manualshive.com logo in svg

EnOcean PTM 216B, User Manual

The EnOcean PTM 216B is an innovative product with numerous features. Enhance your experience by accessing the comprehensive User Manual for free download at manualshive.com. Explore its functionalities and unleash the full potential of this exceptional device at your convenience.

Share
Download
background image

 
USER MANUAL

 

 
 
 

PTM 216B – BLUETOOTH

®

 PUSHBUTTON TRANSMITTER MODULE 

 

© 2022 EnOcean  |  www.enocean.com  

F-710-017, V1.0     

 

PTM 216B User Manual  | v1.0 | February 2022 |  Page 23/86 

 

4.7.1

 

Authentication implementation 

 
PTM 216B implements data telegram authentication based on AES128 in CCM (Counter with 
CBC-MAC) mode as described in IETF RFC3610. At the time of writing, the RFC3610 stand-
ard could be found here: 

https://www.ietf.org/rfc/rfc3610.txt

  

 
The 13 Byte CCM Nonce (number used once – unique) initialization value is constructed as 
concatenation of 6 byte Source Address, 4 byte Sequence Counter and 3 bytes of value 
0x00 (for padding). 

 
Note that both Source Address and Sequence Counter use little endian format (least signifi-
cant byte first). 
 
Figure 18 below shows the structure of the AES128 Nonce. 
 
 

 

 
 

Figure 18 – AES128 Nonce structure 

 
 
The AES128 Nonce and the 128 bit device-unique security key are then used to calculate a 
32 bit signature of the authenticated telegram payload shown in Figure 19 below. 
 
 

 

 

 
Figure 19 – Authenticated payload 

 
The calculated 32 bit signature is then appended to the data telegram payload as shown in  
Figure 14 in chapter 4.6. 
 
In addition to the RFC3610 standard itself, please consult also Appendix C for a step by 
step description of the authentication process.

 

 

Summary of Contents for PTM 216B

Page 1: ...er Manual v1 0 February 2022 Page 1 86 Patent protected WO98 36395 DE 100 25 561 DE 101 50 128 WO 2004 051591 DE 103 01 678 A1 DE 10309334 WO 04 109236 WO 05 096482 WO 02 095707 US 6 747 573 US 7 019 241 Observe precautions Electrostatic sensitive devices PTM 216B Bluetooth Pushbutton Transmitter Module 17 March 2022 ...

Page 2: ...ity is assumed for possible omissions or inaccuracies Circuitry and specifications are subject to change without notice For the latest product specifica tions refer to the EnOcean website http www enocean com As far as patents or other rights of third parties are concerned liability is only assumed for modules not for the described applications processes and circuits EnOcean does not as sume respo...

Page 3: ...o channel radio transmission sequence 14 3 3 4 Single channel radio transmission sequence 14 4 Telegram format 15 Preamble 15 Access Address 15 Header 15 Source address 16 4 4 1 Static source address mode 16 4 4 2 Resolvable private address mode 17 Check Sum 18 Telegram payload 19 4 6 1 Data telegram payload 19 4 6 2 Button action encoding 20 4 6 3 Commissioning telegram payload 21 PTM 216B data t...

Page 4: ...URER_ID_WRITE register 42 6 7 8 OPTIONAL_DATA register 43 6 7 9 VARIANT register 44 6 7 10Radio channel selection registers 46 6 7 11Customer Data 47 Private data 48 6 8 1 Security key 48 6 8 2 Default settings 48 7 PTM 216B device label 49 PTM 216B device label structure 49 QR code format 50 8 Device integration 51 Mechanical interface characteristics 51 Mechanical interface drawings 51 OEM produ...

Page 5: ...ow 74 B 1 2 Address resolution example 75 C Authentication of PTM 216B data telegrams 76 C 1 Algorithm input parameters 76 C 1 1 Constant input parameters 76 C 1 2 Variable input parameters 77 C 1 3 Obtaining the security key 78 C 1 3 1 Obtaining the security key via NFC interface 78 C 1 3 2 Obtaining the security key via the product QR code 79 C 1 3 3 Obtaining the security key via a commissionin...

Page 6: ...bow located on the left and right of the module This energy bow which can be pushed from outside the module by an appro priate pushbutton or switch rocker When the energy bow is pushed down or released electrical energy is created and a radio telegram according to the Bluetooth low energy standard is transmitted This radio tele gram transmits the status of all four contact nipples when the energy ...

