hello everyone and Welcome to our webinar today uh we are going to talk about matter certification in matter device certificates so this is the third and last session of the webinar series about matter so we started uh talking about the introduction to matter than the building a matter device and now the matter certification and device certificate so I recommend you to watch the previous webinars if you are just arriving to this one and to talk about the matter certification in device certificate we have our director of technical marketing welcome Ami how are you hey better so thank you for being here and so the stage this stage is yours thank you thanks Pedro um everyone greetings of the day so this is the third webinar as perver mentioned which will talk about the matter certification and device certificates um from the title you may feel that why matter certification and device certificates are being talked together but there is a good reason about that and we'll cover that in the due course so let's go through the agenda of this webinar uh firstly I will talk about what is the matter certification process in detail then I will also talk about how expensive certification assistant service can help customers to do the certification of their devices with ease then I will go into device attestation and device certificates and this is where I will also talk about the manufacturing complexity that gets added because of the device certificates and certain properties of those certificates um then I will talk about the expressives that of pre-provisioning service which basically simplifies this device certificate programming for our customers and then finally um I'll talk about the esp-0 code modules which is uh which is the probably the easiest way to build the matter of devices and then we'll go into the Q a and we would be glad to answer any of the questions that you may have so let us begin um so why matter certification right so in the first webinar delivered by my colleague Anand you have heard about what matter protocol is but one of the key features or the the key promise of matter is the seamless interoperability amongst the devices uh that that are basically matter certified so with this as a key goal uh the certification really helps to ensure the compliance to the specification and it also ensures that all these devices and the phones and this voice assistants they talk to each other as specified in the specification um and finally when it comes to the consumer having the matter logo and the certified products really help because now the consumers can choose the genuine certified products and they can be assured of the functionality interoperability and all the good things that matter with us now what are the ways to get this certification right so the first um way for any product to get the certification uh is actually undergoing the Complete product testing uh and now this certification can be for an individual product or a family of products for example you may be building a complete set of different lights including down lights and bulbs and panels uh probably you can consider product family certification if from the software perspective and the matter configuration perspective they are similar so this is one the probably the most common way of doing the certification now the second one is certification by similarity if you have products which are very similar in nature to the pre-certified product then you can go for certification by similarity and then if you are getting a recertified product which is a white label level or rebrandable product from an odm then you can also go for a certificate transfer program whereby an existing matter certification can be transferred in your name so let's understand the product testing list certification process so it all begins with developing your own product right once you have developed your product the next stage next stage step is basically getting the CSA membership and uh when we talk about CSM membership so on the CSA portal you can actually apply for CSA membership so now CSA membership has different levels of memberships first one is the associate member and Associate member is a free membership and this is primarily targeted for uh the companies who want to build white labeled or he branded certified products then there are three other membership levels which have their own benefits but these three membership levels basically allow you to build your own matter products and go for certification through the full testing so this is where you get the certificate the CSA membership and once you have the CSA membership the next thing that you get is the vendor ID now uh vendor ID the I will call it vid um and also the product ID PID are very similar to the way the USB devices have vidp ID in the case of matter devices there are 16-bit vid pids which uniquely recognize each product and so each vendor is also recognized using his own 16-bit unique vid so you get this vendor ID from the CSA the next stage is now you have developed your product uh you have gotten the vid you go for the pre-certification Run three certification run happens in your own lab once you are a CSA member you get access to the certification tool which is available on CSA portal and you can use this certification tool to run the all the certification tests in your own lab to ensure that your product is indeed passing all the certification tests once this certification run is successful you need to approach an ATL an authorized test lab and this authorized test lab basically can run the certification tests on behalf of you now CSA has authorized multiple test labs and the list can be found on the CSA website so you can choose the lab of your choice and you can submit your product to the lab for certification now along with the product samples you do need to submit two other things one is the Declaration of Conformity which is more of a document with your signatures and everything and the second one is the protocol implementation conformance statement which is also short formed as pics which is essentially an XML document and the pics basically lists all the mandatory and optional characteristics that a product has so it basically defines the uh the capabilities of product in the context of matter features so once you submit these details to