EnOcean EASYFIT EMDCB Скачать руководство пользователя

Страница: 67 / 67

USER MANUAL

EMDCB

–

BLUETOOTH LOW ENERGY MOTION AND ILLUMINATION SENSOR

EMDCB User Manual | v1.3 | August 2019 | Page 67/67

C.3

Address resolution example

We consider an EMDCB device with the following IRK:

BE759A027A4870FD242794F4C45220FB

We further consider a telegram having the following resolvable private address:

493970E51944

We will now test if this resolvable private address was generated using the IRK above.

Referring to the resolvable private address structure shown in Figure 15, we split the re-
solvable private address into

prand

and

hash

as follows:

prand  = (RPA && 0xFFFFFF000000) >> 24
prand  = 0x493970

hash   = RPA && 0x000000FFFFFF
hash   = 0xE51944

Next, we verify the address mode by looking at the two most significant bit of

prand

mode = (prand && 0xC00000) >> 22
mode = 0b01

Referring to chapter 4.4.2, the setting of

0b01

indicates resolvable private address mode.

To generate the hash, we add 104 bit of padding (all zeros) to

prand

0x00000000000000000000000000493970

We can now generate the hash as AES128 operation between the IRK and the thus padded

prand

hash   = AES128(IRK; Padded prand)
hash   = AES128(0xBE759A027A4870FD242794F4C45220FB;

0x00000000000000000000000000493970)

At the time of writing, a suitable online AES calculator could be found here:

http://testprotect.com/appendix/AEScalc

With this, we can calculate the result as:

hash = 0x286ACB1F9C8A80EE21B3F02225E51944

Using this result, we can verify that the lowest 24 bit of the calculated

hash

(

0xE51944

)

match the

hash

that was received as part of the resolvable private address. Therefore the

transmitter of this telegram used this specific IRK to generate this resolvable private ad-
dress.

Содержание EASYFIT EMDCB

Страница 1: ...3 August 2019 Page 1 67 Patent protected WO98 36395 DE 100 25 561 DE 101 50 128 WO 2004 051591 DE 103 01 678 A1 DE 10309334 WO 04 109236 WO 05 096482 WO 02 095707 US 6 747 573 US 7 019 241 Observe pr...

Страница 2: ...d for possible omissions or inaccuracies Circuitry and specifications are subject to change without notice For the latest product specifica tions refer to the EnOcean website http www enocean com As f...

Страница 3: ...5 Motion detection 14 2 5 1 PIR detection characteristics 14 2 5 2 Installation recommendations 15 2 6 Illumination measurement 16 2 6 1 Light level sensor 16 2 6 2 Solar cell 16 3 Radio transmission...

Страница 4: ...4 3 READY 1 state 37 7 4 4 READY 2 state 37 7 4 5 ACTIVE state 37 7 4 6 Read command 38 7 4 7 Write command 38 7 4 8 Password authentication PWD_AUTH command 39 7 5 Configuration memory organization...

Страница 5: ...ficate 56 8 3 2 ISED Industry Canada Regulatory Statement 57 9 Product history 58 A Parsing EMDCB telegrams 59 A 1 Data telegram example 59 A 1 1 BLE advertising frame structure 59 A 1 2 Data telegram...

Страница 6: ...etected the latest detected motion motion detected or no motion detected together with the measured light level EMDCB will report immediately if motion is detected for the first time after a period wi...

Страница 7: ...tion detection is reported immediately User interface LRN button Sensitivity selection switch Notification LED Device identification Unique 48 Bit Device ID factory programmed Adjustable via NFC Secur...

Страница 8: ...32 85 F indoor use only Humidity 20 to 85 r h non condensing Note 1 PIR detection requires that the moving object to be detected is significantly warmer than its environment For the case of human moti...

Страница 9: ...Overview The energy harvesting ceiling mounted motion and illumination sensor EMDCB from EnOcean provides wireless motion and illumination sensing functionality without batteries Power is provided by...

Страница 10: ...d for ceiling mounting It can be mounted on most ceilings with suitable screws or mounted on dropped ceilings using wire brackets 2 3 Product design Figure 2 below shows the EMDCB product design inclu...

