manualshive.com logo in svg

EnOcean STM 550X Series, User Manual

The EnOcean STM 550X Series is a cutting-edge smart sensor solution for monitoring and controlling various parameters. Enhance your user experience with the free User Manual available for download from manualshive.com. Simplify installation and configuration with detailed instructions at your fingertips.

Share
Download
background image

 
USER MANUAL

 

 
 
 

STM 550X / EMSIX 

 ENOCEAN MULTI-SENSOR 

 

© 2020 EnOcean | www.enocean.com F-710-017, V1.0       

 

STM 550x / EMSIx User Manual | v1.0 | February 2020 |  Page 32/79 

 

5

 

Security 

 
STM 550x implements the security handling functions as specified in the EnOcean security 
specification: 

https://www.enocean-alliance.org/sec/

 

 

 

 

5.1

 

Basic concepts 

 
Security for radio transmission addresses two main issues: 
 

 

Unauthorized interception (reception and correct interpretation) of transmitted data 
In doing so, a third (unauthorized) party is able to understand the content of a re-
ceived content.  
 

 

Unauthorized transmission of radio telegrams  
In doing so, a third (unauthorized) party is able to transmit a radio telegram that is 
treated by a receiver as valid request. 

 
Somewhat loosely speaking, the goal of security has to be preventing an unauthorized person 
(often referred to as an 

Attacker

) both from learning about the current state of a system and 

from actively changing it. 
 
These goals can be achieved via techniques such as telegram encryption, telegram authori-
zation and dynamic security key modification. All three techniques will be reviewed in the 
subsequent chapters for reference. 

 

 

5.1.1

 

Telegram encryption 

 
The goal of telegram encryption is to  prevent unauthorized receivers from correctly inter-
preting the content of a telegram.  
 
In order to do so, the original (plain text) data is 

encrypted

 with a 

key

 thus transforming it 

into encrypted, unreadable data. Only when the correct key is known it is possible to trans-
form 

 

decrypt

 - the encrypted data into readable data again.  Figure 21 below shows the 

concept. 
 
 
 
 
 
 

 

Figure 21 

 Telegram encryption 

 

 

 

 

Decryption

Decryption Key

Unencrypted Data

(Plain Text)

Encryption

Unencrypted Data

(Plain Text)

Encrypted Data

Encryption Key

Encrypted Data

Summary of Contents for STM 550X Series

Page 1: ...User Manual v1 0 February 2020 Page 1 79 Patent protected WO98 36395 DE 100 25 561 DE 101 50 128 WO 2004 051591 DE 103 01 678 A1 DE 10309334 WO 04 109236 WO 05 096482 WO 02 095707 US 6 747 573 US 7 0...

Page 2: ...without notice For the latest product specifications refer to the EnOcean website http www enocean com As far as patents or other rights of third parties are concerned liability is only assumed for mo...

Page 3: ...3 Learn mode 13 2 3 4 Function test mode 13 2 3 5 Illumination test mode 14 2 3 6 Factory reset mode 14 2 4 Reporting interval 15 2 4 1 Energy considerations 15 2 4 2 Standard reporting interval 16 2...

Page 4: ...de and signature CMAC type 35 5 3 STM 550x security implementation 36 6 Commissioning 37 6 1 Radio based commissioning 38 6 2 QR code commissioning 38 6 3 Commissioning via NFC interface 38 7 NFC inte...

Page 5: ...SOLAR_TX_INTERVAL 63 8 5 19 LIGHT_THRESHOLD 64 8 5 20 LIGHT_TX_INTERVAL 65 8 5 21 ACCELERATION_THRESHOLD 66 8 5 22 ACCELERATION_TX_INTERVAL 67 8 5 23 TEMPERATURE_THRESHOLD 68 8 5 24 TEMPERATURE_TX_INT...

Page 6: ...ilding or industrial control systems communicating using the EnOcean radio standard STM 550x uses the same mechanical form factor as the industry standard PTM 21x modules from EnOcean STM 550x impleme...

Page 7: ...it s Communication range for guidance only 200 m free field 30 m indoor environment Temperature measurement range accuracy 20 C 60 C 0 3 K 1 Humidity measurement range accuracy 0 100 r h 3 r h 1 Illum...

Page 8: ...aging information 1 5 1 STM 550x Packaging Unit 100 units Packaging Method 10 modules per tray 10 trays per box 1 5 2 EMSIx Packaging Unit Individual unit packaging Packaging Method TBD packages withi...

