Table of Contents
Advertisement
If the session key is programmed directly through AT commands, the encryption enable
command must be used to enable encryption on all devices. From there packets can be sent
between coordinator and endpoints as normal with no further consideration of the
encryption keys.
6.3.4. Using session keys directly with no key broadcast
Summary of the process of using session keys directly with no key broadcast.
1. AT command to coordinator to assign session key
2. AT command to endpoint to assign session key
3. AT command to coordinator to enable encryption
4. AT command to endpoint to enable encryption
5. AT commands to send messages between coordinator and endpoint are used and are
the same as they would be without encryption.
6.3.5. Broadcasting session key in the field
Summary of the process of broadcasting the session key in the field.
1. AT command to coordinator to assign provisioning key
2. AT command to endpoint to assign provisioning key
3. AT command to coordinator to assign session key
4. AT commands to coordinator to send the upper and lower portions of the session key.
Since the payload is 64 bits and the AES encryption key is 128 bits, this must be sent
in two separate messages.
5. Endpoint receives session key and automatically decrypts key and enables encryption
for future transactions.
6. AT command to coordinator to enable encryption
7. AT commands to send messages between coordinator and endpoint are used and are
the same as they would be without encryption.
6.3.6. Sequence Number in Packets
All packets whether encrypted or not include a sequence number which, among other
functions, prevents an undetected repeat attack while the system is encrypted.
C
© 2017, R
OPYRIGHT
ADIO
The encryption keys must be non-zero and if the encryption enable AT
command is sent to a device with a key with zeros, the command will be
rejected with an error.
B
I
.
RIDGE
NC
R
B
ADIO
RIDGE
R
B
RBM101 U
ADIO
RIDGE
RBM101 U
G
SER
UIDE
G
P
28
35
SER
UIDE
AGE
OF
Advertisement
Table of Contents