Страница 11: ...ensitivity selection switch as shown in Figure 3 below Figure 3 EMDCB internal view The internal product interface is accessible after removing the wall mount plate If EMDCB has not yet been mounted o...

Страница 12: ...figuration shown in grey below Standby shown in orange below The transition between these modes occurs based on user action press of the LRN button motion detection or based on pre defined timing inte...

Страница 13: ...possible to change the wake up intervals using the NFC interface as described in chap ter 7 In case of reducing the reporting interval the resulting increase in required energy provided by the availab...

Страница 14: ...etect moving ob jects based on the temperature difference between the moving object and its environment 2 5 1 PIR detection characteristics EMDCB is designed to detect movement within a radius of up t...

Страница 15: ...of sight from the sensor to the person s in the detection area is required Walls room dividers plants book shelfs hanging lights or other obstacles within the line of sight can limit the detection per...

Страница 16: ...peration of EMDCB 2 6 1 Light level sensor EMDCB contains a dedicated humidity sensor with narrow aperture and a spectral response optimized to mimic the human eye s perception of ambient light This l...

Страница 17: ...rface see chapter 7 The initialization value for data whitening is set as follows For BLE channels is set according to specification value radio channel For the custom radio channels the initializatio...

Страница 18: ...38 CHANNEL39 INTERVAL 20ms or 10ms Figure 7 Default radio transmission sequence 3 3 User defined radio transmission sequences In certain situations it might be desirable to transmit radio telegrams o...

Страница 19: ...equence The three channel radio transmission sequence is similar to the default transmission se quence with the difference that the radio channels BLE Channel 37 38 and 39 in the de fault transmission...

Страница 20: ...ansmission sequence uses a default INTERVAL setting of 20 ms an alternative setting of 10 ms can be configured via NFC TX_CHANNEL1 TX_CHANNEL2 TX_CHANNEL1 TX_CHANNEL2 INTERVAL 20ms or 10ms TX_CHANNEL1...

Страница 21: ...grams in the 2 4 GHz band For detailed information about the Bluetooth Low Energy standard please refer to the applica ble specifications Figure 11 below summarizes the general BLE frame structure Fig...

Страница 22: ...arameters Figure 13 below shows the structure of the BLE header Figure 13 BLE header structure 4 4 Source address The 6 byte BLE Source Address MAC address uniquely identifies each EMDCB product EMDCB...

Страница 23: ...source address can be config ured written via NFC as described in chapter 7 5 The structure of EMDCB static addresses is as follows The upper 2 bytes of the source address are for EnOcean Bluetooth se...

Страница 24: ...transmitted Indi vidual advertising events used to transmit one telegram use the same prand value hash This field contains a verification value hash generated from prand using the IRK The structure o...

Страница 25: ...random private addresses Figure 16 Resolving private source addresses Appendix C gives an example how to resolve a resolvable private address using a previous ly exchanged identity resolution key IRK...

Страница 26: ...to 0xFF to designate manufacturer specific data field Manufacturer ID 2 byte The Manufacturer ID field is used to identify the manufacturer of BLE devices based on assigned numbers EnOcean has been as...

Страница 27: ...Status field structure 4 6 2 Sensor Data Descriptor The Sensor Data Descriptor describes type and size of the following sensor data field It explicitly specifies the size to ensure forward compatibil...

Страница 28: ...always reported TYPE ID Content Size byte Minimum Maximum Resolution Unit Conversion 0x05 Light level 2 0 65 533 1 lx 1 x 0x20 Occupancy status 1 0x01 Not occupied 0x02 Occupied Enumeration only spec...

Страница 29: ...dress and the telegram payload Changing any of these three parame ters will therefore result in a different signature The receiver performs the same signature calculation based on sequence counter sou...

Страница 30: ...dress 4 byte Sequence Counter and 3 bytes of value 0x00 for padding Note that both Source Address and Sequence Counter use little endian format least signifi cant byte first Figure 21 below shows the...

Страница 31: ...his is achieved by exchanging a 128 Bit random security key used by EMDCB to au thenticate its radio telegrams EMDCB provides the following options for these tasks Radio based commissioning EMDCB can...