Page 9: ...ecurity based on a device unique private key and a sequence counter in accordance to the EnOcean Alliance Security Specification This ensures integrity confidentiality and au thenticity of the transmi...

Page 10: ...ing STM 550x response and LED feedback Type LRN Button Action STM 550x Response LED Feedback Single Short Press LRN button once 1s Exit from Sleep Mode Send Learn Telegram 1 short blink Double Short P...

Page 11: ...ry has to be installed with the positive pole point ing upwards i e towards the side of the solar cell EnOcean recommends Renata CR1632 due to its low self discharge and high capacity Gloves should be...

Page 12: ...er 8 5 11 2 3 1 Standard operation mode During standard operation STM 550x wakes up periodically and reports the current sensor status using data telegrams The STM 550x wake up timer is by default con...

Page 13: ...ibed in chapter 8 5 11 2 3 3 Learn mode In learn mode STM 550x will transmit a Teach in telegram to communicate the device source address and security key to a receiver After that transmission STM 550...

Page 14: ...s solar cell every 5 seconds for a period of one minute and compute the average illumination based on those measurements The computed average illumination is then available in the NFC register ILLUMIN...

Page 15: ...rting interval of STM 550x will increase its power consumption since it will measure and transmit more often Likewise increasing the reporting interval of STM 550x will reduce its power consumption si...

Page 16: ..._TX_INTERVAL NFC register as described in chapter 8 5 12 Consider the available energy before lowering the reporting interval as discussed in chapter 2 4 1 The default setting for the standard reporti...

Page 17: ...L_TX_INTERVAL STANDARD_TX_INTERVAL SOLAR_CELL_TX_INTERVAL LIGHT_SENSOR_TX_INTERVAL LIGHT_SENSOR_TX_INTERVAL Figure 6 Illumination controlled reporting interval STM 550x can use either the light level...

Page 18: ...e temperature measured by the temperature and humidity sensor to trigger a higher update rate To enable this feature use the following steps 1 Make sure that the EEP selected using the EEP register as...

Page 19: ...use the humidity measured by the temperature and humidity sensor to trigger a higher update rate To enable this feature use the following steps 1 Make sure that the EEP selected using the EEP register...

Page 20: ...ger a higher update rate To enable this feature use the following steps 1 Make sure that the EEP selected using the EEP register as described in chapter 8 5 8 reports acceleration 2 Configure the acce...

Page 21: ...ct to trigger a higher update rate To enable this feature use the following steps 1 Make sure that the EEP selected using the EEP register as described in chapter 8 5 8 reports the magnet contact stat...

Page 22: ...he human eye s perception of ambient light This light sensor reports the light level directly underneath the sensor spot measurement Figure 11 shows the spectrum response of the STM 550x illumination...

Page 23: ...or accuracy To determine the overall system accuracy the quantization error reporting step size de termined by the selected EnOcean Equipment Profile EEP has to be added to this value 3 4 Humidity sen...

Page 24: ...ved or shaken The second case acceleration vector change can be used to determine the presence or absence of small vibrations acceleration vector changes Examples use cases causing such small vibratio...

Page 25: ...be sufficient for most use cases Acceleration threshold The acceleration threshold determines the threshold of acceleration vector change required to trigger a wake on vibration event as described ab...

Page 26: ...to Figure 2 and Figure 3 for the location of the magnet contact sensor within STM 550x and to chapter 9 5 for mounting instructions EMSIx product packaging includes a block magnet suitable for use wit...

Page 27: ...at EnOcean radio transceivers such as TCM 310 or TCM 515 will convert both ERP1 and ERP2 into the same EnOcean Serial Protocol ESP3 format so that this difference is normally not noticeable 4 1 1 ERP1...

Page 28: ...0 100 r h 8 Bit A5 04 03 4BS Temperature 20 C 60 C 10 Bit Humidity 0 100 r h 8 Bit A5 06 02 4BS Light Sensor 0 lx 1020 lx 8 Bit A5 06 03 4BS Light Sensor 0 lx 1000 lx 10 Bit A5 14 05 4BS Vibration De...

Page 29: ...on group to which this telegram belongs e g the function group of temperature sensors within the four byte sensor telegram type VARIANT or TYPE VARIANT which is confusingly also called TYPE identifies...

Page 30: ...BS telegrams encodes either the sensor status 4BS Data Telegram dur ing normal operation or identifies EEP and manufacturer of the device during teach in 4BS Teach in Telegram The distinction between...

