End products, such as window contacts, can be switched from standard to secure mode for an enhanced security level to meet specific requirements of new application fields, such as monitoring, metering or alert sensor systems.
The security mode was added to the following sensor modules in 868 MHz for Europe: STM 330 and STM 331 temperature sensor modules, STM 320 and STM 329 magnet contact transmitter modules as well as the STM 250 OEM window contact. They complete the already available TCM 310 transceiver module running EnOcean Link as security middleware for gateways and the encrypted PTM 215/PTM 335 switch modules.
From April the EnOcean standard 868 MHz sensor modules will include the optional functionality of enhanced security mechanisms. Shipped in standard mode, the encrypted data transmission can be activated by simply pressing the learn button for ten seconds. Without any change in product design, OEMs can now offer devices that give customers the choice whether they want to use enhanced security features from the very beginning or at a later stage. If needed, the security mode can be deactivated by pressing and holding the learn button again. Also a receiver that decodes encrypted telegrams can still process standard telegrams enabling OEMs to effortlessly include enhanced data security in their existing EnOcean-based portfolio.
The enhanced security features add to the 32-bit identification number (ID) of the standard modules which cannot be changed or copied and therefore protect against duplication. This authentication method already offers field-proven secure and reliable communication in building automation. For applications requesting additional data security, the security mode protects battery-less wireless communication with enhanced security measures to prevent replay or eaves-dropping attacks and forging of messages.
One feature is a maximum 24-bit rolling code (RC) incremented with each telegram which is used to calculate a maximum 32-bit cypher-based message authentication code (CMAC). The CMAC uses the AES 128 encryption algorithm. Another mechanism is the encryption of data packets by the transmitter. The data is encrypted using the AES algorithm with a 128-bit key.