Страница 32: ...ter A 2 The commissioning telegram will by default be transmitted on the BLE advertising channels CH 37 38 and 39 Use of custom radio channels is possible as described in chapter 3 3 The transmission...

Страница 33: ...describes the ANSI MH10 8 2 data identifiers used by the EMDCB device la bel and shows the interpretation of the data therein Identifier Length of data excluding identifier Value 30S 12 characters St...

Страница 34: ...terface of EMDCB EMDCB operation will automatically resume operation once the NFC reader has been disconnected 7 1 NFC interface parameters The NFC interface of EMDCB uses NFC Forum Type 2 Tag functio...

Страница 35: ...2 HF NFC USB Reader with CDC interface from Elatec RFID Systems https www elatec rfid com fileadmin Files Data_Sheets DS_TWN4_MultiTech pdf This reader is shown in Figure 25 below Figure 25 Elatec TW...

Страница 36: ...andard For specific implementation aspects related to the NXP implementation in NT3H2111 please refer to the NXP documentation which at the time of writing was available under this link http cache nxp...

Страница 37: ...ing the ANTICOLLISION or SELECT commands for cascade level 1 READY 1 state is exited after the SELECT command from cascade level 1 with the matching complete first part of the UID has been executed Th...

Страница 38: ...te in size For example if the specified address is 03h then pages 03h 04h 05h 06h are returned Spe cial conditions apply if the READ command address is near the end of the accessible memory area Figur...

Страница 39: ...entication PWD_AUTH command The protected memory area can be accessed only after successful password verification via the PWD_AUTH command The PWD_AUTH command takes the password as parameter and if s...

Страница 40: ...nformation which is not accessible to the user The following chapters provide information on key settings available via NFC The smallest access unit is one page of 4 byte If less than a full page i e...

Страница 41: ...needed and the result be written back The organization of the NFC configuration memory is shown in Table 5 below Table 5 NFC Memory Map 0 1 2 3 00 03 04 1A 1B 3B 3C 3F 40 41 TX_CHANNEL1 TX_CHANNEL2 T...

Страница 42: ...read and modified via the NFC interface as shown in Table 6 below Static Source Address Access Protection Page Remarks R W PIN Protected 0x40 Byte 0 4 Lower 4 byte of source address Upper 2 byte are a...

Страница 43: ...ld for the supported custom transmission sequences Setting Transmission Sequence 0b0000 Default Commissioning and data telegrams in standard Advertising Mode 0b0001 Commissioning telegrams in standard...

Страница 44: ...wer and 20 ms advertising interval These settings can be configured using the Transmission Settings as shown in Table 9 below Radio Configuration Access Protection Page Remarks R W PIN Protected 0x42...

Страница 45: ...rval regis rer shown in Figure 32 below Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 ADVERTISING INTERVAL Default 0x00 0b00 20 ms Interval 0b01 10 ms Interval Others Reserved ADVERTISING INTERVAL R...

Страница 46: ...by Data Byte 1 If length of Optional Data is set to 2 byte then Data Byte 0 will be transmitted first followed by Data Byte 1 Data Byte 2 and finally Data Byte 3 The organization of the Optional Data...

Страница 47: ...arks R W PIN Protected 0x48 Byte 0 Security Key Access Byte 1 Address Mode Byte 2 LRN Telegram Byte 3 Security Mode Table 12 Security Configuration register address 7 6 7 1 Security Key Access Access...

Страница 48: ...for each radio telegram transmission as described in chapter 4 4 2 The options for the Address Mode bit field are shown in Table 14 below Setting Address Mode 0x00 Default Static Source Address 0x01...

Страница 49: ...e 16 Security Mode settings 7 6 8 Attribute Reporting Optional Data Size and LED Intensity EMDCB allows the configuration of which optional attributes are reported how much op tional data is reported...

Страница 50: ...ructure 7 6 8 2 Optional Data Size The length of optional data 0 1 2 or 4 byte can be selected using the OPTION AL_DATA_SIZE field By default no optional data is transmitted Optional data to be trans...