the test lab the test lab conducts its own testing and at the end of it uh it delivers the report to the CSE uh also in between uh the ATL may get back to you asking for some justifications or some additional tests or if there are failures you need to provide fixes but after the successful run the results go to CSA and then you have to approach CSA again with the same Declaration of confirm and protocol implementation conformance statement in addition to these two documents you also need to submit transport attestations and security attestation now transport attestations depend on what type of product you are building and they are essentially the transport level certifications like if you are building a Wi-Fi matter accessory you need to submit Wi-Fi Alliance certificate as well as Bluetooth 6 certificate if you are building a credit accessory you have to submit thread certification as well as Bluetooth 6 certification so once you submit uh this documentation and when CSA receives the results from test lab uh the CSA reviews these information and finally gives the certification to your product so when you receive the certification you get bunch of uh artifacts from CSA and they are essentially a certificate matter logos that you can use on your product branding the listing of your product on CSA website and your product also gets listed in something called DCL built it later and then you get certification declaration which is a binary blob delivered to you now certification declaration is a block that is signed by a CSA and that contains the product certification information the certification declaration is present in the device and the corresponding information is also made available in the DCL and certification declaration has all the required information to identify the matter certification for this product which includes the vendor ID and list of product IDs it is list here because of family of products can be certified together a type of device a certification type whether it's the provisional certification or official final certification ah also there is a uh there are some additional data present in the certification declaration so now this is the process for a complete full product testing based certification now there are two other programs that we talked about one is the certification by similarity and certification transfer program uh both these programs don't have to undergo an extensive testing because the certification has happened for these devices and then you only are applying for certification based on the original certification that is already present so if we talk about certification transfer program it is basically associate and adopter members they can apply for certificate transfer program for products these are products certified by either promoter or participant members uh this is especially to facilitate white labeling and rebranding of products uh say for example odms building the products which can be then uh bought by any brand owners to be sold as their own branded devices in this case only the packaging enclosure and user interface is allowed to be changed now without certification by similarity certification by similarity basically facilitates uh deriving the certification based on your own product which is already certified so if you think that the product is almost the same and there are only minor changes uh then you can apply for certification by similarity by giving the justification to CSA in this case the original product should run the same meta software as of the new product and as per as a review the CSM may ask you to conduct some additional testing both these cases you don't have to undergo the complete certification with through the authorized test lab for the certification now in the case of OTA there is a requirement that any new software upgrade also needs to end to be ensured to comply with the matter specification and this is especially important because many of the times products require frequent fixes and upgrades to address the bugs and security issues in the product uh in this case new device firmware can undergo rapid recertification process um and this this is applicable only when the original product has passed full authorized test lab based testing and has gotten successful matter certification this is available to qualified CSA members and this is in currently in experimental form so in this case for the rapid recertification what you essentially do is you test the product with the new firmware in your own lab then you submit the test report to ATL for review and then ATL review the test report and then you just submit application to the CSA when the CSA successfully receives the reviews the application you receive the certification in form of modified DS DCL listing or you get a new DCL listing for your new firmware version and you also get a new certification declaration so now let's talk about expressive certification assistant service so expressive basically helps our customers based on our own experience to certify matter products in this we can work with the lab to assist the complete certification for the customers products so in this case we assist customers doing the complete certification uh steps that we discussed in the previous slide if required we can also assist for sub parts of the certification process such as running the preset test runs in espresso's lab to ensure that the product passes all the required tests and then the customer can take the certification uh on on it on his own to the lab so expressive customers can also benefit from a pre-negotiated certification price from the expressive partner test lab and that way they can get benefited from the uh for for the certification if they are going for certification directly now let's talk about device attestation and certificates so in in the case of matter specification there are certain attestation goals so the first one is the certification attestation uh the commissioner who is commissioning the matter product or any other entity should be able to ensure that the product that it is talking to it has obtained a valid and verifiable matter certification then the next is device attestation the commissioner or any other entity should be able to ensure that the matter device it is talking to is indeed a genuine matter device and not a