- 9.19 List concatenated message +UCMGL
- 9.20 Send concatenated message +UCMGS
- 9.21 Write concatenated message to memory +UCMGW
- 9.22 More messages to send +CMMS
- 9.23 Sending of originating data via the control plane +CSODCP
- 9.24 Terminating data reporting via control plane +CRTDCP
- 10 V24 control and V25ter
- 10.1 Introduction
- 10.2 Circuit 109 behavior &C
- 10.3 Circuit 108/2 behavior &D
- 10.4 DSR override &S
- 10.5 DTE-DCE character framing +ICF
- 10.6 DTE-DCE local flow control +IFC
- 10.7 Set flow control \Q
- 10.8 UART data rate configuration +IPR
- 10.9 Return to on-line data state O
- 10.10 Escape character S2
- 10.11 Command line termination character S3
- 10.12 Response formatting character S4
- 10.13 Command line editing character S5
- 10.14 Pause before blind dialling S6
- 10.15 Connection completion timeout S7
- 10.16 Command dial modifier time S8
- 10.17 Automatic disconnect delay S10
- 10.18 Escape prompt delay (EPD) S12
- 10.19 Command echo E
- 10.20 Result code suppression Q
- 10.21 DCE response format V
- 10.22 Result code selection and call progress monitoring control X
- 10.23 Reset to default configuration Z
- 10.24 Set to factory defined configuration &F
- 10.25 Display current configuration &V
- 11 SIM management
- 12 SIM toolkit
- 13 Packet switched data services
- 13.1 PDP contexts and parameter definition
- 13.2 PPP LCP handshake behaviour
- 13.3 Printing IP address format +CGPIAF
- 13.4 PDP context definition +CGDCONT
- 13.5 Packet switched data configuration +UPSD
- 13.6 GPRS attach or detach +CGATT
- 13.7 PDP context activate or deactivate +CGACT
- 13.8 Enter PPP state/GPRS dial-up D*
- 13.9 Show PDP address +CGPADDR
- 13.10 Packet switched event reporting +CGEREP
- 13.11 GPRS network registration status +CGREG
- 13.12 UE modes of operation for EPS +CEMODE
- 13.13 EPS network registration status +CEREG
- 13.14 Delete non-active PDP contexts +CGDEL
- 13.15 Configure the authentication parameters of a PDP/EPS bearer +UAUTHREQ
- 13.16 PDP context read dynamic parameters +CGCONTRDP
- 13.17 Initial PDP context activation +CIPCA
- 13.18 PDP IP configuration when roaming +UDCONF=75
- 13.19 Disable data when roaming +UDCONF=76
- 14 System features
- 14.1 Firmware installation +UFWINSTALL
- 14.2 Firmware update Over AT (FOAT) +UFWUPD
- 14.3 Antenna detection +UANTR
- 14.4 End user test +UTEST
- 14.5 Internal temperature monitor +UTEMP
- 14.6 Back up the file system +UBKUPDATA
- 14.7 Cancel FOTA download +UFOTA
- 14.8 Sets FOTA status URCs +UFOTASTAT
- 14.9 uFOTA configuration +UFOTACONF
- 14.10 Last gasp configuration +ULGASP
- 14.11 RING line configuration +URINGCFG
- 15 Power management
- 16 GPIO
- 16.1 Introduction
- 16.1.1 GPIO functions
- 16.1.2 GPIO mapping
- 16.1.3 Network status indication
- 16.1.3.1 No service (no network coverage or not registered)
- 16.1.3.2 Registered home network 2G
- 16.1.3.3 Registered home network 3G
- 16.1.3.4 Registered home network NB1 / NB2
- 16.1.3.5 Registered roaming 2G
- 16.1.3.6 Registered roaming 3G
- 16.1.3.7 Registered roaming NB1 / NB2
- 16.1.3.8 Data transmission
- 16.1.3.9 Data transmission roaming
- 16.1.4 Module status indication
- 16.1.5 Module operating mode indication
- 16.2 GPIO select configuration command +UGPIOC
- 16.3 GPIO read command +UGPIOR
- 16.4 GPIO set command +UGPIOW
- 16.1 Introduction
- 17 File System
- 18 DNS
- 19 Internet protocol transport layer
- 19.1 Introduction
- 19.2 IPv4/IPv6 addressing
- 19.3 Create Socket +USOCR
- 19.4 SSL/TLS/DTLS mode configuration on TCP/UDP socket +USOSEC
- 19.5 Set socket option +USOSO
- 19.6 Get Socket Option +USOGO
- 19.7 Close Socket +USOCL
- 19.8 Get Socket Error +USOER
- 19.9 Connect Socket +USOCO
- 19.10 Write socket data +USOWR
- 19.11 SendTo command (UDP only) +USOST
- 19.12 Read Socket Data +USORD
- 19.13 Receive From command (UDP only) +USORF
- 19.14 Set Listening Socket +USOLI
- 19.15 HEX mode configuration +UDCONF=1
- 19.16 Set socket in Direct Link mode +USODL
- 19.17 UDP Direct Link Packet Size configuration +UDCONF=2
- 19.18 UDP Direct Link Sending timer configuration +UDCONF=3