Страница 51: ...Area Page Remarks R W PIN Protected 0x4A Byte 0 1 TX_INTERVAL_UNOCCUPIED Default 0x78 120 seconds Byte 2 3 TX_INTERVAL_OCCUPIED Default 0x3C 60 seconds Table 18 Reporting Interval 7 6 10 Low Power Mod...

Страница 52: ...n com 8 1 2 Waste treatment WEEE Directive Statement of the European Union The marking below indicates that this product should not be disposed with other household wastes throughout the EU To prevent...

Страница 53: ...SER MANUAL EMDCB BLUETOOTH LOW ENERGY MOTION AND ILLUMINATION SENSOR 2019 EnOcean www enocean com EMDCB User Manual v1 3 August 2019 Page 53 67 8 2 FCC United States 8 2 1 FCC United States Certificat...

Страница 54: ...using small amounts of energy and may be powered by a battery The module transmits short radio packets comprised of control signals in some cases the control signal may be accompanied with data such a...

Страница 55: ...al prod uct Attaching a label to a removable portion of the final product such as a battery cover is not permitted The label must include the following text Contains FCC ID SZV TCM515B The enclosed de...

Страница 56: ...MANUAL EMDCB BLUETOOTH LOW ENERGY MOTION AND ILLUMINATION SENSOR 2019 EnOcean www enocean com EMDCB User Manual v1 3 August 2019 Page 56 67 8 3 ISED Industry Canada 8 3 1 ISED Industry Canada Certifi...

Страница 57: ...vice may not cause interference and 2 this device must accept any interference including interference that may cause unde sired operation of the device Le pr sent appareil est conforme aux CNR d Indus...

Страница 58: ...com EMDCB User Manual v1 3 August 2019 Page 58 67 9 Product history Table 20 below lists the product history of EMDCB Revision Release date Key changes versus previous revision CA 01 December 2018 Fir...

Страница 59: ...000000C4 Device unique address Length of payload 1 byte 0x15 21 byte of payload follow Type of payload 1 byte 0xFF Manufacturer specific data Manufacturer ID 2 byte 0x03DA EnOcean GmbH Payload 18 byte...

Страница 60: ...byte 0x8E89BED6 Constant always used BLE Frame Control 2 byte 0x2542 Length 37 byte BLE Source Address 6 byte 0xE500000000C4 Device unique address Length of payload 1 byte 0x1E 30 byte of payload foll...

Страница 61: ...authenticity telegram has not been modified and originality telegram comes from the assumed sender of a telegram The input data for the authentication process is listed in Table 26 below Parameter Co...

Страница 62: ...rithm parameters Parameter Comment Description Example Length Field Size Size in bytes of the field used to encode the input length 2 always minimum permissible size Signature Size Desired size in byt...

Страница 63: ...ed on the input data given in chapter B 1 Parameter Comment Description Value in the example Nonce 13 byte initialization vector based on concatenation of 6 byte source address 4 byte sequence counter...

Страница 64: ...610 algorithm uses the variable internal parameters A_0 B_0 B_1 and B_2 togeth er with the private key to generate the authentication vector T_0 using four AES 128 and three XOR operations The algorit...

Страница 65: ...729F8588774B89A024063266E4A5 9E0DE9C25386B6C4F070642E19E03680 X_2 8CD6013AFFB05E19DA7891398FFA00B4 X_2A XOR X_2 B_2 X_2A XOR 8CD6013AFFB05E19DA7891398FFA00B4 35002002000000000000000000000000 X_2A B9D6...

Страница 66: ...receiver will then try for each locally stored IRK if the hash generated using the execu tion flow above matches the hash part of the resolvable private address field of the received telegram If it d...

Страница 67: ...st significant bit of prand mode prand 0xC00000 22 mode 0b01 Referring to chapter 4 4 2 the setting of 0b01 indicates resolvable private address mode To generate the hash we add 104 bit of padding all...

Результаты поиска

Содержание EASYFIT EMDCB

Отзывы:

Похожие инструкции для EASYFIT EMDCB

Бренды по названию

Популярные бренды

EnOcean EASYFIT EMDCB, Руководство пользователя

Результаты поиска

Содержание EASYFIT EMDCB

Отзывы:

Похожие инструкции для EASYFIT EMDCB

Бренды по названию

Популярные бренды