c03.fm
A31003-S2000-R102-16-7620, 02/2016
Provisioning Service, Developer’s Guide
67
Nur für den internen Gebrauch
Basic Communication Procedures
Provisioning Service Driven Interaction
3.6.10.4
XML Data Exchange: Secure Mode, With PIN
1. As step 1 start-up is described already in Section 3.5.1.2, "XML Data Exchange", only the
subsequent steps are demonstrated here.
2. As the device is configured to Secure Mode with PIN, the provisioning service sends a re-
quest to switch to Secure Mode (bootstrapping) including all items needed packed, en-
crypted and Base64-encoded into the single data item ’secure-mode-data’.
3. <DLSMessage xsi:schemaLocation="http://www.siemens.com/DLS"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.siemens.com/DLS">
<Message nonce="58D4EE11C844865CAF0E9AA11ED2856F">
<Action>WriteItems</Action>
<ItemList>
<Item name="goto-secure-mode">pin</Item>
<Item name="secure-mode-data"><packed-encrypted-
base64encoded-data></Item>
<Item name="max-pin-retries">3</Item>
</ItemList>
</Message>
</DLSMessage>
4. Device responses to default provisioning server port and confirms that the action has been
accepted.
<WorkpointMessage xsi:schemaLocation="http://www.siemens.com/DLS"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.siemens.com/DLS">
<Message fragment="final" maxItems="-1"
nonce="58D4EE11C844865CAF0E9AA11ED2856F">
<ReasonForContact status="accepted" action="WriteItems">
reply-to
</ReasonForContact>
<ItemList/>
</Message>
</WorkpointMessage>
5. The provisioning service sends a CleanUp message.
6. Device needs to display the PIN dialog to the user, to get the PIN for decrypting the secure-
mode-data.
7. The device has decrypted secure-mode-data successfully by using of entered PIN (except
last 3 characters) as password and contacts the provisioning service via Secure Mode port
using the client certificate.