- 19.19 Timer Trigger configuration for Direct Link +UDCONF=5
- 19.20 Data Length Trigger configuration for Direct Link +UDCONF=6
- 19.21 Character trigger configuration for Direct Link +UDCONF=7
- 19.22 Direct Link disconnect DSR line handling +UDCONF=10
- 19.23 Socket control +USOCTL
- 19.24 Configure Dormant Close Socket Behavior +USOCLCFG
- 20 Device and data security
- 20.1 Introduction
- 20.2 Device security
- 20.3 Data security
- 20.3.1 Introduction
- 20.3.1.1 SSL/TLS/DTLS
- 20.3.1.2 SARA-R410M-63B / SARA-R410M-73B / SARA-R410M-83B Local encryption and decryption
- 20.3.1.3 SARA-R410M-63B / SARA-R410M-73B / SARA-R410M-83B Pre-Shared Keys (PSK) provisioning
- 20.3.1.4 SARA-R410M-63B / SARA-R410M-73B / SARA-R410M-83B End-to-end data encryption and decryption
- 20.3.2 SSL/TLS certificates and private keys manager +USECMNG
- 20.3.3 SSL/TLS/DTLS security layer profile manager +USECPRF
- 20.3.4 AT+USECMNG command example
- 20.3.5 Notes
- 20.3.6 Local encryption from AT interface +USECDATAENC
- 20.3.7 Local decryption from AT interface +USECDATADEC
- 20.3.8 Local encryption from a file +USECFILEENC
- 20.3.9 Local decryption from a file +USECFILEDEC
- 20.3.10 Pre-Shared Key (PSK) generation +USECPSK
- 20.3.11 End to end encryption from AT interface +USECE2EDATAENC
- 20.3.12 End to end encryption from a file +USECE2EFILEENC
- 20.3.1 Introduction
- 21 FTP
- 22 HTTP
- 23 Positioning
- 23.1 NMEA
- 23.2 AssistNow services
- 23.3 GNSS
- 23.3.1 GNSS power management +UGPS
- 23.3.2 Assisted GNSS unsolicited indication +UGIND
- 23.3.3 GNSS profile configuration +UGPRF
- 23.3.4 Aiding server configuration +UGSRV
- 23.3.5 GNSS aiding request command +UGAOS
- 23.3.6 Send of UBX string +UGUBX
- 23.3.7 GNSS indications timer +UGTMR
- 23.3.8 Get GNSS time and date +UGZDA
- 23.3.9 Get GNSS fix data +UGGGA
- 23.3.10 Get geographic position +UGGLL
- 23.3.11 Get number of GNSS satellites in view +UGGSV
- 23.3.12 Get recommended minimum GNSS data +UGRMC
- 23.3.13 Get course over ground and ground speed +UGVTG
- 23.3.14 Get satellite information +UGGSA
- 23.4 CellLocate and hybrid positioning
- 24 I2C
- 25 MQTT
- 26 Lightweight M2M
- 26.1 LwM2M Objects management
- 26.1.1 Introduction
- 26.1.2 Load LwM2M object definition +ULWM2MADD
- 26.1.3 Remove LwM2M object definition +ULWM2MREMOVE
- 26.1.4 List available LwM2M objects +ULWM2MLIST
- 26.1.5 Create new instance of LwM2M object +ULWM2MCREATE
- 26.1.6 Delete instance of LwM2M object +ULWM2MDELETE
- 26.1.7 Write to LwM2M object +ULWM2MWRITE
- 26.1.8 Read from LwM2M object +ULWM2MREAD
- 26.2 LwM2M connectivity
- 26.2.1 SARA-R4 Command line and information text response maximum length for LwM2M connectivity features
- 26.2.2 LwM2M URCs configuration +ULWM2MSTAT
- 26.2.2.1 SARA-R410M-02B / SARA-R410M-52B / SARA-R410M-63B / SARA-R410M-73B / SARA-R410M-83B / SARA-R412M Description
- 26.2.2.2 SARA-R410M-02B / SARA-R410M-52B / SARA-R410M-63B / SARA-R410M-73B / SARA-R410M-83B / SARA-R412M Syntax
- 26.2.2.3 SARA-R410M-02B / SARA-R410M-52B / SARA-R410M-63B / SARA-R410M-73B / SARA-R410M-83B / SARA-R412M Defined values
- 26.2.2.4 SARA-R404M / SARA-R410M-01B / SARA-R410M-02B / SARA-R410M-52B / SARA-R412M / SARA-N4 Description
- 26.2.2.5 SARA-R404M / SARA-R410M-01B / SARA-R410M-02B / SARA-R410M-52B / SARA-R412M / SARA-N4 Syntax
- 26.2.2.6 SARA-R404M / SARA-R410M-01B / SARA-R410M-02B / SARA-R410M-52B / SARA-R412M / SARA-N4 Defined values
- 26.2.3 Stop LwM2M client +ULWM2M
- 26.2.3.1 SARA-R410M-02B / SARA-R410M-52B / SARA-R410M-63B / SARA-R410M-73B / SARA-R410M-83B / SARA-R412M Description
- 26.2.3.2 SARA-R410M-02B / SARA-R410M-52B / SARA-R410M-63B / SARA-R410M-73B / SARA-R410M-83B / SARA-R412M Syntax
- 26.2.3.3 SARA-R410M-02B / SARA-R410M-52B / SARA-R410M-63B / SARA-R410M-73B / SARA-R410M-83B / SARA-R412M Defined values
- 26.2.3.4 SARA-R404M / SARA-R410M-01B / SARA-R410M-02B / SARA-R410M-52B / SARA-R412M / SARA-N4 Description
- 26.2.3.5 SARA-R404M / SARA-R410M-01B / SARA-R410M-02B / SARA-R410M-52B / SARA-R412M / SARA-N4 Syntax
