manualshive.com logo in svg

Sunricher SR-SBP2801-BLE-E, Instructions Manual

The Sunricher SR-SBP2801-BLE-E user manual is available for free download from manualshive.com. This manual provides detailed instructions on how to use and set up the product, ensuring a seamless experience for all users. Get your manual today and unlock the full potential of your Sunricher device.

Share
Download
background image

Figure 18 – AES128 Nonce structure

The AES128 Nonce and the 128 bit device-unique security key are then used to calculate a 32 bit signature of 
the authenticated telegram payload shown in Figure 19 below.

Figure 19 – Authenticated payload

The calculated 32 bit signature is then appended to the data telegram payload as shown in Figure 14 in chapter 
4.6.
In addition to the RFC3610 standard itself, please consult also Appendix C for a step by step description of the 
authentication process.
 

5. Commissioning

Commissioning is the process by which SR-SBP2801-BLE-E is learned into a receiver (actuator, controller, 
gateway, etc.).
The following two tasks are required in this process:
1.Device identification
The receiver needs to know how to uniquely identify this specific SR-SBP2801-BLE-E device. This is achieved 

by using a unique 48 Bit ID (Source Address) for each SR-SBP2801-BLE-E
device as described in chapter 4.4. In addition, up to 4 byte of Optional Data can be
configured as described in chapter 6.7.8

2.Security parameter exchange
The receiver needs to be able to authenticate radio telegrams from SR-SBP2801-BLE-E in order to ensure that 
they originate from this specific device and have not been modified as described in chapter 4.6.3. This is 
achieved by exchanging a 128 Bit random security key used by SR-SBP2801-BLE-E to authenticate its radio 
telegrams.

SR-SBP2801-BLE-E provides the following options for these tasks:

1.NFC-based commissioning
The SR-SBP2801-BLE-E parameters are read by a suitable commissioning tool (e.g. NFC
smartphone with suitable software) which is already part of the network into which
SR-SBP2801-BLE-E will be commissioned. The commissioning tool then communicates these parameters to 
the intended receiver of SR-SBP2801-BLE-E radio telegrams. NFC-based commissioning is described in 
chapter 6

2.Camera-based commissioning
Each SR-SBP2801-BLE-E module contains an optically readable QR Code which identifies its
ID and its security key. This QR code can be read by a by a suitable commissioning tool (e.g. smart phone) 
which is already part of the network into which SR-SBP2801-BLE-E will be commissioned. The commissioning 
tool then communicates these parameters to the intended receiver of SR-SBP2801-BLE-E radio telegrams. 
The QR code structure is described in chapter 7.2.

3.Radio-based commissioning
SR-SBP2801-BLE-E can communicate its parameters via special radio telegrams (commission- ing telegrams) 
to the intended receiver. To do so, SR-SBP2801-BLE-E can be temporarily
placed into radio-based commissioning mode as described in chapter 5.3

5.1 NFC-based commissioning

All required SR-SBP2801-BLE-E parameters can be read via a suitable NFC reader and writer sup- porting the 
ISO/IEC 14443 Part 2 and 3 standards. The actual NFC implementation in SBP
2801 uses a Mifare Ultralight tag.

Commissioning via NFC should follow these steps:

1.  Unlock SR-SBP2801-BLE-E using the default NFC PIN code 0x0000E215

2.  Read the SR-SBP2801-BLE-E Source Address, Security Key and Sequence Counter and configure the 
receiver accordingly

3. 

 Important: 

The pre-programmed random security key used by SR-SBP2801-BLE-E can be obtained both 

from the product DMC code as described in chapter 5.2, from received commissioning telegrams as described 
in chapter 5.3 and via the NFC interface.
For security-critical applications where unauthorized users could have physical access to the switch it is 
therefore strongly recommended to change the security key to a new security key as part of the NFC-based 
commissioning process. To do so, follow the procedure outlined in chapter 6.7.5.
For additional security, NFC read-out of the new security key can be disabled by setting the PRIVATE 
SECURITY KEY flag in the Configuration register before setting the new security key.
This ensures that even persons knowing the correct PIN code to configure this specific switch cannot read out 
the programmed new security key. Please verify that you have properly documented the new security key as 
there is no possibility to retrieve this after it has been written.

4.  

Important: 

It is strongly recommended to disable radio-based commissioning after programming a new 

security key. This ensures that the new security key cannot be read out by triggering a commissioning telegram 
as described in chapter 5.3.
To disable radio-based commissioning, set the DISABLE LRN TELEGRAM flag in the Configuration register to 
0b1, see chapter 6.7.3.