Page 7: ...ication Unique 48 Bit Device ID factory programmed Security AES128 CBC Mode with Sequence Code Power Supply Integrated Kinetic Energy Harvester Button Inputs Up to four buttons or two rockers Dimensions 40 0 x 40 0 x 11 2 mm Weight 20 g 1g Environmental conditions Operating Temperature 25 C 65 C Storage Temperature 25 C 65 C Humidity 0 to 95 r h non condensing Packaging information Packaging Unit ...

Page 8: ...device An internal spring will release the energy bow as soon as it is not pushed down anymore When the energy bow is pushed down electrical energy is created and a BLE radio tele gram is transmitted which identifies the action pressed or not pressed and the status of the four button contacts 2 Releasing the energy bow similarly generates energy which is used to transmit a different radio telegram...

Page 9: ...tton contacts and the energy bow encodes this status into a data word generates the proper radio telegram structure and sends it to the radio transmitter RF transmitter Transmits the data in the form of a series of short 2 4 GHz Bluetooth Low Energy radio telegrams using the integrated antenna NFC interface Allows reading and writing certain product parameters using an NFC compliant reader writer ...

Page 10: ...o channels Channel A and Channel B each containing two button contacts State O and State I The state of all four button contacts pressed or not pressed is transmitted together with a unique device identification 48 Bit device ID whenever the energy bow is pushed or re leased Figure 4 below shows the arrangement of the four button contacts and their designation Figure 4 Button contact designation O...

Page 11: ...er 6 7 10 The initialization value for data whitening is set as follows For BLE channels is set according to specification value radio channel For the custom radio channels the initialization value is equal to the offset from 2400 MHz e g value 3 for 2403 MHz Table 1 below summarizes radio channels supported by PTM 216B Radio Channel Frequency Channel Type BLE Radio Channels 37 2402 MHz BLE Advert...

Page 12: ...ure 5 Default radio transmission sequence User defined radio transmission sequences In certain situations it might be desirable to transmit radio telegrams on channels other than the three advertising channels PTM 216B therefore allows to select the radio channels to be used for the transmission of data telegrams and commissioning telegrams The following transmission modes are sup ported Both comm...

Page 13: ...e channel radio transmission sequence The three channel radio transmission sequence is similar to the default transmission se quence The difference is that the radio channels BLE Channel 37 38 and 39 in the default transmission sequence can be selected using the registers TX_CHANNEL1 TX_CHANNEL2 and TX_CHANNEL3 The PTM 216B telegram will in this mode be transmitted on the radio channel selected by...

Page 14: ...n sequence The format of TX_CHANNEL1 and TX_CHANNEL2 is described in chapter 6 7 10 3 3 4 Single channel radio transmission sequence The single channel radio transmission sequence removes transmission on the second and third radio channel selected by TX_CHANNEL2 and TX_CHANNEL3 respectively i e all trans missions will be on the radio channel selected by TX_CHANNEL1 The PTM 216B telegram will be se...

Page 15: ...low summarizes the BLE frame structure Figure 9 BLE frame structure The content of these fields is described in more detail below Preamble The BLE Preamble is 1 byte long and identifies the start of the BLE frame The value of the BLE Preamble is always set to 0xAA Access Address The 4 byte BLE Access Address identifies the radio telegram type For advertising frames the value of the Access Address ...

Page 16: ...ss flag in the Configuration register see chapter 6 7 3 to 0b1 These two address modes are described in the following chapters 4 4 1 Static source address mode By default PTM 216B uses static source addresses meaning that the source address is con stant during normal operation The static source address can be read and configured writ ten via NFC as described in chapter 6 The structure of PTM 216B ...

Page 17: ...ty Resolution Key IRK PTM 216B uses its device unique ran dom key as identity resolution key This key can be modified if needed via the NFC configu ration interface as described in chapter 6 7 5 For each data telegram transmitted by PTM 216B i e for every button push or release a new resolvable private address is generated The 48 bit address field of such resolvable private address is split into t...

Page 18: ...nsmitter and thereby the identity of the transmitter So conceptually the IRK takes the role of the device address of the transmitter while prand and hash provide a mechanism for the receiver to select the correct IRK among the set of IRK known to it This mechanism is illustrated in Figure 13 below Figure 13 Resolving private addresses Refer to Appendix B for an example of resolving a resolvable pr...

Page 19: ... the size of the Optional Data field which can be 0 1 2 or 4 byte The resulting Length setting would be 12 13 14 or 16 byte 0x0C 0x0D 0x0E 0x10 respectively Type 1 byte The Type field identifies the data type used for this telegram For PTM 216B data telegrams this field is always set to 0xFF to designate manufacturer specific data field Manufacturer ID 2 byte The Manufacturer ID field is used to i...