Page 31: ...ogether with their reported data MID Content Data 0x06 Energy status remaining energy 1 byte integer value expressing Valid values 0 100 0x0D Energy delivery of the harvester 1 byte Enumeration Valid...

Page 32: ...y has to be preventing an unauthorized person often referred to as an Attacker both from learning about the current state of a system and from actively changing it These goals can be achieved via tech...

Page 33: ...ture is inversely proportional to the signature size so for instance for 24 Bit signatures the likelihood would be one in 16 million Conceptually the correspondence between message and signature is li...

Page 34: ...ng replaying previously used data telegrams In order to prevent this type of attack either the telegram data or the security key must change to ensure that identical input data does not create identic...

Page 35: ...y is a random 128 Bit 16 byte value that is known only to the sender and the receiver s It is used to encrypt decrypt and authenticate telegrams 5 2 3 Rolling code and signature CMAC type The rolling...

Page 36: ...lected both via the LRN button and via the NFC interface For high security mode the default security level format SLF is set to use a 4 byte sequence counter to generate a 4 byte signature For backwar...

Page 37: ...d by exchanging a 128 Bit random security key used by STM 550x to authenticate its radio telegrams STM 550x provides the following options for these tasks Radio based commissioning STM 550x can commun...

Page 38: ...n the product label described in chapter 2 2 4 The parameters are encoded according to the ANSI MH10 8 2 2013 industry standard The QR code on the product label in chapter 2 2 4 encodes the following...

Page 39: ...n parameters within permitted boundaries before accepting updated NFC parame ters Should an updated parameter be out of bounds then all updated parameters will be re jected and the previous configurat...

Page 40: ...ith read write PIN lock PIN unlock and PIN change functionality For PC applications EnOcean recommends the TWN4 Multitech 2 HF NFC Reader order code T4BT FB2BEL2 SIMPL from Elatec RFID Systems sales r...

Page 41: ...standard For specific implementation aspects related to the NXP implementation in NT3H2111 please refer to the NXP documentation which at the time of writing was available under this link http cache n...

Page 42: ...using the ANTICOLLISION or SELECT commands for cascade level 1 READY 1 state is exited after the SELECT command from cascade level 1 with the matching complete first part of the UID has been executed...

Page 43: ...byte in size For example if the specified address is 03h then pages 03h 04h 05h 06h are returned Spe cial conditions apply if the READ command address is near the end of the accessible memory area Fig...

Page 44: ...a can be accessed only after successful password verification via the PWD_AUTH command The PWD_AUTH command takes the password as parameter and if successful returns the password authentication acknow...

Page 45: ...ntains information about the NFC revision INTERNAL DATA Non accessible This area contains calibration values and internal parameters and cannot be used CONFIGURATION Read and Write access PIN required...

Page 46: ...Length of data excl identifier Value 6P 3 characters Standard ENO 30S 12 characters EURID 6 byte variable 1P 12 characters EnOcean Alliance Product ID STM 550 000B0000004C STM 550U 000B0000004D STM 55...

Page 47: ...0xE0 LENGTH This field identifies the length of the NFC header For STM 550x this field is set to 0x0A since the header structure is 10 bytes long VERSION This field identifies the major revision and i...

Page 48: ...r is non valid then all changes made will be rejected and the previous configuration will be restored 8 5 2 CONFIGURATION area structure The structure of the CONFIGURATION area is shown in Figure 30 b...

Page 49: ...ID consists of a 2 byte manufacturer identification code as signed by EnOcean Alliance and a 4 byte product identification code assigned by the man ufacturer EnOcean has been assigned the manufacturer...

Page 50: ...that it is not possible to read back a user defined security key 8 5 6 SECURITY_KEY_MODE The register SECURITY_KEY_MODE allows selecting if FACTORY_KEY or USER_KEY should be used to encrypt and authen...

Page 51: ...gister SECURITY_MODE Default 0x00 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 RFU SECURITY FORMAT SECURITY MODE Figure 33 SECURITY_MODE register The encoding for the SECURITY MODE bit field is sho...

Page 52: ...legrams Figure 34 below shows the structure of the EEP regis ter EEP Default 0x00 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 RFU EEP Figure 34 EEP register The encoding used by the SIZE bit field...

Page 53: ...ed configuration bit in the SIGNAL register to 0b1 and disabled by setting the associated con figuration bit to 0b0 By default the reporting of the energy status MID 0x06 is enabled while the reportin...