5. 

 Important: 

You should always change the NFC PIN code from its default setting to a new NFC PIN code and 

lock the NFC configuration interface. This step is mandatory to avoid access to the SR-SBP2801-BLE-E 
configuration using the default PIN code.
Should you lose the new NFC PIN code then SR-SBP2801-BLE-E can be reset to factory mode
(with the default NFC PIN code) by means of a factory reset as described in chapter
5.4. For security reasons, this factory reset will always reset the security key to its pre-programmed value.
 

5.2 Camera-based commissioning

Sequence counter, source address and the remaining telegram data together form the in- put data for the 
signature algorithm. This algorithm uses AES128 encryption based on the device-unique random security key 
to generate a 32 bit signature which will be transmitted as part of the radio telegram.

The signature is therefore dependent both on the current value of the sequence counter, the device source 
address and the telegram payload. Changing any of these three parameters will therefore result in a different 
signature.

The receiver performs the same signature calculation based on sequence counter, source address and the 
remaining telegram data of the received telegram using the security key it received from SR-SBP2801-BLE-E 
during commissioning.

The receiver then compares the signature reported as part of the telegram with the signature it has calculated. 
If these two signatures match, then the following statements are true:

1.Transmitter (SR-SBP2801-BLE-E) and receiver use the same security key

2.The message content (address, sequence counter, data) has not been modified

At this point, the receiver has validated that the message originates from a trusted transmitter (as identified by 
its security key) and that its content is valid.

In order to avoid message replay (capture and retransmission of a valid message), it is required that the 
receiver tracks the value of the sequence counter used by SR-SBP2801-BLE-E and only accepts messages 
with higher sequence counter values (i.e. not accepts equal or lower sequence counter values for subsequent 
telegrams).

4.7.1 Authentication implementation

SR-SBP2801-BLE-E implements data telegram authentication based on AES128 in CCM (Counter with CBC-
MAC) mode as described in IETF RFC3610. At the time of writing, the RFC3610 standard could be found here:  
https://www.ietf.org/rfc/rfc3610.txt

The 13 Byte CCM Nonce (number used once – unique) initialization value is constructed as concatenation of 6 
byte Source Address, 4 byte Sequence Counter and 3 bytes of value
0x00 (for padding).

Note that both Source Address and Sequence Counter use little endian format (least significant byte first).

Figure 18 below shows the structure of the AES128 Nonce.

Summary of Contents for SR-SBP2801-BLE-E

Page 1: ...Wall Switches and US style rocker pads 1 2 Technical data Dimensions Weight Security Power Supply Button Inputs Communication Range guidance only Max transmit power measured Antenna Communication Sta...

Page 2: ...o channels Channel A and Channel B each containing two button contacts State O and State I The state of all four button contacts pressed or not pressed is transmitted together with a unique device ide...

Page 3: ...he two channel radio transmission sequence removes transmission on the third radio channel selected by TX_CHANNEL3 and instead repeats the transmission once more four times in total The SR SBP2801 BLE...

Page 4: ...key as identity resolution key This key can be modified if needed via the NFC configuration interface as described in chapter 6 7 5 For each data telegram transmitted by SR SBP2801 BLE E i e for every...

Page 5: ...lease Action then this is indicated by the according status bit set to 1 Note that all contacts that were pressed during Press Action will be released during Release Action The case of continuing to h...

Page 6: ...key as part of the NFC based commissioning process To do so follow the procedure outlined in chapter 6 7 5 For additional security NFC read out of the new security key can be disabled by setting the P...

Page 7: ...ssioning mode Button_X is pressed or released again 5 3 3 Exit from commissioning mode Pressing any key except the button used for entry into commissioning mode Button_X will cause SR SBP2801 BLE E to...

Page 8: ...e Any other data received by the NFC tag while in IDLE state is discarded and the NFC tag will remain in IDLE state 6 2 3 READY 1 state READY 1 is the first UID resolving state where the NFC tag resol...

Page 9: ...ID of such tag This should always be used as first operation ahead of any read write authenticate actions Example SearchTag 32 2 NTAG_PwdAuth 32 bit password as hex bytes 16 bit password_ack as hex b...

Page 10: ...FC Data SR SBP2801 BLE E reserves 64 byte for customer specific NFC data see chapter 6 7 11 specific security measures are used to restrict read access to this data The following items are located in...