Page 20: ...fy and transmit button contact status 1 Determine direction of the energy bar movement Push Action or Release Action 2 Read input status of all button contacts 3 Calculate data payload 4 Calculate security signature In PTM 216B the type of action Press Action or Release Action is indicated by Bit 0 Ener gy Bar If a button contact has been actuated during Press Action or Release Action then this is...

Page 21: ...erface as described in chapter 6 7 7 Sequence Counter 4 byte The Sequence Counter is a continuously incrementing counter used for security pro cessing It is initialized to 0 at the time of production and incremented for each tele gram data telegram or commissioning telegram sent Security Key 16 byte Each PTM 216B device contains its own 16 byte device unique random security key which is generated ...

Page 22: ...counter the device source address and the telegram payload Changing any of these three parame ters will therefore result in a different signature The receiver performs the same signature calculation based on sequence counter source address and the remaining telegram data of the received telegram using the security key it received from PTM 216B during commissioning The receiver then compares the si...

Page 23: ...yte Source Address 4 byte Sequence Counter and 3 bytes of value 0x00 for padding Note that both Source Address and Sequence Counter use little endian format least signifi cant byte first Figure 18 below shows the structure of the AES128 Nonce Figure 18 AES128 Nonce structure The AES128 Nonce and the 128 bit device unique security key are then used to calculate a 32 bit signature of the authenticat...

Page 24: ...ticate its radio telegrams PTM 216B provides the following options for these tasks NFC based commissioning The PTM 216B parameters are read by a suitable commissioning tool e g NFC smartphone with suitable software which is already part of the network into which PTM 216B will be commissioned The commissioning tool then communicates these parameters to the intended receiver of PTM 216B radio telegr...

Page 25: ...dditional security NFC read out of the new security key can be disabled by set ting the PRIVATE SECURITY KEY flag in the Configuration register before setting the new security key This ensures that even persons knowing the correct PIN code to configure this spe cific switch cannot read out the programmed new security key Please verify that you have properly documented the new security key as there...

Page 26: ...ded receiver of PTM 216B radio telegrams See chapter 7 for details of the commissioning code structure Radio based commissioning For cases where both NFC and camera based commissioning are not feasible it is possible to set PTM 216B into a specific mode where it transmits commissioning telegrams This functionality can be disabled via the NFC configuration interface by setting the DISABLE LRN TELEG...

Page 27: ...onfigured via NFC interface then PTM 216B will not enter commissioning mode and transmit normal data telegrams according to the button status 5 3 2 Commissioning telegram transmission PTM 216B will transmit a commissioning telegram on the radio channels selected as de scribed in chapter 3 1 upon entering commissioning mode The structure of the commis sioning telegram is described in chapter 4 6 3 ...

Page 28: ... down position for at least 10 seconds before be ing released The button contacts A0 A1 B0 and B1 can be released at any time after pressing the energy bow down i e it is no requirement to hold them as well for at least 10 seconds Upon detecting this input PTM 216B will restore the default settings of the following items Static Source Address Security Key and Security Key Write register Both regis...

Page 29: ...C reader either PC USB accessory or suitable smartphone tablet NFC SW with read write PIN lock PIN unlock and PIN change functionality EnOcean recommends TWN4 order code T4BT FB2BEL2 SIMPL from Elatec RFID Systems https www elatec rfid com en as USB NFC reader This reader is shown in Figure 21 below Figure 21 Elatec TWN4 MultiTech Desktop NFC Reader TWN4 can be configured as CDC Virtual COM port a...

Page 30: ...443 standard For specific implementation aspects related to the NXP implementation in NT3H2111 please refer to the NXP documentation which at the time of writing was available under this link https www nxp com docs en data sheet NT3H2111_2211 pdf The following chapters summarize the different functions for reference purposes 6 2 1 NFC interface state machine Figure 22 below shows the overall state...

Page 31: ...UID using the ANTICOLLISION or SELECT commands for cascade level 1 READY 1 state is exited after the SELECT command from cascade level 1 with the matching complete first part of the UID has been executed The NFC tag then proceeds into READY 2 state where the second part of the UID is resolved 6 2 4 READY 2 state READY 2 is the second UID resolving state where the NFC tag resolves the remaining 4 b...

Page 32: ...s 4 byte in size For example if the specified address is 03h then pages 03h 04h 05h 06h are returned Spe cial conditions apply if the READ command address is near the end of the accessible memory area Figure 23 below shows the read command sequence Figure 23 NFC read command sequence 6 2 7 Write command The WRITE command requires a start page address and returns writes 4 bytes of data into that pa...

