Knx Secure - Theben Training Case KNX Manual

The KNX bus system

4.6 KNX Secure

ETS 5 Version 5.5 and higher support secure communication in KNX systems. A
distinction is made between secure communication via the IP medium using
KNX IP Secure and secure communication via the TP and RF media using
KNX Data Secure.
In the ETS catalogue, KNX products supporting "KNX Secure" are clearly
identified :
As soon as a "KNX-Secure" device is included in the project, the ETS requests a
project password. If no password is entered, the device is included with Secure
Mode deactivated. However, the password can also be entered or changed later
in the project overview.
4.6.1 Start-up with KNX Data-Secure
For secure communication, the FDSK (Factory Default Setup Key) is required. If a
KNX product supporting "KNX Data Secure" is included in a line, the ETS
requires the input of the FDSK. This device-specific key is printed on the device
label and can either be entered by keyboard or read by using a code scanner or
notebook camera.
Example of FDSK on device label
After entering the FDSK, the ETS generates a device-specific tool key. The ETS
sends the tool key to the device to be configured via the bus. The transmission
is encrypted and authenticated with the original and previously entered FDSK
key.
Neither the tool key nor the FDSK key are sent in plain text via the bus.
After the previous action, the device only accepts the tool key for further
communication with the ETS.
The FDSK key is no longer used for further communication, unless the device is
reset to the factory setting: In this case, all set safety-related data will be
deleted.
The ETS generates as many runtime keys as needed for the group
communication you want to protect. The ETS sends the runtime keys to the
device to be configured via the bus. Transmission takes place by encrypting and
authenticating them via the tool key. The runtime keys are never sent in plain
text via the bus.
Manual for the training case KNX 13