Trust Center Security Policies
Note: each sequence diagram on this page depicts one possible exchange of messages to illustrate a given scneario. Keep in mind that other sequences of messages are possible.
Configuring Security Policy
Host is recommended to write the security policy during startup configuration. The security policy is not saved by Module in non-volatile memory. It needs to be re-written on every power-up.
Device Joining Using Centralized Key (Require Join By Install Code = True)
TC should reject a device from joining using the Centralized Key (also know as HA well-known key) when security policy for Require Join By Install Code is True.
Though the sequence look slightly different depending on whether an install code for the device was added to the TC.
No Install Code Added
The diagram below shows the sequence where the device fails to join under the following conditions:
- Device joining using Centralized Key (or Distributed Key)
- Security Policy: Require Join By Install Code = True
- No install code for the device was added to the TC
Install Code Added
The diagram below shows the sequence where the device fails to join under the following conditions:
- Device joining using Centralized Key (or Distributed Key)
- Security Policy: Require Join By Install Code = True
- An install code for the device was added to the TC
HA Device Joining (Require Key Exchange = False)
Setting "Require Key Exchange" to False allows HA devices to join because HA devices do not initiate key exchange. The diagram below shows the sequence.
Even though Host receives the status TC Key Exchange Timeout, the HA device still remains on the network successfully.
HA Device Joining (Require Key Exchange = True)
Setting "Require Key Exchange" to True prevents HA devices to join. Module would remove the HA device after the key exchange timeout. See sequence diagram below.
ZB3 Device Completes Key Exchange
The diagram below shows the sequence of a zigbee 3.0 device joining the Module and completes key exchange successfully.
Note: A ZB3 device completes key exchange regardless of whether the security policy "Require Key Exchange" is set to True.
ZB3 Device Fails Key Exchange
A zigbee 3.0 device that fails key exchange will be removed by the TC even if the security policy for "Require Key Exchange" is False. See sequence below.
Note: A ZB3 device attempts key exchange regardless of whether the security policy "Require Key Exchange" is set to True.
Legal Notices
Copyright © 2020 MMB Networks, Inc. All rights reserved.
Confidential materials prepared and delivered by MMB Networks for receipt and review only by any partner subject to a valid and enforceable MMB Networks confidentiality agreement. Any receipt, review, or misuse of any of the content exchanged hereunder by any party not a party to this confidential exchange shall be subject to any and all rights available under the law. All rights, title and interest to the materials shall remain with MMB Networks.
Any suggestions provided to MMB Networks with respect to MMB Networks' products or services shall be collectively deemed “Feedback.” You, on behalf of yourself, or if you are providing Feedback on behalf of your employer or another entity, represent and warrant that you have full legal authority to bind such entity to these terms, agree to grant and hereby grant to MMB Networks a nonexclusive, perpetual, irrevocable, royalty free, worldwide license to use and otherwise exploit such Feedback within any MMB Networks products and services.