Page 33: ...cation via the PWD_AUTH command The PWD_AUTH command takes the password as parameter and if successful returns the password authentication acknowledge PACK Figure 25 below shows the password authentication sequence Figure 25 Password authentication sequence After successful authentication the password can be changed by writing the new password to memory page 0xE5 Note that a read access to page 0x...

Page 34: ...are sup port package At the time of writing this was available from this address https www elatec rfid com en download center contact form twn4 devpack sdk Figure 26 below shows the user interface of this software Figure 26 User interface of TWN4 Director By using this software it is easily possible to generate the required serial commands that have to be sent via CDC Virtual COM port to TWN4 and ...

Page 35: ...00 0xE2 0x15 0x00 0x00 NTAG_Read page Used to read one page of data Example NTAG_Read 0x04 NTAG_Write page data Used to write one page of data Example NTAG_Write 0x40 0x12 0x34 0x56 0x78 NTAG_Write 0xE5 PIN Code Used to set a new pin code by writing to page 0xE5 Example NTAG_Write 0xE5 0x12 0x34 0x56 0x78 6 3 2 Translation into binary data In order to use these commands within a user application t...

Page 36: ...on The PTM 216B configuration memory is divided into the following areas Public data Protected data In addition to that PTM 216B maintains a private configuration memory region used to store default parameters and confidential information which is not accessible to the user Figure 29 below shows the configuration memory structure used by PTM 216B Figure 29 Configuration memory structure ...

Page 37: ...CMD BLE_B0_PRESS_CMD BLE_B0_RELEASE_CMD 1E BLE_B1_PRESS_CMD BLE_B1_RELEASE_CMD BLE_A0_A1_PRESS_CMD BLE_A0_A1_RELEASE_CMD 1F BLE_A0_B0_PRESS_CMD BLE_A0_B0_RELEASE_CMD BLE_A0_B1_PRESS_CMD BLE_A0_B1_RELEASE_CMD 20 BLE_A1_B0_PRESS_CMD BLE_A1_B0_RELEASE_CMD BLE_A1_B1_PRESS_CMD BLE_A1_B1_RELEASE_CMD 21 BLE_B0_B1_PRESS_CMD BLE_B0_B1_RELEASE_CMD BLE_A0_A1_B0_PRESS_CMD BLE_A0_A1_B0_RELEASE_CMD 22 BLE_A0_A1...

Page 38: ...onfigured by the customer as required to identify his PTM 216B based product see chapter 6 7 7 Static Source Address This is a 4 byte field containing the four least significant bytes the two most signifi cant bytes are always 0xE215 of the static source address used by PTM 216B see chapter 4 4 1 Each PTM 216B is pre programmed with an individual static source address The Static Source Address can...

Page 39: ... key used by PTM 216B see chapter 6 7 5 OPTIONAL_DATA register This 4 byte register contains optional data that can be transmitted as part of all data telegrams see chapter 4 6 OPTIONAL_DATA_0 is sent first OPTIONAL_DATA_3 last CONFIGURATION register This 1 byte register is used to configure the functional behavior of PTM 216B see chapter 6 7 3 VARIANT register This 1 byte register is used to conf...

Page 40: ... parameters the user has to write the new value into specific reg isters SOURCE_ADDRESS_WRITE OEM_NAME_WRITE MANUFACTURER_ID_WRITE SECURITY_KEY_WRITE in the protected data area and set the according UPDATE flag in the CONFIGURATION register After that the user has to push and release the energy bar of the PTM 216B module 6 7 3 CONFIGURATION register The CONFIGURATION register is 1 byte wide and co...

Page 41: ...andom security key The factory programmed key can be replaced with a user defined key by fol lowing these steps 1 Write new security key into the SECURITY_KEY1 register Note that for security reasons setting the Security Key to the following values is not possible 0x00000000000000000000000000000000 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF If the Security Key Write register is set to one of these values ...

Page 42: ...ITY_KEY flag in the CONFIGURATION register setting the UPDATE_SECURITY_KEY1 register to the desired security key and the UPDATE_SECURITY_KEY flag in the CONFIGURATION register is to 0b1 and pushing the energy bar 6 7 7 OEM_NAME_WRITE and MANUFACTURER_ID_WRITE register The OEM_NAME register is 8 byte wide and is used to identify the OEM or a publicly accessible parameter e g a user specific ID or n...

