Application Setup (Run Time) Prior to Joining a New Device to the HAN#

Note: This process is only required if you are using installation codes to generate unique, per-device link keys, such as when "Smart Energy Security (full)" is selected as the security model for your application configuration in AppBuilder. If you are using a global link key for joining, such as when using AppBuilder’s "Smart Energy Security (test)" security model, skip this section.

This section describes the process of setting up the Trust Center device (the network coordinator) for the SE network to accept an incoming SE device into its home area network (HAN). It also describes the process of setting up a new HAN device prior to joining the HAN created by this Trust Center.

Procedure for Development Prototypes / Debugging#

This process relies on the serial command line interface (CLI) to the Zigbee application framework. If the CLI is no longer supported or accessible on your network’s Trust Center or incoming HAN device, see Procedure for Production/Field Deployments below.

  1. Before joining a HAN device to the SE network, determine its installation code string, including its 16-bit CRC (in LSB order), as well as its EUI64 (MAC address). In a development/debugging environment, you can do this using the Simplicity Commander tool with the appropriate "tokendump" option to output the installation code data. See Installation Code Programming for more information.

  2. Use the option install-code … CLI command at the Trust Center device during the development/debugging phase. The application framework then verifies the CRC for the provided installation code, computes the device-specific link key from this code, and then adds the hashed key result to the specified key table index on the Trust Center for the specified EUI64.

  3. Confirm that the proper key table entry now exists and is displayed in the output of the "keys print" command at the trust center.

Procedure for Production/Field Deployments#

  1. Before joining a HAN device to the SE network, determine its installation code string, including its 16-bit CRC (in LSB order), as well as its EUI64 (MAC address); these byte values are meant to be published externally with the device for use during installation.

  2. Using some out-of-band (non-Zigbee) method, such as verbally or through some proprietary communications interface, convey the HAN device's installation code to the ESI for the HAN, its trust center device (if different from the ESI), or some head-end device in the utility's backhaul network that has access to the HAN's ESI.

  3. Have the ESI (or the utility’s head-end) sanity-check the provided installation code by computing the CRC of those hex bytes (less the final two, which are the provided CRC16 from the installer) using the CRC16 algorithm described in the "CRC Algorithm Information" section (section 5.4.8.1.1.1 in the current [r15] version) of the Zigbee Smart Energy Application Profile Specification (Zigbee document 075356). The computed CRC (when converted into LSB order) for the 6/8/12/16-digit code should match the last 4 digits of the provided installation code string.

  4. Once the installation code string (variable-length code + 2-byte CRC16 in LSB order) has been verified, have the ESI or its head-end compute the device-specific initial link key by performing an AES MMO hash function against the entire 8/10/14/18-byte string, using the algorithm described in the "MMO Hash Code Example" section (section 5.4.8.1.2.1 in the current [r15] version) of the ZigBee Smart Energy Application Profile Specification (ZigBee document 075356).