counterfeit device the third goal is software attestation the firmware version running on the particular matter of device the that that software or of that firmware version should also be matter compliant and that should be verifiable by the controller or the commissioner and all of this needs to be cryptographically verifiable and preferably it should happen without requiring centralized infrastructure so these are the attestation goals and the the way these attestation goals are achieved are they begin at the distributed compliance Ledger which is commonly short formed as a DCL now DCL is a non-centralized that is distributed and a cryptographically secured database so you can assume that it is not at the central place and it can be fully verifiable and no unauthorized entities can make any changes to this distributed compliance Ledger the commissioner and other devices can read these DCL entries and then they can verify the authenticity and use this DCL as a root of trust for various attestation [Music] requirements that we talked about in the last slide so this is how the DCL looks like right so the DCL basically includes four different types of entries first one is the product attestation authorities information what they are will look in the next Slide the vendor's own information which also includes who are all the vendors and what vids are allocated to these vendors then the device models and their certification status this is corresponding to the certification declarations that CSA has showed so this is the information where the commissioner or any other entity can verify the certification status of the device and then finally device software version info for in the case of any new OTA upgrade the new DCL entry will be present for the new upgrade firmware so how does device attestation work so device attestation is based on a public private key cryptography and the device attestations root of trust begins at the DCL as I mentioned so DCL basically has the list of product attestation authorities there is paa certificates and these certificates are listed in the DCL so any entity can have access to this list of pas now the paas are the first level CA first level signing authorities who sign something called Product attestation intermediataries and the product attestation intermediatories are essentially the second level signing authorities because the Pais that is uh the second level signing authorities they sign the device attestation certificates which are short form as DAC so Dax are the unique certificates that are present in each matter device so the commissioner now or any other entity for that matter they can look at a particular DAC and they can verify the authenticity of DAC by backtracking this chain and finally looking up in the DCL for the paa who has who establishes the root of trust for that certification so this way uh the actual device attestation can take place to ensure that this device indeed has a certificate which is uh signed which is a valid certificate and is actually signed by an authentic paa and then Pai so now what let's look at what are the manufacturing implications or manufacturing requirements that arise due to this now as we discussed each device needs to have the DAC certificate signed using CSA approved PA the private key of the DAC that is the private key corresponding to the device attestation certificate now this is itself is a device identity and it needs to be protected and it should be securely stored in the device then there is also additional data present each device which is basically a unique passcode and verifier which goes into the QR code of the device this data is used at the time of commissioning of the device to establish the position of the device so that this is used as a proof of position and also to establish a secure channel of communication now let's look at how espressives that pre-provisioning service helps in some of these aspects now we looked at the manufacturing requirements now if you want to build your own DAC provisioning infrastructure you can understand that it can really be complex and time consuming you have to build the entire device programming certificate generation certificate signing yourself not only that now your factory also needs to be secured to be able to work with all these cryptographic material like device private key the signing private key which is signing the device certificates and the data that is generated unique to each device which is the passcode and verifier there are some Services which offer PK as service and they can provide DAC certificates but even in that case you would require some equipment set up in your manufacturing Factory and this can many a times lead to upfront investment as well as the time for setting up your factory and then also unique data programming that is programming unique certificate and the unique data for the QR code it can indeed take more time for each device on your manufacturing line now to solve these uh these problems of the customers how to make it easy for the customer expressive offers DAC pre provisioning service a specific is a CSA approved PA and we have built the secure certificate signing and Manufacturing infrastructure so expressive offers that pre-provisioning service using which expressive connectivity modules and socs they can be pre-provisioned with these certificates securely in espresso's Factory uh when I say secure the provision we ensure that the private key corresponding to DAC gets generated on the chip and never leaves the chip also the signing of these certificates happens securely in the cloud and then the certificates get programmed in each of the modules of the SOC now these modules are and socs they are locked to ensure that these sensitive data like that private key cannot be obtained by any uh entity except the a trusted software that can execute on these chips so when your the chips or modules are in transit or they are in the contract manufacturer's place it is not possible to trivially read the contents to extract this sensitive information from them and then these module sign accesses also get programmed with unique passcode and verifier and this basically also simplifies generating this information which is unique for each device and then you can generate device QR codes easily from that database and then