Page 43: ...ta that will be transmitted as part of each data telegram This optional data can store user specific or ap plication specific information The size of the OPTIONAL DATA field is specified by the OPTIONAL_DATA_SIZE field in the Con figuration register The following settings of OPTIONAL_DATA_SIZE are supported 0b00 0 byte No optional data default 0b01 1 byte 0b10 2 byte 0b11 4 byte If the size of the...

Page 44: ... be selected using Bit 2 0 of the VARIANT register Setting Meaning 0b000 Commissioning and data telegrams in standard Advertising Mode Default configuration 0b001 Commissioning telegrams in standard Advertising Mode Data telegrams on 3 user defined radio channels 0b010 Commissioning telegrams in standard Advertising Mode Data telegrams on 2 user defined radio channels 0b011 Commissioning telegrams...

Page 45: ...erval from the default setting of 20 ms to 10 ms INTERVAL Behavior 0b0 20 ms Interval Default configuration 0b1 10 ms Interval Table 4 INTERVAL settings 6 7 9 3 Data rate selection It is possible to increase the data rate from the default setting of 1 Mbit standard BLE to 2 Mbit proprietary mode using the DATA_RATE field Setting Result 0b0 1 Mbit Data Rate Default configuration 0b1 2 Mbit Data Rat...

Page 46: ...16B Standard BLE radio channels BLE Channel 0 BLE Channel 39 use the even frequencies from 2402 MHz to 2480 Custom radio channels in between the standard BLE channels Custom Channel 40 78 use the odd frequencies from 2403 MHz to 2479 MHz TX_CHANNELn Frequency Channel Type BLE Radio Channels 37 2402 MHz BLE Advertising Channel 0 2404 MHz BLE Data Channel 1 2406 MHz BLE Data Channel 10 2424 MHz BLE ...

Page 47: ... specific information such as product type revi sion date code or similar There is however no restriction other than the maximum size of 256 byte on the type of content that can be stored in this memory region PTM 216B will not access or modify this memory region Users should keep in mind that the content of this memory region will not be affected by a factory reset This means that after a factory...

Page 48: ...ey field contains the 128 bit private key used for authenticating PTM 216B telegrams and for resolving private source addresses This register is programmed with a random value during manufacturing It can be changed using the Security Key Write feature described in chapter 6 7 5 6 8 2 Default settings The Default Settings field contains a backup of the following PTM 216B factory settings Static Sou...

Page 49: ...bel as described in their user manuals and the information given in the subsequent chapters applies only to the PTM 216B module itself PTM 216B device label structure Figure 32 below shows the structure of the PTM 216B device label It identifies key parame ters such as the source address in this case E21501500100 and the manufacturing date in this case week 30 2018 in writing Additionally it conta...

Page 50: ...n codes the following string 30SE21501500100 Z0123456789ABCDEF0123456789ABCDEF 30PS3221 A216 2PDC06 S01234567890123 Table 7 below describes the ANSI MH10 8 2 data identifiers used by the PTM 216B device label and shows the interpretation of the data therein Identifier Length Content Value in this example 30S 12 char Static Source Address E21501500100 Z 32 char Security Key 0123456789ABCDEF01234567...

Page 51: ...wide va riety of existing designs Mechanical interface characteristics Energy bow travel operating force 1 8 mm typ 9 N At room temperature Only one of the two energy bows may be actuated at the same time Restoring force at energy bow typ 0 7 N Minimum restoring force of 0 5 N is required for correct operation Number of operations at 25 C typ 100 000 actuations tested according to VDE 0632 EN 6066...

Page 52: ...ER MODULE 2022 EnOcean www enocean com F 710 017 V1 0 PTM 216B User Manual v1 0 February 2022 Page 52 86 1 these catwalks are not needed when using one single rocker only 2 dimensions of rocker part Figure 34 PTM 216B top view note cut A B and C marking ...

Page 53: ...B BLUETOOTH PUSHBUTTON TRANSMITTER MODULE 2022 EnOcean www enocean com F 710 017 V1 0 PTM 216B User Manual v1 0 February 2022 Page 53 86 Figure 35 PTM 216B cut A 2 dimensions of rocker part Figure 36 PTM 216B cut B and C ...

Page 54: ...ANUAL PTM 216B BLUETOOTH PUSHBUTTON TRANSMITTER MODULE 2022 EnOcean www enocean com F 710 017 V1 0 PTM 216B User Manual v1 0 February 2022 Page 54 86 Hatched areas support planes Figure 37 PTM 216B rear view ...