- 26.2.3.6 SARA-R404M / SARA-R410M-01B / SARA-R410M-02B / SARA-R410M-52B / SARA-R412M / SARA-N4 Defined values
- 26.2.3.7 Notes
- 26.2.4 Initiate LwM2M server registration +ULWM2MREG
- 26.2.5 LwM2M server deregistration +ULWM2MDEREG
- 26.2.6 LwM2M server configuration +ULWM2MCONFIG
- 26.2.7 LwM2M host device information +UHOSTDEV
- 26.2.8 Lightweight M2M pulse configuration +ULWM2MPULSE
- 26.2.9 LwM2M object notification +ULWM2MNOTIFY
- 26.2.10 LwM2M host device information +ODIS
- 26.1 LwM2M Objects management
- A Appendix: Error result codes
- A.1 Mobile termination error result codes +CME ERROR
- A.2 Message service error result codes +CMS ERROR
- A.3 Firmware install final result codes
- A.4 FOAT error result codes
- A.5 Internal TCP/UDP/IP stack class error codes
- A.6 Internet suite error classes
- B Appendix: AT Commands List
- C Appendix: UDP Direct Link workflow
- D Appendix: Glossary
- Related documents
- Revision history
- Contact
SARA-R4 series-AT commands manual
UBX-17003787 - R16
20Device and data security
Page 230 of 401
20Device and data security
20.1Introduction
Nowadays the security is very important to secure personal or confidential data from unauthorized access and
therefore it is important to secure the IoT devices to protect the business and the data.
In the IoT security, a weak point is a defect which is called a vulnerability and it may become a safety issue; IoT
devices connects/links physical objects and so in IoT it is needed to secure of course data traffic and networks
but also the network of "things" or physical objects (i.e. medical devices, infrastructure, utility meters, vehicles,
etc.) must be secured.
Some definitions are needed to understand the foundations of security:
• Integrity is about making sure that some pieces of data have not been altered from some "reference
version".
• Authentication is about making sure that a given entity (with whom you are interacting) is who the user
believes it to be.
• Authenticity is a special case of integrity, where the "reference version" is defined as "whatever it was when
it was under control of a specific entity".
• Confidentiality means no unauthorized access to data (i.e. encryption/cryptography).
The u-blox security solution lets secure the IoT devices from end-to-end:
• Device security, the privacy of data is protected from the devices to the cloud (confidentiality, integrity and
authenticity).
• Data security, the devices are protected from attack, they can be trusted and controlled (identity,
authenticity and firmware protection).
• Access Management, it can be controlled who has access to data and products (device policies, data
policies and feature authorization)
The pillars of the u-blox security are:
• Unique device identity, an immutable chip ID and a robust Root-of-Trust (RoT) provides the foundational
security.
• Secure boot sequence and updates, only authenticated and authorized firmware and updates can run on
the device.
• Hardware-backed crypto functions, a Secure Client Library (SCL) generates keys and crypto functions to
securely connect to the cloud.
The IoT device is secured through different steps:
• Provision trust: insert Root-of-Trust at production. An immutable chip ID and hardware-based
Root-of-Trust provide foundational security and a unique device identity.
• Leverage trust: derive trusted keys. Secure libraries allow generation of hardware-backed crypto functions
and keys that securely connect to the cloud.
• Guarantee trust: use keys to secure any function. It ensures authenticity, integrity, and confidentiality to
maintain control of device and data.
20.2Device security
20.2.1Introduction
These AT commands maintain device integrity over the entire lifecycle.
• +USECCHIP queries the immutable chip ID.
• +USECDEVINFO allows customer programming the device profile UID into each device along with their own
device serial number.
• +USECROTUID queries the Root of Trust (RoT) public Unique IDentifier (UID).
SARA-R4
+USECOFF disables the secure data suite features on the module if it has not been sealed with the
+USECDEVINFO AT command.