Concurrent Mode: Getting More Done with One Radio!

Most IoT devices in the market operate primarily in Wi-Fi station mode wherein they are associated to an Access Point (AP) and communicate to some kind of cloud. These devices sometimes also operate in Limited AP mode in certain cases such as during provisioning so that the smartphones/tablets can provide them with network credentials for the user’s AP.

GainSpan’s latest firmware release (ver. 5.2.1 GA and higher)  enables our modules to operate both as a Wi-Fi station and a Limited AP in a time-multiplexed manner giving the user the perception of concurrent Wi-Fi station and Limited AP mode operation. This patented networking mode is made possible by the dual core architecture of the GS2000 SoC along with the larger memory resources.

Applications for Concurrent mode include concurrent mode provisioning, uninterrupted field diagnostics and creating Personal Area Networks (PAN). Let’s examine these in detail below.

Verified Concurrent Mode Provisioning:

The most common provisioning technique used by IoT devices today is to come up in Limited AP mode and have the user enter their network credentials via a mobile App on a smartphone / tablet. Upon receiving the network credentials, the Wi-Fi radio in these IoT devices changes network modes from Limited AP to Wi-Fi station for the intended AP. This provides an easy Graphical User interface (GUI) for users to input their network credentials using their smartphone.

However, one major limitation of this method is that it does not confirm success. Provisioning could have failed for a number of reasons such as the user inputting incorrect network credentials, typos while entering credentials on a  smartphone/tablet (thanks, Autocorrect!), or the home AP being switched off.

GainSpan’s patented concurrent mode provisioning solves this problem. Here is how it works:

Fig 1: Concurrent Mode Provisioning
  • When invoked (typically by a push button), the GS2000 module starts the first networking interface in Limited AP mode. This could come up with WPA2-PSK security with a default per-device passphrase printed on the IoT device’s sticker (GainSpan recommends using WPA2-PSK security to avoid security holes in the provisioning process) or it could come up with Open security mode (i.e.,  no security)
  • The smartphone/tablet associates to this Limited AP mode network. Using an App on the smartphone/tablet, the user enters their home network’s credentials
  • Upon submitting these credentials, the GS2000 module launches the second networking interface and tries to associate to the home AP using the credentials just provided, while still maintaining the link to the smartphone / tablet
  • Once associated to the home AP, the GS2000 module does a ping verification test to the home AP to verify the association
  • This success (or failure) feedback is provided to users over the Limited AP interface from the GS2000 module to their smartphone/tablet

Typically, OEMs incorporate a BLE module in their design to provide this Limited AP-like link to the smartphone/tablet so that they can provide feedback to the user over BLE. This adds cost to the BOM and is an expensive solution given that the device will typically be provisioned only once during its life cycle.

GainSpan’s concurrent mode provisioning eliminates the need for a BLE chip and provides an easy, secure provisioning experience to the user.

Uninterrupted Field Diagnostics

To understand this use case, let’s consider a cloud-connected vending machine. This machine sends a lot of information to the cloud in terms of usage, stock levels, performance, logs, etc. This data is used by various parties such as store owner, maintenance technicians, stocking analysts and manufacturer to track its progress and help them take necessary actions as needed.

Fig 2: Uninterrupted Field Diagnostics

Uninterrupted Field Diagnostics

Consider a scenario where the vending machine sends an error code that prompts the owner to dispatch a service technician to the site for further diagnostics. The technician arrives and initiates the concurrent mode to establish a local Limited AP link between the vending machine and the tablet running the diagnostic software, while the vending machine still maintains cloud connectivity.

Diagnosing the product in the field without having to take it offline could be of profound importance to all parties involved in this use case. GainSpan’s concurrent mode makes this possible by providing two concurrent networking interfaces – namely a station interface for cloud connectivity and a Limited AP interface for a technician’s smartphone / tablet.

Creating a Personal Area Network (PAN):

Let’s consider a smart thermostat with a couple of battery- operated temperature sensors that can be placed in different rooms to better control the heating and cooling.

The thermostat unit being line powered operates in GainSpan’s concurrent mode and sets up two networking interfaces – the station interface to connect to the home AP for cloud connectivity and the Limited AP interface where the temperature sensors report the readings from different rooms.

