Developer Console
Sign In
Sign In
Developer Console

App Attestation

Matter Casting requires attestation information from your phone app to the TV. This allows the TV to validate the identity of the phone app to determine which apps should be granted access. The attestation information is contained in the manifest file. The TV uses this information to match a phone app with one or more TV apps.

For example, the Foo TV app on a Fire TV indicates that phone apps Foo-A and Foo-B can access it. The TV then reads this information when loading the Foo TV app, and when a phone app attests to be app Foo-A, the TV grants it access to the Foo TV app.

Device Attestation Certificate and Certification Declaration

Attestation in Matter is done using a Device/Product Attestation Certificate (DAC) and a Certification Declaration (CD).

DAC: Every DAC is signed by an Intermediate Certificate, which itself is signed by a Root Certificate. The CSA maintains a Distributed Compliance Ledger (DCL) which contains a list of all approved Matter Root Certificates. Some product companies maintain their own Root and Intermediate Certificates, while other product companies use an Intermediate Certificate assigned to them for a specific product by another company (a Certificate Authority). Matter TVs periodically obtain and cache a copy of this Root Certificate list from the DCL and verify that the DAC provided by each phone app chains up to one of the Root Certificates in the cached list.

CD: The CD is a file signed by the CSA, indicating that the product is certified. The CD includes the CSA-issued vendor ID for the product maker, and a product ID issued by the product maker to identify the product. The CD also includes information about the Intermediate Certificate used to sign DACs for the product.

The end result for Casting is that a TV reads the CD and DAC from the phone app to verify it has a valid DAC (chains up to an approved Root Certificate), and a valid CD (product is certificated by CSA), and that the CD was issued for the Intermediate Certificate used to sign the DAC. This allows the TV to verify that the product is made by the company it claims to be, confirmed by the CSA.

How to obtain a DAC and CD for your app

To obtain a DAC, you can either manage your own DAC certificate chain or utilize a 3rd party tool that signs DACs.

  1. Manage a certificate chain yourself. This requires CSA membership of either Participant or Promoter level, as well as compliance with the CSA Certificate Policy which describes roles and responsibilities for the management of Certificate Authority certificates for CSA products. Compliance is demonstrated by completing the CSA’s Certificate Policy Statement, where the member explains how they comply with it. An outside expert hired by the CSA reviews these statements.
  2. Use a 3rd party tool to sign DACs. Any CSA membership level works for this approach. There are a number of companies that manage certificates for DAC signing, and can agree to host dedicated Intermediate Certificates or a dedicated Root Certificate for a customer. Typically these provide a cloud API to sign a Certificate Signing Request issued by your phone app. Amazon has already developed such a service for Matter Casting.

To obtain a CD, a product maker must certify their product, and upon completion, the CSA will issue a CD. An end product can do one of the following:

  1. Include its own implementation of Matter and run the result through Matter Certification tests using an Authorized Test Lab (ATL).
  2. Include a software component library that has already received software component certification. To obtain CSA certification, the product maker fills out CSA paperwork and submits it to the CSA with either the ATL test report or information about the certified software component it uses. Amazon offers both iOS and Android certified software components for Matter Casting partners to use. To obtain certification, a product maker must be a member of the CSA at one of the paid membership levels (Promoter, Participant, Adopter or Associate). There is a fee associated with certification which varies by membership level.

More about CSA Membership Levels can be found here: https://csa-iot.org/become-member/.

Known 3rd party DAC-signing cloud services

There are several companies that offer cloud-based DAC signing services that can be used for Matter Casting. You can reach out to one of them for this service if you need to.

Certifying an App with the CSA

An explanation of certification can be found on the CSA Website. Scroll to the “Certification Process” section. To certify your app, here are some of key steps:

  1. Join CSA. Choose a membership level and join the CSA.
  2. Request a Manufacturer ID or Vendor ID.
  3. Submit a Certification Application along with payment. Example documents for a phone app, which uses the certified software component provided by Amazon, can be found below:
    1. 20-55782-004_Declaration_of_Conformity_DoC_Form_ExampleCastingApp_Android.docx
    2. 20-55782-004_Declaration_of_Conformity_DoC_Form_ExampleCastingApp_iOS.docx
  4. Upon Approval, the CSA provides a Certification Declaration (CD) which contains the Vendor ID and Product ID from your certification.

Last updated: Jan 26, 2024