Page 55: ...rocker part Figure 38 PTM 216B side view If the rocker is not mounted on the rotation axis of PTM 216B several tolerances have to be considered The measure from support plane to top of the energy bow is 7 70 mm 0 3 mm The movement of the energy bow must not be limited by mounted rockers Catwalks of the switch rocker must not exert continuous forces on the button con tacts ...

Page 56: ...equired to use non conductive material no metal or plastic with metal or graphite elements for the rockers the frame and the base plate to ensure best transmission range PTM 216B is powered by the electromagnetic generator ECO 200 For proper func tion magnets or ferromagnetic materials are not permitted within a keep out zone of 60mm around the center of PTM 216B ...

Page 57: ... listed in Table 8 below Identifier Length of data excluding identifier Value 30S 12 characters Static Source Address hex Z 32 characters Security Key hex 30P 10 characters Order Code S3221 A216 Table 8 Required fields for the product QR code 8 3 1 Example for an OEM product QR code For this example we consider an OEM product using a PTM 216B module with the following parameters Static Source Addr...

Page 58: ...ro concrete walls ceilings Typically 5 m range through max 1 ceiling depending on thickness Fire safety walls elevator shafts staircases and similar areas should be considered as shielded The angle at which the transmitted signal hits the wall is very important The effective wall thickness and with it the signal attenuation varies according to this angle Signals should be transmitted as directly a...

Page 59: ... in receive mode for a sufficiently long dura tion Three key timing parameters have to be considered when configuring a receiver scanner for periodical reception of advertising events sent by a transmitter advertiser These three parameters are Advertising interval Time between two advertising events sent by the transmitter Scan interval Time between the start of two consecutive scanning cycles of ...

Page 60: ...r starts scanning directly after the start of one transmission and therefore misses a part of it Under these conditions it is necessary that the receiver remains active until the next advertising telegram has been fully transmitted This is illustrated in Figure 41 below Advertising Interval Scan Window Advertising Advertising Figure 41 Scan window setting From Figure 41 above it can be seen that t...

Page 61: ... If PTM 216B uses 20 ms advertising intervals then the scan interval has to be less than the time between the end of the first advertising event and the begin of the third advertising event 2 20 ms 40 ms minus 0 5 ms telegram duration mi nus a timing margin to account for the random time offset at the transmitter Using a scan interval of no more than 37 ms is recommended for this case If PTM 216B ...

Page 62: ...ts It is the responsibility of the OEM manufac turer to demonstrate compliance to all applicable EU directives and standards The EnOcean attestation of conformity can be used as input to the declaration of conformity for the full product At the time of writing guidance on the implementation of EU product rules the so called Blue Guide was available from this link http ec europa eu DocsRoom documen...

Page 63: ...USER MANUAL PTM 216B BLUETOOTH PUSHBUTTON TRANSMITTER MODULE 2022 EnOcean www enocean com F 710 017 V1 0 PTM 216B User Manual v1 0 February 2022 Page 63 86 FCC United States Certificate ...

Page 64: ...s authority to operate the equipment Interference This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasona ble protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used...

Page 65: ...USER MANUAL PTM 216B BLUETOOTH PUSHBUTTON TRANSMITTER MODULE 2022 EnOcean www enocean com F 710 017 V1 0 PTM 216B User Manual v1 0 February 2022 Page 65 86 IC Industry Canada Certificate ...

Page 66: ... B digital device pursuant to ICES 003 These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will ...

Page 67: ... sont conçues pour fournir une protection raisonnable contre les interférences nuisibles dans une installation résidentielle Cet équipement génère utilise et peut émettre une énergie de radiofréquence et s il n est pas installé et utilisé conformément a ux instructions il peut causer des interférences nuisibles aux communications radio Cependant il n existe aucune garantie que des interfé rences n...

Page 68: ...USER MANUAL PTM 216B BLUETOOTH PUSHBUTTON TRANSMITTER MODULE 2022 EnOcean www enocean com F 710 017 V1 0 PTM 216B User Manual v1 0 February 2022 Page 68 86 ACMA Australia Declaration of Conformity ...

Page 69: ...R MANUAL PTM 216B BLUETOOTH PUSHBUTTON TRANSMITTER MODULE 2022 EnOcean www enocean com F 710 017 V1 0 PTM 216B User Manual v1 0 February 2022 Page 69 86 ARIB Japan Construction Type Conformity Certifaction ...

Page 70: ...USER MANUAL PTM 216B BLUETOOTH PUSHBUTTON TRANSMITTER MODULE 2022 EnOcean www enocean com F 710 017 V1 0 PTM 216B User Manual v1 0 February 2022 Page 70 86 10 6 India Equipment Type Approval ...

