Chapter 4. CPU Operation
GFK-2222AD
April 2018
165
4.9.3
Enhanced Security for Passwords and OEM Protection
Enhanced Security passwords are supported by CPU firmware versions 7.80 or later. This feature
provides a cryptographically secure password protocol between an SRTP client (for example Proficy
Machine Edition) and a PACSystems controller. Enhanced Security passwords operate in a very similar
fashion to the Legacy security password operation that is supported by previous firmware versions.
Enhanced Security passwords are enabled in Proficy Machine Edition
74
. PME requires a password in order
to enable/disable the Enhanced Security mode of a target. This PME password restricts changes to the
security mode used by a specific PME target and is independent of any passwords later configured on
the controller.
Enabling Enhanced Security on a target does not force the controller to use only Enhanced Security. The
controller supports both Legacy and Enhanced Security requests concurrently. For example, one PME
target could be used to set initial passwords with Legacy security and a different PME target with
Enhanced Security could connect and authenticate with the same controller.
Passwords set with one password mechanism (Legacy or Enhanced Security) can be authenticated and
changed using the other mechanism, as long as the password is 7 characters or less. Setting passwords
with Enhanced Security that are greater than 7 characters prevents access using the Legacy mechanism.
For example, you could use Enhanced Security to set a 10-character password for Level 4 and Level 3,
but set a 7-character password for Level 2. In this case, a Legacy target could be used to obtain Level 2
access, but the Legacy target could never access Level 4 or Level 3 because of 7-character limit of the
Legacy scheme.
Password and OEM Protection in Systems that Load from Flash Memory
Caution
Be careful when setting passwords and loading passwords
from User Flash on every power-up. In this situation, it is not
possible to clear passwords back to a default state if the Level
4 password and OEM key are forgotten.
For a recommended procedure, see
OEM Protection in Systems that Load from Flash Memory
74
To determine the required Proficy Machine Edition version, refer to the
Important Product Information
(
IPI)
document
provided with the CPU firmware version you are using.