Table of Contents
Advertisement
The FDAP Gen3 and FDAP Gen3 Anchor have a default BLE key which is
192021 (6-digit key for pairing), once the FDAP Gen3 connects with
NOTE
WDM, it is mandatory to change the BLE pin using the WDM user
interface. When the FDAP Gen3 and FDAP Gen3 Anchor are reset to
default (when not connected to WDM), the BLE key changes back to the
default key.
FDAP1/ FDAP2 Authentication
In addition to data encryption, wireless standard requires each FDAP1/ FDAP2 to be
authenticated before joining the network. OneWireless network relies on a more secured IR
authentication key distribution method as it requires users to be physically next to the
FDAP1/ FDAP2 to add it to the network. The authentication keys are generated and
managed by the WDM. A Provisioning Handheld device is used to upload the
authentication keys from the WDM to Provisioning Handheld device and to download keys
to FDAP1/ FDAP2 using IR media. The IR media is used to send an authentication key
from the Provisioning Handheld device to the FDAP1/ FDAP2. Therefore, all Provisioning
Handheld devices and FDAP1/ FDAP2 have IR ports for device commissioning. The keys
are encrypted when distributed over the network. Once a key is deployed to an FDAP1/
FDAP2, it is validated by the WDM before the FDAP1/ FDAP2 can join the OneWireless
network.
Key deployment is a one-time activity, that is, the devices can rejoin the network after
power down or after any other service interruptions without re-keying the device.
OneWireless supports a key rotation mechanism to enable a secure network. Once the
devices join the network, a master key and a session key are assigned to each device, and
the session key can be rotated on a periodic basis. The key rotation period can be
configured from the OneWireless user interface. For best system performance, it is
recommended to set the key rotation period as infinite.
Beginning with OneWireless R210, over-the-air provisioning is supported for all ISA100
devices. This allows the FDAPs to join the secure OneWireless network and establish
communication with other devices and the WDM.
Embedded wireless security
To reduce security threats, wireless devices require all process data to be 128-bit
encrypted. The data is encrypted at the source and decrypted at the destination to provide
end-to-end security for the process data. The FDAPs self-discover other neighboring
wireless routing devices, such as Access Points, and routing wireless field devices, to form
a reliable and secure wireless mesh network.
Wireless routing algorithm enables an FDAP to dynamically identify the best route to send
data to and from wireless field devices. This algorithm enables the field device mesh
network to dynamically re-optimize itself when FDAPs are added to or removed from the
network.
OWDOC-X256-en-323A
INTRODUCTION TO FDAP
16
Advertisement
Table of Contents