Page 71: ...ocean com F 710 017 V1 0 PTM 216B User Manual v1 0 February 2022 Page 71 86 11 Product history Table 10 below lists the product history of PTM 216B Revision Release date Key changes versus previous revision DA 01 March 2022 First release for lead customers Table 10 Product History ...

Page 72: ...EE 23 A 1 1 BLE frame structure The message shown above can be parsed into the following components keep in mind the little endian byte order BLE Access Address 4 byte 0x8E89BED6 BLE Frame Control 2 byte 0x1342 Size of source address payload 0x13 19 byte Telegram type Non connectable Advertising BLE Source Address 6 byte 0xE21500001B9F Length of payload 1 byte 0x0C 12 byte Type of payload 1 byte 0...

Page 73: ...9BED6 BLE Frame Control 2 byte 0x2442 Size of source address payload 0x24 36 byte Telegram type Non connectable Advertising BLE Source Address 6 byte 0xE21500001B9F Length of payload 1 byte 0x1E 30 byte Note that this field should correctly be set to 0x1D This issue has been corrected in product version DC 06 Type of payload 1 byte 0xFF manufacturer specific data Manufacturer ID 2 byte 0x03DA EnOc...

Page 74: ...Figure 43 below Figure 43 Execution flow for resolving private addresses RPA resolution Input to the RPA resolution flow is the prand part of the resolvable private address field of the received telegram together with one or several locally stored IRK The receiver will then try for each locally stored IRK if the hash generated using the execu tion flow above matches the hash part of the resolvable...

Page 75: ...4 Next we verify the address mode by looking at the two most significant bit of prand mode prand 0xC00000 22 mode 0b01 Referring to chapter 4 4 2 the setting of 0b01 indicates resolvable private address mode To generate the hash we add 104 bit of padding all zeros to prand 0x00000000000000000000000000493970 We can now generate the hash as AES128 operation between the IRK and the thus padded prand ...

Page 76: ...ithm input parameters These parameters identify high level algorithm and telegram properties and are the same for any PTM 216B telegram Variable algorithm input parameters These parameters identify telegram specific parameters and therefore depend on the specifics of the transmitted telegram C 1 1 Constant input parameters The RFC3610 implementation in PTM 216B requires two constant input paramete...

Page 77: ...unter is transmitted as part of the input data The receiver of PTM 216B telegrams keeps track of this counter and will accept only telegrams with counter values higher than the highest previously used value This eliminates the possibility of reusing previously transmitted telegrams Note that the individual identical advertising telegrams used to encode the same data telegram use the same sequence ...

Page 78: ... key via the product DMC code Obtaining the key via a dedicated commissioning telegram Each option is described now in detail C 1 3 1 Obtaining the security key via NFC interface Using the Elatec TWN4 reader as described in chapter 6 3 the security key can be read using the following command sequence SearchTag 32 NTAG_PwdAuth 0x00 0x00 0xE2 0x15 0x00 0x00 NTAG_Read 0x14 This is equivalent to the f...

Page 79: ...rom the Z field as highlighted in red above C 1 3 3 Obtaining the security key via a commissioning telegram PTM 216B modules can send dedicated commissioning telegrams that identify their security key Transmission of such commissioning telegrams can be triggered by means of a specific button sequence as described in chapter 5 3 Note that this feature can be disabled via the NFC commissioning inter...

Page 80: ... the telegram specific parameters and therefore de pend on the specifics of the transmitted telegram C 1 5 Constant internal parameters The RFC3610 implementation in PTM 216B derives two internal parameters M and L based on the input data and uses them to construct A0_Flag and B_0_Flag which togeth er with the iteration counter i are required for subsequent processing The value of these internal p...

Page 81: ...nter and padding see 4 7 1 FE19000015E2D00A0000000000 A0 A0_Flag followed by Nonce followed by 2 byte 0x00 01FE19000015E2D00A00000000000000 B0 B0_Flag followed by Nonce followed by 2 byte 0x00 no message to encode 49FE19000015E2D00A00000000000000 B1 Input Length followed by Input Data fol lowed by 5 4 3 1 byte of 0x00 padding for optional data size 0 1 2 4 byte 00090CFFDA03D00A0000030000000000 Tab...

Page 82: ...e input parameters are therefore the following Parameter In this example Source Address B819000015E2 little endian representation of E215000019B8 Input Data 0CFFDA035D04000011 Input Length 0x0009 Sequence Counter 5D040000 Security Key 3DDA31AD44767AE3CE56DCE2B3CE2ABB The constant internal parameters are always the same Parameter In this example A0_Flag 0x01 always B0_Flag 0x49 always i 0x0000 alwa...