Page 54: ...ines the brightness of the LED Figure 36 below shows the structure of the LED_MODE register LED_MODE Default 0x01 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 RFU LED Figure 36 LED_MODE register Th...

Page 55: ...ODE Default 0x00 OOB 0x01 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 RFU MODE Figure 37 FUNCTIONAL_MODE register The encoding used by the MODE bit field is shown in Table 17 below MODE Functional...

Page 56: ...ng interval is set by the register STANDARD_TX_INTERVAL shown in Figure 38 below STANDARD_TX_INTERVAL Default 0x003C Bit 15 Bit 14 Bit 1 Bit 0 STANDARD INTERVAL Figure 38 STANDARD_TX_INTERVAL register...

Page 57: ...OR LIGHT SENSOR SOLAR CELL Figure 39 THRESHOLD_CFG1 register The encoding used by the SOLAR CELL bit field is shown in Table 19 below SOLAR CELL Reporting interval reduction based on solar cell illumi...

Page 58: ...on if temperature below threshold 0b10 Enabled Reporting interval reduction if temperature above threshold 0b11 Reserved Do not use Table 21 TEMP SENSOR bit field encoding The encoding used by the HUM...

Page 59: ...G2 register The encoding used by the ACC SENSOR bit field is shown in Table 23 below ACC SENSOR Reporting interval reduction based on acceleration 0b00 Default Disabled No reporting interval reduction...

Page 60: ...the ambient light sensor and to chapter 3 2 for a description of the solar cell functionality The selection between these two option is made using the LIGHT_SENSOR_CFG register shown in Figure 41 belo...

Page 61: ...FULL SCALE Figure 42 ACC_SENSOR_CFG register The encoding used by the FULL SCALE bit field is shown in Table 23 below FULL SCALE Full scale value of the acceleration sensor 0b00 Default 2 g 0b01 4 g 0...

Page 62: ...r as shown in Figure 43 below SOLAR_THRESHOLD Bit 15 Bit 14 Bit 1 Bit 0 SOLAR CELL THRESHOLD Figure 43 SOLAR_THRESHOLD register The encoding used by the SOLAR CELL THRESHOLD bit field is shown in Tabl...

Page 63: ...5 Bit 14 Bit 1 Bit 0 SOLAR CELL INTERVAL Figure 44 SOLAR_TX_INTERVAL register The encoding used by the SOLAR CELL INTERVAL bit field is shown in Table 30 below SOLAR CELL INTERVAL Solar cell illuminat...

Page 64: ...is defined by LIGHT_THREHOLD register as shown in Figure 45 below LIGHT_THRESHOLD Bit 15 Bit 14 Bit 1 Bit 0 LIGHT SENSOR THRESHOLD Figure 45 LIGHT_SENSOR_THRESHOLD register The encoding used by the LI...

Page 65: ...t 0 LIGHT SENSOR INTERVAL Figure 46 LIGHT_TX_INTERVAL register The encoding used by the LIGHT SENSOR INTERVAL bit field is shown in Table 32 below LIGHT SENSOR INTERVAL Light sensor illumination based...

Page 66: ...n Figure 51 below Note that this threshold is also used for the wake on acceleration function as described in chapter 3 5 ACCELERATION _THRESHOLD Bit 15 Bit 14 Bit 1 Bit 0 ACCELERATION THRESHOLD Figur...

Page 67: ...TERVAL Bit 15 Bit 14 Bit 1 Bit 0 ACCELERATION INTERVAL Figure 48 ACCELERATION_TX_INTERVAL register The encoding used by the ACCELERATION INTERVAL bit field is shown in Table 38 below ACCELERATION INTE...

Page 68: ...d then the temperature threshold is defined by TEMPERATURE_THREHOLD register as shown in Figure 49 below TEMPERATURE_THRESHOLD Bit 15 Bit 14 Bit 1 Bit 0 TEMPERATURE THRESHOLD Figure 49 TEMPERATURE_THR...

Page 69: ...RVAL Bit 15 Bit 14 Bit 1 Bit 0 TEMPERATURE INTERVAL Figure 50 TEMPERATURE_TX_INTERVAL register The encoding used by the TEMPERATURE INTERVAL bit field is shown in Table 36 below TEMPERATURE INTERVAL T...