Page 11: ...and release the button of SR SBP2801 BLE E SR SBP2801 BLE E will determine that it should modify the security key based on the setting of the Update Security Key flag and copy the value of the Securit...

Page 12: ...ngs 6 7 9 2 Interval selection Starting with version DC 06 it is possible to reduce the transmission interval from the default setting of 20 ms to 10 ms by setting bit 3 of the Variant register Settin...

Page 13: ...product label encodes key product parameter according to the ANSI MH10 8 2 2013 industry standard The QR code shown in Figure 32 above encodes the following string 30SE280101500100 Z0123456789ABCDEF0...

Page 14: ...estricting transmission range include Switch mounting on metal surfaces up to 30 loss of transmission range Hollow lightweight walls filled with insulating wool on metal foil False ceilings with panel...

Page 15: ...advertising intervals then the scan interval has to be less than the time between the end of the first advertising event and the begin of the third advertising event 2 10 ms 20 ms minus 0 5 ms telegra...

Page 16: ...ules Operation is subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause...

Page 17: ...essage shown above can be parsed into the following components keep in mind the little endian byte order BLE Access Address 4 byte 0x8E89BED6 BLE Frame Control 2 byte 0x2442 Size of source address pay...

Page 18: ...rameter Comment Description Example Length Field Size Size in bytes of the field used to encode the input length 2 always minimum permissible size Desired size in byte of the signa ture generated by t...

Page 19: ...for a description of the commission telegram structure The location of the security key is for reference highlighted above This means that the security key of this red device is 3DDA31AD44767AE3CE56D...

Page 20: ...table XOR calculator could be found here http xor pw The execution sequence would then be as follows X_1 AES128 B0 Key X_1 AES128 49B819000015E25D0400000000000000 3DDA31AD44767AE3CE56DCE2B3CE2ABB X_1...

Page 21: ...15E2630400000000000000 3DDA31AD44767AE3CE56DCE2B3CE2ABB X_1 ab5ec24beabc9ddeeb73751c7734cc64 X_1A XOR X_1 B_1 X_1A XOR ab5ec24beabc9ddeeb73751c7734cc64 000B0EFFDA0363040000111234000000 X_1A ab55ccb430...

Reviews:

No comments

Related manuals for SR-SBP2801-BLE-E

Balanced Body Allegro How To Install preview
Allegro
Brand: Balanced Body Pages: 4
TANDBERG Model 5 Service Manual preview
Model 5
Brand: TANDBERG Pages: 23
Yamaha LS9 Editor Short Cuts &Tips preview
LS9 Editor
Brand: Yamaha Pages: 5
ABB TPL85-B12 Operation Manual preview
TPL85-B12
Brand: ABB Pages: 154
Danby Fresh DFG58D1BSS User Manual preview
Fresh DFG58D1BSS
Brand: Danby Pages: 11
Parkside PFMR 1400 B1 Operation And Safety Notes preview
PFMR 1400 B1
Brand: Parkside Pages: 37
Thoratec CentriMag RVAS Instructions For Use Manual preview
CentriMag RVAS
Brand: Thoratec Pages: 8
Axi STS 6030 Instruction, Operating, & Maintenance Manual preview
STS 6030
Brand: Axi Pages: 27
morse PailPRO 152-5 Operator'S Manual preview
PailPRO 152-5
Brand: morse Pages: 3
Trojan MEDICINE BALL User Manual preview
MEDICINE BALL
Brand: Trojan Pages: 12
Toro 100 Series Z Master Operator'S Manual preview
100 Series Z Master
Brand: Toro Pages: 28
Interacoustics Titan ABRIS Quick Manual preview
Titan ABRIS
Brand: Interacoustics Pages: 2
Olympus CF Q160AL/I Instructions Manual preview
CF Q160AL/I
Brand: Olympus Pages: 74
IKA Mini MR standard Operating Instructions Manual preview
Mini MR standard
Brand: IKA Pages: 40
IKA A 11 basic Operating Instructions Manual preview
A 11 basic
Brand: IKA Pages: 104
Larson Electronics EPL-HB-150LED-RT-100-EPP Instruction Manual preview
EPL-HB-150LED-RT-100-EPP
Brand: Larson Electronics Pages: 3
MKS Ophir nanoScan Application Note preview
Ophir nanoScan
Brand: MKS Pages: 10
Honda HF2417K1 Owner'S Manual preview
HF2417K1
Brand: Honda Pages: 36

Brands by name

Popular brands

Load more brands