Page 83: ... AES128 41e60586f0e20faa52c660435c1f247d 3DDA31AD44767AE3CE56DCE2B3CE2ABB X_2 8d89e733da516ae3e08f9e30184909fc S_0 AES128 A0 Key S_0 AES128 01B819000015E25D0400000000000000 3DDA31AD44767AE3CE56DCE2B3CE2ABB S_0 3f736fcc8bcaf2d4aabca0260fab7976 T_0 XOR X_2 S_0 T_0 XOR 8d89e733da516ae3e08f9e30184909fc 3f736fcc8bcaf2d4aabca0260fab7976 T_0 b2fa88ff519b98374a333e1617e2708a The calculated signature is fo...

Page 84: ...t internal algorithm parameters we can now de rive the following variable internal parameters Parameter In this example Nonce B819000015E262040000000000 A0 01B819000015E2620400000000000000 B0 49B819000015E2620400000000000000 B1 000A0DFFDA0362040000101200000000 The execution sequence would then be as follows X_1 AES128 B0 Key X_1 AES128 49B819000015E2620400000000000000 3DDA31AD44767AE3CE56DCE2B3CE2...

Page 85: ...tant internal algorithm parameters we can now de rive the following variable internal parameters Parameter In this example Nonce B819000015E263040000000000 A0 01B819000015E2630400000000000000 B0 49B819000015E2630400000000000000 B1 000B0EFFDA0363040000111234000000 The execution sequence would then be as follows X_1 AES128 B0 Key X_1 AES128 49B819000015E2630400000000000000 3DDA31AD44767AE3CE56DCE2B3...

Page 86: ...put data and constant internal algorithm parameters we can now de rive the following variable internal parameters Parameter In this example Nonce B819000015E26A040000000000 A0 01B819000015E26A0400000000000000 B0 49B819000015E26A0400000000000000 B1 000D10FFDA036A040000101234567800 The execution sequence would then be as follows X_1 AES128 B0 Key X_1 AES128 49B819000015E26A0400000000000000 3DDA31AD4...

Reviews:

No comments

Related manuals for PTM 216B

Yaesu FTM-350R - SOFTWARE UPDATE PROCEDURE 7110 Operating Manual preview
FTM-350R - SOFTWARE UPDATE PROCEDURE 7110
Brand: Yaesu Pages: 18
Yaesu FTM-350R - SOFTWARE UPDATE PROCEDURE 7110 Technical Supplement preview
FTM-350R - SOFTWARE UPDATE PROCEDURE 7110
Brand: Yaesu Pages: 67
Yaesu FTM-100DR/DE Operating Manual preview
FTM-100DR/DE
Brand: Yaesu Pages: 176
Yaesu FTDX5000 CAT BOOK Operating Manual preview
FTDX5000 CAT BOOK
Brand: Yaesu Pages: 148
Yaesu FT2DR Instruction Manual preview
FT2DR
Brand: Yaesu Pages: 56
Yaesu FT-950 Brochure & Specs preview
FT-950
Brand: Yaesu Pages: 12
Yaesu FT-920 Operating Manual preview
FT-920
Brand: Yaesu Pages: 98
Yaesu FT-8100R Technical Supplement preview
FT-8100R
Brand: Yaesu Pages: 96
Yaesu FTM-7250DR Operating Manual preview
FTM-7250DR
Brand: Yaesu Pages: 48
Yaesu FT3DR Technical Supplement preview
FT3DR
Brand: Yaesu Pages: 53
Yaesu FT3DR Operating Manual preview
FT3DR
Brand: Yaesu Pages: 98
Yaesu FT1DR Instruction Manual preview
FT1DR
Brand: Yaesu Pages: 46
Yaesu FT1DR Operating Manual preview
FT1DR
Brand: Yaesu Pages: 156
Yaesu Mark-V FT-1000MP Installation Instructions preview
Mark-V FT-1000MP
Brand: Yaesu Pages: 4
Yaesu FTDX-9000D Operation Manual preview
FTDX-9000D
Brand: Yaesu Pages: 156
Yaesu FTDX-9000 Contest Reference Book preview
FTDX-9000 Contest
Brand: Yaesu Pages: 12
Yaesu VX-120 Series Operating Manual preview
VX-120 Series
Brand: Yaesu Pages: 88
Yaesu Mark-V FT-1000MP Technical Overview preview
Mark-V FT-1000MP
Brand: Yaesu Pages: 10

Brands by name

Popular brands

Load more brands