Page 70: ...d then the hu midity threshold is defined by HUMIDITY_THREHOLD register as shown in Figure 51 below HUMIDITY _THRESHOLD Bit 15 Bit 14 Bit 1 Bit 0 HUMIDITY THRESHOLD Figure 51 HUMIDITY _THRESHOLD regis...

Page 71: ...NTERVAL Bit 15 Bit 14 Bit 1 Bit 0 HUMIDITY INTERVAL Figure 52 HUMDITY_TX_INTERVAL register The encoding used by the HUMIDITY INTERVAL bit field is shown in Table 38 below HUMIDITY INTERVAL Humidity ba...

Page 72: ...CONTACT_TX_INTERVAL Bit 15 Bit 14 Bit 1 Bit 0 MAGNET CONTACT INTERVAL Figure 53 MAGNET_CONTACT_TX_INTERVAL register The encoding used by the MAGNET CONTACT INTERVAL bit field is shown in Table 38 be l...

Page 73: ...d in the ILLUMINA TION_TEST_RESULT register shown in Figure 54 below ILLUMINATION_TEST_RESULT Default Setting 0x0000 Bit 15 Bit 14 Bit 1 Bit 0 ILLUMINATION TEST RESULT Figure 54 ILLUMINATION_TEST_RESU...

Page 74: ...update interval by default once every 60 seconds The LED will blink every time a telegram is transmitted unless this has been disabled via NFC 4 Use a suitable receiver to capture the STM 550x data te...

Page 75: ...tate can therefore only be detected if the orientation of STM 550x relative to the gravity vector changes Figure 55 below illustrates two cases The position of the window in the left case window tilt...

Page 76: ...nsor integrated into STM 550x accurately measures and reports temperature and humidity present at its surface To achieve the best possible accuracy it is important to consider the following points Ins...

Page 77: ...lly different result compared to a white desk surface even when the same luminous flow is directed towards it Obstruction Any obstruction between the sensor and the intended measurement area desk sur...

Page 78: ...riented as much as possible towards that STM 550x is designed to operate self supplied with its standard parameters based on 200 lux of illumination at its solar cell for at least 6 hours per day The...

Page 79: ...enocean com F 710 017 V1 0 STM 550x EMSIx User Manual v1 0 February 2020 Page 79 79 10 Product history Table 40 below lists the product history of STM 550x Revision Release Key changes versus previous...

Reviews:

No comments

Related manuals for STM 550X Series

GE FUF14SVRWW Instructions Manual preview
FUF14SVRWW
Brand: GE Pages: 20
GE 868 GEN2 Installation Instructions And Owner'S Manual preview
868 GEN2
Brand: GE Pages: 2
GE JEM31WF - Spacemaker II Microwave Oven Installation Instructions preview
JEM31WF - Spacemaker II Microwave Oven
Brand: GE Pages: 4
Makita HR4013C Manual preview
HR4013C
Brand: Makita Pages: 20
DAVIS Wireless Temperature/Humidity Station Install Manual preview
Wireless Temperature/Humidity Station
Brand: DAVIS Pages: 8
Lanaform Heating Overblanket Instructions For Use Manual preview
Heating Overblanket
Brand: Lanaform Pages: 84
Lanaform Aroma Globe Instruction Manual preview
Aroma Globe
Brand: Lanaform Pages: 84
Lanaform Aroma Design Manual preview
Aroma Design
Brand: Lanaform Pages: 72
Lanaform Aroma Decor Instruction Manual preview
Aroma Decor
Brand: Lanaform Pages: 80
PASCO PS-3201 Reference Manual preview
PS-3201
Brand: PASCO Pages: 8
Valcom V-1109RTVA Brochure preview
V-1109RTVA
Brand: Valcom Pages: 1
Valcom V-1109RTHF User Manual preview
V-1109RTHF
Brand: Valcom Pages: 13
Valcom VIP-822 Manual preview
VIP-822
Brand: Valcom Pages: 3
Valcom VIP-814 User Manual preview
VIP-814
Brand: Valcom Pages: 4
V-TAC Merrytec MK054V RC Series Installation Instruction preview
Merrytec MK054V RC Series
Brand: V-TAC Pages: 105
Valor LT1 2500K Quick Start Manual preview
LT1 2500K
Brand: Valor Pages: 3
Avenir Dome Trailer Owner'S Manual preview
Dome Trailer
Brand: Avenir Pages: 10
Chicco Polly PROGRESS5 Instructions For Use Manual preview
Polly PROGRESS5
Brand: Chicco Pages: 48

Brands by name

Popular brands

Load more brands