EnOcean PTM 535Z User Manual Download Page 38 | Manualshive

Page: 38 / 38

background image

USER MANUAL V1.0

© 2016 EnOcean | www.enocean.com

F-710-017, V1.0

PTM 535Z User Manual | v1.0 | March 2016 | Page 38/38

PTM 535Z – 2.4 GHZ PUSHBUTTON TRANSMITTER MODULE

A.4.4

Command payload

The command payload identifies the action performed on the switch (i.e. which buttons
have been pressed). In the case of a secure data telegram, the command is located at byte

10 of the MAC payload as highlighted below:

8C 30 57 21 71 30 04 CD BB AA

22

84 D1 99 78

In this case it is 0x22 meaning that button A0 has been pressed. Refer to chapter

Fehler!

erweisquelle konnte nicht gefunden werden.

for the description of commands sup-

ported by PTM 535Z.

A.4.5

Telegram Signature

PTM 535Z secure data telegrams can be authenticated via a signature.
This signature is 4 byte long and only present if PTM 535Z operates in secure mode. It is

calculated based on the private key (unique for each device), the data payload and a 4 byte
sequence counter (which is incremented for each transmitted radio telegram).
This approach prevents unauthorized senders from sending commands. Note that the con-

tent of the telegram itself is not encrypted, i.e. the switch command is sent as plain text.
In the case of a secure data telegram, the telegram signature is located at the last 4 bytes

of the telegram payload:

8C 30 57 21 71 30 04 CD BB AA 22

84 D1 99 78

Note that the signature changes with each transmission even if the remainder of the MAC

payload remains the same.
This is due to the inclusion of the rolling code into the MIC calculation which prevents mes-
sage replay attacks (capture and reuse of a previous message).

«
...
36
37
38

Summary of Contents for PTM 535Z

Page 1: ... User Manual v1 1 May 2016 Page 1 38 Patent protected WO98 36395 DE 100 25 561 DE 101 50 128 WO 2004 051591 DE 103 01 678 A1 DE 10309334 WO 04 109236 WO 05 096482 WO 02 095707 US 6 747 573 US 7 019 241 Observe precautions Electrostatic sensitive devices PTM 535Z 2 4 GHz Pushbutton Transmitter 31 May 2016 ...

Page 2: ...pecifications are subject to change without notice For the latest product specifications refer to the EnOcean website http www enocean com As far as patents or other rights of third parties are concerned liability is only assumed for modules not for the described applications processes and circuits EnOcean does not assume responsibility for use of modules described and limits its liability to the ...

Page 3: ...guration interface 10 2 6 1 Hardware based security mode selection 10 2 6 2 Hardware based radio channel selection 11 2 7 Radio interface 12 2 7 1 Antenna 12 2 7 2 Supported Radio Channels 12 2 7 3 Radio channel selection 13 2 8 Operation modes 14 2 8 1 Data mode 14 2 8 2 Commissioning mode 15 2 8 2 1 Entry into commissioning mode 16 2 8 2 2 Commissioning telegram 16 2 8 2 3 Radio channel adjustme...

Page 4: ...ATION 29 6 1 FCC United States Certification 29 6 1 1 FCC United States Labeling Requirements 29 6 1 2 FCC United States Certificate 29 6 1 3 FCC United States Regulatory Statement 30 6 2 IC Industry Canada Certification 31 6 2 1 IC Industry Canada Labeling Requirements 31 6 2 2 IC Industry Canada Certificate 31 6 2 3 IC Industry Canada Regulatory Statement 32 A Understanding PTM 535Z telegram str...

Page 5: ... report the result as IEEE 802 15 4 radio telegram Both secure and normal transmission modes are sup ported PTM 535Z telegram format has been defined to maximize compatibility with a wide range of devices including such supporting the ZigBee Green Power standard PTM 535Z radio tele grams are protected with AES 128 security based on a device unique private key PTM 535Z contains a learn button LRN t...

Page 6: ...ode Can be disabled via HW configuration Transmit Power typ at 25 C 2 dBm Power Supply ECO 200 Kinetic Energy Harvester Harvester Interface 2 pairs of contacts On board Button Interface 1 meander contact External Interface 5 pins solderable 2 ECO 200 contacts 2 button inputs Ground Certification R TTE Europe 1 3 Physical dimensions Module Dimensions 26 2 x 21 15 x 3 5 mm Module Weight 2g 1 4 Envir...