finally when customers receive the secured pre-provision modules uh this they are also delivered with the database that contains these module identifiers certificates and the passcode and verifier so this is what the expressive directory provisioning service is now let's talk about esp0 modules which further simplify the certification and Manufacturing both now what if a customer wants to do their own device or they want to build their own device which is matter certified but the device is really simple device like a Smart Switch light or blinds and there is no specific software requirement and it's very simple device then this certification and Manufacturing can be too complicated for them and that's where ESP zero code modules come into the picture so ESP zero code modules basically these are the modules which can be put into any product to make that product matter certifiable so these modules are pre-programmed and pre-provisioned matter certified modules so these pre-programmed modules essentially run a certified firmware and then the they are provisioned with the DAC and the unique data for each device so that the entire complexity of the manufacturing is removed and now you can easily put these modules in your product to build the connected the other matter compatible product uh expressive supports most common device types with this standard functionality for example light bulbs or different form factor of Lights sockets receptacles and switches and as also the blind controllers We are continuing to add more and more devices in the with the supported by the esp-0 core modules and then ESP 0 code modules can support both matter over Wi-Fi as well as matter over thread accessories using espressives esp32c series and esp32 H2 socs and models now what are the advantages of the esp0 code modules this is the probably the simplest way to create matter enabled devices because all you have to do is integrate these modules in your device then matter certification is obtained and maintained by expressive in this case the customers can just use the certificate transfer program to get these matter certification transferred in their own name and they can start selling these products with matter no custom phone apps or voice assistant skills are required because all the existing ecosystem phone apps are are basically capable of commissioning and controlling these devices this significantly reduces your engineering then working with all matter compatible ecosystems such as Alexa Google Apple Samsung these products are they have all the smart functionality that you would require so that you can also get remote control uh of this device is built using matter zero code modules um and you can all you have to do is use existing ecosystem phone applications for that and then expressive also provides device management and OTA dashboard for all the devices so that you can monitor your devices in the field you can perform the over there upgrades for these devices as well then optionally they also come with ESP rain maker Cloud connectivity in case you want devices to have a separate Cloud connectivity ESP zero code modules can have an optional ESPN maker Cloud connectivity and their own phone applications which are also matter compatible that way you can have your own complete matter enabled products as well as phone applications which can control these devices both locally as well as remotely so how can I try this thing out so we have built a zero code console so you can visit uh zero code.expressive.com to take a look at it let's quickly look at the demo video of how the zero code console really works and how you can quickly build the products using esp0 Code modules thank you [Music] thank you [Music] thank you [Music] so yes as you see in this video you can actually build these products with ease so that's all for this webinar we thank you for your presence here and now we are ready to take any questions that you may have thank you I may for your presentation and as you told you uh we have uh a q a session right now so please this is uh that now it's the time for questions uh we already answered some uh questions uh live in the chat so uh again this is the uh last uh webinar about matter it doesn't mean that we are not going to do any other uh matter webinar uh so we we are still like uh planning more webinars for you guys so uh it will be something that special will continue so this is the last but you know less of this series so I mean do you have any anything else to share about these uh matter uh webinar series um yes uh suddenly so our goal is basically to address uh all different types of questions that we frequently get from our customers right matter being a new technology it has a lot of potentials but there are also questions that our customers usually ask so through these webinars we have tried to uh help our customers not only at the very engineering level but even also at the product management level to understand what is required to build these Metal Products right so as Peter said yes we will continue um this endeavor of providing this information to our customers through different mediums with additional webinars so yeah that's everything thank you yeah so now we have like a really short break uh maybe one minute and then we'll be back for answering the audience questions again thank you okay so we are back for the Q a so to join us we have a chanchu from espressiv hello hi hello so thank you for being here to help us for the Q a session and to start I have already here one question for you guys okay here's the question for product testing based on matter certification what are the various costs involved um sure I'll take that question so for the the product certification based on the complete testing uh so the first thing is the CSA membership fees uh as you know that you have to be uh a non-associate member you have to be either adopt a participant or promoter member to get your product certified using testing so the CSA membership fees you can find more details on the CSA website then as we discussed you have to approach an authorize test lab and the lab will have its own charges based on the efforts that are required to run the Certification testing once the labs submit the result results to CSA again there is a certification fees that you have to pay to CSA