Fig 3: Creating Personal Area Network (PAN)
  • Reduced BOM cost by eliminating the need for multiple radios to create a gateway in the thermostat unit
  • Eliminates the need for regulatory approvals on account of multiple radios in the system. Customers can leverage GainSpan’s modular approval certifications
  • Faster time to market as it is much easier to integrate one radio versus multiple radios into the system

GainSpan’s patented concurrent mode creates a new networking mode for IoT devices where they can act as a station and as Limited AP on two separate networking interfaces concurrently. When using GainSpan modules at both ends, concurrent mode enables battery-powered devices such as sensors to sleep longer and to maintain network connectivity without having to wake up periodically unless there is meaningful data to transmit. The Limited AP mode interface in concurrent mode supports up to 16 client devices with WPA2-PSK encryption. This unparalleled number of client device support gives OEM designers and embedded engineers the flexibility to architect their IoT device to meet all their technical needs while providing an easy development experience and designing a solution that is most cost effective.

How will you use GainSpan’s patented concurrent mode for your next IoT product? We’d love to hear from you.

Wireless Security: Which standard should I use for maximum security?

With the advent of wireless security, a variety of security standards have been developed and used. Each standard was developed to plug some vulnerability in its predecessor. As a result, a number of security options are available to the customer today. Some of the less secure and deprecated standards are also available to maintain backward compatibility with older Wi-Fi equipment.

When installing wireless networking equipment (Access Points or Routers) in their homes, customers should use the most secure standards for their home network. In this blog, l will introduce the various encryption standards available and recommend the most secure standard when setting up a home network.

Let’s take a quick look at the evolution of wireless encryption standards in chronological order. These standards are also listed from being least secure to most secure:

Wireless Security Blog

When setting up your home network, GainSpan recommends that you use WPAv2 standard on your home networks and use a long passphrase. When using WPAv2 with a strong passphrase, chances are very slim of a hacker breaking into your home network.

Will you use WPAv2 on your home Access Point / Router to secure your home network from potential hackers?

Please let us know your comments.


Smart and Smarter: Use our built-in security tools when designing connected home products

The advent of IoT devices in the connected home has provided increased convenience to consumers. However, it also leaves consumers vulnerable to cyber-attacks on account of poor or substandard security and design practices from ODMs designing IoT products for the connected home.

GainSpan takes pride in providing a comprehensive set of security tools for our customers. These include using industry standard encryption protocols such as TLS1.2 for end-to-end security of data transmission and over the air security using Wi-Fi Protected Access (WPA2). We also support a comprehensive suite of EAP/PEAP methods for Enterprise networks that provides banking level security.

We offer a number of Application Development Kits (reference designs) for easy development of certain features such as video cameras, music streaming, provisioning IoT devices on the home network, etc. All these reference designs are intended to be used by the ODMs as a starting point to minimize their development effort and provide a fast time to market. ODMs typically make changes to these reference designs to adapt to their specific use case.

Security is a major concern in applications wherein the IoT device is physically accessible to a malicious party e.g. door bells, security cameras, thermostats, etc. GainSpan recommends that while designing such applications the ODMs make use of the security measures provided by GainSpan. These include:

  • Not using open networks while provisioning. GainSpan recommends that customers use a per device unique passphrase for the Limited AP network being created for provisioning using WPA2 security
  • Not sending network credentials in the clear text. This is highly discouraged as it easily gives network access to malicious parties
  • Erasing all the customer credentials and information while resetting the IoT device to factory default settings
  • Using industry standard TLS1.2 encryption for transmission of all data from the IoT device to the cloud and/or mobile devices. This prevents malicious parties to decrypt the data even if they are able to eavesdrop on the transmission
  • Updating the encryption keys periodically so as to prevent the risk of keys being accessed by malicious parties
  • Using digital certificates for verifying the server’s authenticity before performing firmware updates. This ensures that your IoT device is being updated by the intended server

The security measures highlighted above are available to all of GainSpan’s customers. We recommend that ODMs use all or most of these security measures that are applicable for their IoT end product.