Page 7: ...e PTM 535Z 2 2 Basic Functionality PTM 535Z devices contain an interface with two pair of signals AC1 and AC2 used to con nect an external energy generator ECO 200 Having two contact pairs improves the me chanical design flexibility Upon detection of an energy pulse PTM 535Z reports the status of the on board meander contact M1 the external input signals IN1 and IN2 and the polarity of ECO 200 act...

Page 8: ...tail below 2 4 Power supply PTM 535Z is intended to be supplied by a connected ECO 200 kinetic energy harvester ECO 200 can be connected to PTM 535Z in the following ways Mechanical connection to one of the two pairs of AC1 AC2 pads Use of a suitable mechanical design is required to reliably fixate the ECO 200 contacts with the AC1 AC2 connection pads Electrically connected using the AC1 AC2 signa...

Page 9: ...for reference on suitable rubber contact mats if required External input signals IN1 and IN2 PTM 535Z provides and internal pull up resistor on these signals These inputs are considered active if they are connected to Ground GND 2 5 1 PTM 535Z input status encoding Table 2 below shows the encoding used by PTM 535Z Input 2 IN2 Input 1 IN1 Meander M1 ECO 200 Command 0 Not Connected to GND 1 Connecte...

Page 10: ...aption of the following parameters Hardware based security mode selection Hardware based radio channel selection 2 6 1 Hardware based security mode selection By default PTM 535Z transmits securely authenticated data telegrams based on AES128 encryption standard using a 16 byte device unique secret key and a 4 byte sequence counter For certain applications it might be desirable to transmit data tel...

Page 11: ...ing telegram but he cannot modify the radio channel R3 R4 R5 R6 Channel Not populated Not populated Not populated Not populated 11 Not populated Not populated Not populated Populated 12 Not populated Not populated Populated Not populated 13 Not populated Not populated Populated Populated 14 Not populated Populated Not populated Not populated 15 Not populated Populated Not populated Populated 16 No...

Page 12: ..._ANT pin can alternatively be used Connection to the inter nal antenna has to be cut in this case by removing capacitor CA Please check with EnOcean if you intend to use an external antenna 2 7 2 Supported Radio Channels PTM 535Z supports all sixteen IEEE 802 15 4 radio channels in the 2 4 GHz band channels 11 26 according to IEEE 802 15 4 notation Table 4 below shows the correspondence between ch...

Page 13: ...d in two ways User selection using LRN button default mode If configuration resistor R1 is not populated default then the radio channel can be se lected by the user as described in chapter 2 8 2 3 HW selection using configuration resistors requires R1 to be populated If configuration resistor R1 is populated then the radio channel used by PTM 535Z is fixed exclusively by the configuration resistor...

Page 14: ...o PTM 535Z will identify its capabilities and its security pa rameters and if required change the radio channel it uses for telegram transmission 2 8 1 Data mode Data mode is the standard mode of operation In this mode PTM 535Z will transmit data telegrams identifying the status of its inputs PTM 535Z uses the following sequence to identify and transmit input status 1 Determine polarity of ECO 200...

Page 15: ...de provides two key functions Transmission of a commissioning telegram in order to learn in PTM 535Z into a network Radio channel selection in order to set the radio channel of PTM 535Z to that used by the network Figure 4 below shows the commissioning state chart used by PTM 535Z Figure 4 Commissioning state chart used by PTM 535Z The different functions are described subsequently in more detail ...

Page 16: ...ram depends on whether PTM 535Z operates in secure mode or standard mode see chapter 2 9 1 The format of the commissioning telegram is described in chapter 3 4 2 8 2 3 Radio channel adjustment PTM 535Z will enter radio channel adjustment mode if it has entered commissioning mode and again the LRN button is pressed and ECO 200 is actuated in the Press direction PTM 535Z will then set the radio chan...