to get your product certification artifacts so those are essentially the three different costs that are involved in getting the certification for your matter product okay thank you and the second question we I think we have a lot of questions from the audience thank you for the questions and this second one I think it's like three questions in one so what are the benefits of carrying certification uh can't we launch the products without certifications can we launch the our product with test certificates from CSA I think it's this question is uh from one one guy so yep okay so yeah I will take this question uh so basically so you know from CSA side uh the metal working group launches the official matter certification testable program to ensure that all the matter implementation is compatible with the matter spec and ensure that all these devices can work together under the same matte fabric Yeah so basically it's uh the answer is yes so every devices need to go to the certification test and get the certificate from the CSA there is some way to ensure that if the devices is not certified it cannot be commissioned to The Meta fabric so you know there is some device attestation flow and the commissioner will find the devices have the collect uh device certificate as well as the certificate declaration from CSA Yeah so basically the answer is yes yeah okay thank you and the next question but before going to the next question I would like to ask to the audience where are you guys from I see people like from Italy I we already know some of some of you guys who are attaining in all or webinars so thank you for being here again and for the new ones uh please just let me know where are you from okay so the next question can can you shed some lights on the expressive uh DAC pre provisioning service C price pricing sorry so um I can I can take that question so uh yes uh expressives that reproductioning service may be the most cost effective solution to have the that uh provision modules at your for your product development and production um in terms of pricing you can fill up the form that is uh that will be made available in the video description here but in terms of the cost structure it is a very small uh uh one time setup fee that that does and then there is a small per device of per module uh component uh that gets added so so essentially it's it's not a significant capital expenditure and uh this this cost you can this is more as a pay as you go pricing that we have for the that preparing service okay good so let's sorry not last question but another question we got uh do we have to pay for each product even if we buy membership such as adapter uh yeah I will take that question so yes uh even if you are an adopter member uh very it is a paid membership the product certification has a different fees Associated and yes uh you you'll find uh all of this information from the CSA portal uh itself so yes you can you can if you can find this information from CSA portal but as um as as my understanding goes yes you have to pay the per device certification fees to get the certification okay thank you uh the next question um is it possible to use the zero code to boilerplate a matter device with expressive and then customize slash add capabilities to the firmware from that base uh yeah basically I think it's possible uh so you know our zero coding is still a matter implementation but additionally we add some uh additional features like the Remake integration yeah but I think the customers still are able to implement their own code application logic based on our dialog code solution yeah okay thank you for the explanation and I think this one would be the last question uh could you please share some examples about family products certification uh so for the family certification uh actually it's a new certification type released by CSA uh I think it's last a year yeah so uh it's mainly for the cases that the metal part uh the features are all the same but with some other changes which is not related to math brought by itself like the different power supply like some power is for the U.S market and some other for the maybe the Europe region yeah so and as well as some other changes like the device with a different color or with some different shape but the one important thing is the metal related features should be the same so in this case these devices can apply the apply on the same family yeah I think it's a good option to save some cost for some really similar devices yeah yeah okay thank you so we have a hello from uh Germany uh so I will just try to get this uh this question just one second um where is the question it's okay it's here sorry so can the zero code version speak tally q and x or one dash 10 or pwm4 controlling uh Luminaire uh drivers or similar things from where it is continuously evolving a product right now it supports pwm one of the interfaces for the lighting diminx however we do plan to continue adding more interface support such as KNX or Dali or 0 to 10 volt Uh current uh sorry the other 10 volt voltage based control uh so we do plan to continue expanding uh esp0 core console with additional driver support with support for more modules from our side please note that also the esp32 H2 based thread based end device support will soon available in the esp-0 code console and also of course support for additional types of devices so right now while it is the live sense which is uh please stay tuned to have additional device supported additional devices supported from zero core console thank you so uh I'd like to thank you guys for answering all the questions uh so if if you have any uh questions uh please you can ask uh in the comments we will leave a form in the video description if you want to you know like share some or like if you don't want to share your question publicly so you can ask directly uh buy this uh this form and again thank you audience for all the questions and for you know like to be part of this amazing journey this is the last session for the matter Series so thank you so much uh everyone for your support uh we really appreciate that yeah so I think that's that's it for today so guys if you have any anything else to to share or otherwise we can just uh finish this stream yeah okay thanks thank you thanks Evan yeah thank you thank you thank you