End A Secure Session; Secured Remote At Commands; Secure A Node Against Unauthorized Remote Configuration - Digi XBee 3 ZigBee User Manual

Secure access
3. When authentication is complete, the client device will output a
frame - 0xAE
At this point if authentication was successful, the secure session is established and the client can send
secured data to the server until the session times out.
Note A device can have one outgoing session—a session in which the node is a client—at a time.
Attempting to start a new session while a session is already in progress automatically ends the
previous session.
Note A device can have up to four incoming sessions—sessions in which the device is a server—at a
time. Once that number has been reached, additional authentication requests are rejected until one
of the active sessions ends.

End a secure session

A client can end a session by either waiting for the timeout to expire or by ending it manually. To end a
session, send a Secure Session Control frame - 0x2E
field set and with no password.
Note If a password is supplied on a logout request, an error will occur and the session will remain
connected.
The device ends the outgoing secure session with the node whose address is specified in the type
0x2E frame. This frame can be sent even if the node does not have a session with the specified
address—the device will send a message to the specified server prompting it to clear out any
incoming session data related to the client (this can be used if the server and client fall out of sync. For
example, if the client device unexpectedly loses power during a session.
Sending a type 0x2E frame with the logout option bit set, and the address field set to the broadcast
address will end whatever outgoing session is currently active on the client and broadcast a request
to all servers to clear any incoming session data related to that client.

Secured remote AT commands

Secure a node against unauthorized remote configuration

Secured Access is enabled by setting bits of
verifier (*V, *W, *X,
password.
Configure a node with a salt and verifier
In this example, the password is pickle.
1. The salt is randomly generated and the verifier is derived from the salt and password as
follows:
*S = 0x1938438E
*V = 0x0771F57C397AE4019347D36FD1B9D91FA05B2E5D7365A161318E46F72942A45D
*W = 0xD4E44C664B5609C6D2BE3258211A7A20374FA65FC7C82895C6FD0B3399E73770
*X = 0x63018D3FEA59439A9EFAE3CD658873F475EAC94ADF7DC6C2C005b930042A0B74
Digi XBee® 3 Zigbee® RF Module
to indicate whether the login was a success or failure.
SA (Secure
*Y) must be set. You can use XCTU to generate the salt and verifier based on a
Secured remote AT commands
Secure Session Response
to the local client device with bit 0 of the options
Access). Additionally, an SRP Salt (*S) and
43