Page 17: ... g blinking a status light toggling a connected load moving a motor etc Feedback from a dedicated user interface This could for instance instruct the user on the required key sequence and confirm cor rect execution It is the responsibility of the system designer to define a suitable feedback mechanism 2 8 2 5 Storing the new radio channel and return to data mode If PTM 535Z has been successfully s...

Page 18: ... the need for an AES128 signature 2 9 1 Selecting the security mode The default operation mode is secure mode Standard mode can be selected by populating configuration resistor R2 2 9 2 Security parameters PTM 535Z transmits data is secured based on a 4 byte sequence counter an out of the box device unique key and a 4 byte signature calculated based on the AES128 encryption using CBC mode The curr...

Page 19: ... a 5ms window The number of telegram transmissions is limited by the available energy and therefore de pendent on the telegram length number of bytes to be transmitted Typically PTM 535Z will transmit the following number of telegrams in secure mode 2 secure data telegrams 1 secure commissioning telegram Standard mode telegrams are shorter because the sequence counter and the security key commissi...

Page 20: ...contains the following fields Preamble Pre defined sequence 4 byte value 0x00000000 used to adjust the receiver to the transmission of the sender Start of frame Pre defined symbol 1 byte value 0xA7 identifying the start of the actual data frame Length 1 byte indicating the combined length of all following fields MAC Header The MAC header provides detailed information about the frame It contains th...

Page 21: ... IEEE 802 15 4 PHY header consists of the following fields Preamble Start of Frame Length of Frame fields The content of the Preamble and Start of Frame fields is fixed for all telegram types sup ported by PTM 535Z as follows Preamble 0x00000000 Start of Frame 0xA7 The content of the Length field differs depending on the telegram type as follows Secure commissioning telegram Length 42 bytes 0x2A S...

Page 22: ...5Z implementation PTM 535Z uses short Destination Address 16 Bit together with the Destination PAN ID 16 Bit Both are set to 0xFFFF to identify the telegrams as broadcast Source address and Source PAN ID are not present in PTM 535Z telegrams 3 3 MAC Trailer The MAC Trailer only contains the Frame Check Sum FCS field Its length is 2 byte and it is calculated as Cyclic Redundancy Check CRC16 over th...

Page 23: ...ytes The Source ID field contains a 4 byte ID uniquely identifying each PTM 535Z device Sequence Counter 4 bytes The Sequence Counter field contains an always incrementing counter Security processing is based on the combination of the Command and Sequence Counter in order to prevent replay attacks sending the same telegram again Command 1 byte The Command field is a one byte field which identifies...

Page 24: ... 535Z Device Type 1 byte The Device Type field is set to 0x02 by PTM 535Z Device Options 2 bytes The Device Options field is set to 0xF281 by PTM 535Z when operating in AES128 secure mode with authentication Device unique Security Key 16 bytes PTM 535Z implement a random device specific security key which is generated as part of the production flow During commissioning this key is transmitted in e...

Page 25: ...d Figure 8 below shows the MAC payload structure of a standard data telegram Figure 8 MAC Payload structure for Standard Data Telegrams The following fields are used for Standard Data Telegrams Telegram Control 1 byte 0x0C This field is set to 0x0C to identify a standard data telegram Source ID 4 bytes 4 byte ID uniquely identifying each PTM 535Z device Command 1 byte This is a one byte field whic...

Page 26: ...following fields are used for standard commissioning telegrams Telegram Control 1 byte The Telegram Control field is set to 0x0C to identify a standard telegram secure com munication will be established based on the commissioning telegram Source ID 4 bytes The Source ID field contains a 4 byte ID uniquely identifying each PTM 535Z device Commissioning Command 1 byte The Commissioning Command field...

Page 27: ...V1 0 PTM 535Z User Manual v1 0 March 2016 Page 27 38 PTM 535Z 2 4 GHZ PUSHBUTTON TRANSMITTER MODULE 4 Device Integration PTM 535Z is designed for integration with ECO 200 kinetic energy harvesters EnOcean can provide mechanical reference designs upon request ...

Page 28: ...o concrete walls ceilings Maximum 1 wall or ceiling depending on thickness and material Fire safety walls elevator shafts staircases and similar areas should be considered as shielded The angle at which the transmitted signal hits the wall is very important The effective wall thickness and with it the signal attenuation varies according to this angle Signals should be transmitted as directly as po...

