Security; Knx Secure; Project Password - MDT Technologies Object Server VisuControl Easy II Technical Manual

Technical Manual
Object Server VisuControl Easy II [VC-EASY.03]

2.7 Security

2.7.1 KNX Secure

The use of the KNX Secure functionality requires the ETS as of version 5.7.
KNX Secure distinguishes between two mechanisms: IP Secure and Data Secure.
KNX IP Secure allows secure transmission in IP networks by encrypting and authenticating messages sent
out. IP Secure ensures that KNX tunnelling or routing messages cannot be read or manipulated at the IP
level. KNX IP Secure forms an additional security shell that protects the complete KNXnet IP data traffic.
KNX Data Secure ensures that the messages/telegrams sent out by KNX devices (independent of the KNX
medium) are encrypted and/or authenticated as long as both devices are KNX Data Secure capable. If one
of the devices does not support KNX Data Secure, the communication is still unencrypted.
Note: The Object Server VC-EASY.03 supports up to 50 group addresses with activated security.
FDSK (Factory Device Setup Key)
Each KNX Secure device is delivered with an FDSK. The system integrator/installer enters this key into the
ETS, which generates a device-specific tool key from it. The ETS sends the tool key via the KNX bus to the
device that is to be configured. This transmission is encrypted and authenticated with the FDSK. After
commissioning, the device only accepts the received tool key.
The FDSK is no longer required for further transmission unless the device is reset via a master reset
(see 2.8 Resetting to factory settings). The FDSK of all devices in a project should be detached from the
device label after commissioning and kept on a project-specific basis. The FDSK is located on a detacha-
ble sticker on the side of the housing of the object server.
Secure mode
If a device has security activated, it operates in "Secure Mode" and transmits data in an encrypted format.
This is recognisable by the blue shield symbol.
Plain mode
If a device does not have security activated, it operates in "Plain Mode". Data are transmitted unencrypted.

2.7.2 Project password

The ETS project password is required to activated KNX Secure. Without a project password, secure
commissioning is not possible and the devices are loaded in plain mode.
MDT technologies GmbH · Papiermühle 1 · 51766 Engelskirchen · Germany
Telephone +49 (0) 2263 880 · knx@mdt.de · www.mdt.de 11 / 84