Page 29: ...n of the final product such as a battery cover is not permitted The label must include the following text PTM 535Z Contains FCC ID SZV PTM535Z The enclosed device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions i this device may not cause harmful interference and ii this device must accept any interference received including interference that may cause u...

Page 30: ...TON TRANSMITTER MODULE 6 1 3 FCC United States Regulatory Statement This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation ...

Page 31: ...r Industry Canada are similar to those required by the FCC This includes a clearly visible label on the outside of the final product Attaching a label to a removable portion of the final product such as a battery cover is not permitted The label must include the following text Contains IC 5713A PTM535Z Pour utiliser le numéro IC EnOcean le fabricant d équipement d origine OEM doit signer l accord ...

Page 32: ...SZV PTM535Z Operation is subject to the following two conditions 1 this device may not cause interference and 2 this device must accept any interference including interference that may cause unde sired operation of the device Le présent appareil est conforme aux CNR d Industrie Canada applicables aux appareils radio exempts de licence L exploitation est autorisée aux deux conditions suivantes 1 l ...

Page 33: ...fer to capture and visualize IEEE 802 15 4 data telegrams To use TI SmartRF Protocol Packet Sniffer please download the SW package from the TI website At the time of writing the SW could be obtained using this link http www ti com tool packet sniffer Please download and install this SW before proceeding with the instructions given in the next chapter A 1 1 CC2531EMK setup After setting up the TI S...

Page 34: ...am The protocol selection dialog program window which appears after the start of is shown in Figure 11 below Figure 11 Protocol selection dialog of TI SmartRF Packet Sniffer In this dialog please select IEEE 802 15 4 ZigBee as shown above and press the Start button Once the main window comes up please make sure that CC2531 is shown in the Capturing device tab and in the RF device footer line as sh...

Page 35: ...nel 11 Make sure that this radio channel 0x0B is selected in the Radio Configuration tab and shown in the Channel footer line Figure 13 Radio channel selection The data fields that will be displayed can be selected in the Select fields tab Make sure that all MAC Header Data and Footer fields are selected and that the LQI RSSI drop down list is set to RSSI Figure 14 Payload selection The TI SmartRF...

Page 36: ...TER MODULE A 3 Data capture Press the triangular button to start the radio capture and press the auto scroll button to automatically select the most recent data telegram Then press a button of PTM 535Z You should now see the captured radio telegrams PTM 535Z sends several redundant radio telegrams per user action Figure 15 Captured telegram data ...

Page 37: ...0 57 21 71 30 04 CD BB AA 22 84 D1 99 78 The location and interpretation of key parameters is described in the following chapters A 4 2 Device ID The 4 byte device ID is used to uniquely identify each device in the network In the case of secure data telegrams it is located at byte 2 5 of the MAC payload as highlighted below 8C 30 57 21 71 30 04 CD BB AA 22 84 D1 99 78 Keep in mind that the byte or...

Page 38: ...e authenticated via a signature This signature is 4 byte long and only present if PTM 535Z operates in secure mode It is calculated based on the private key unique for each device the data payload and a 4 byte sequence counter which is incremented for each transmitted radio telegram This approach prevents unauthorized senders from sending commands Note that the con tent of the telegram itself is n...

Reviews:

No comments

Related manuals for PTM 535Z

Brand: Icom Pages: 108

Brand: Target Pages: 8

Brand: Icom Pages: 32

Brand: Omega Pages: 24

Brand: Sennheiser Pages: 4

THERMASGARD ALTM1

Brand: S+S Regeltechnik Pages: 16

Brand: Maico Pages: 24

Brand: Fiio Pages: 8

Brand: Omron Pages: 104

Kotron RF 2-Wire Series

Brand: Magnetrol Pages: 12

FT-450 - CAT OPERATION REFERENCE BOOK

Brand: Yaesu Pages: 18

Brand: Precision Electronics Pages: 3

Brand: Camille Bauer Pages: 16

Brand: Icom Pages: 32

Brand: AirTest Pages: 2

Brand: HITEC Pages: 2

Brand: CYP Pages: 16

Brand: Ranger Communications Pages: 8

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands