XK-Z11-M Digi International, XK-Z11-M Datasheet - Page 75

XK-Z11-M

Manufacturer Part Number

XK-Z11-M

Description

ZIGBEE MODULE DEVELOPMENT KIT

Manufacturer

Digi International

Series

XBee™r

Type

Transceiver, 802.15.4/ZigBeer

Datasheets

1.XK-Z11-M.pdf (155 pages)

2.XK-Z11-M.pdf (1 pages)

3.XK-Z11-M.pdf (1 pages)

4.XK-Z11-M.pdf (9 pages)

5.XK-Z11-M.pdf (1 pages)

Specifications of XK-Z11-M

Frequency

2.4GHz

For Use With/related Products

XBee Modules

Lead Free Status / RoHS Status

Lead free / RoHS Compliant

Other names

602-1184

Current page: 75 of 155
Download datasheet (4Mb)

XBee®/XBee‐PRO® ZB RF Modules

Enabling Security

Setting the Network Security Key

Setting the APS Trust Center Link Key

Enabling APS Encryption

Using a Trust Center

To enable security on a device, the EE command must be set to 1. If the EE command value is changed and

changes are applied (e.g. AC command), the XBee module will leave the network (PAN ID and channel) it was

operating on, and attempt to form or join a new network.

If EE is set to 1, all data transmissions will be encrypted with the network key. When security is enabled, the

maximum number of bytes in a single RF transmission will be reduced. See the NP command for details.

Note: The EE command must be set the same on all devices in a network. Changes to the EE command should

be written to non-volatile memory (to be preserved through power cycle or reset events) using the WR

command.

The coordinator must select the network security key for the network. The NK command (write-only) is used to

set the network key. If NK=0 (default), a random network key will be selected. (This should suffice for most

applications.) Otherwise, if NK is set to a non-zero value, the network security key will use the value specified

by NK. NK is only supported on the coordinator.

Routers and end devices with security enabled (ATEE=1) acquire the network key when they join a network.

They will receive the network key encrypted with the link key if they share a pre-configured link key with the

coordinator. See the following section for details.

The coordinator must also select the trust center link key, using the KY command. If KY=0 (default), the

coordinator will select a random trust center link key (not recommended). Otherwise, if KY is set greater than 0,

this value will be used as the pre-configured trust center link key. KY is write-only and cannot be read.

Note: Application link keys (sent between two devices where neither device is the coordinator) are not

supported in ZB firmware at this time.

Random Trust Center Link Keys

Pre-configured Trust Center Link Keys

APS encryption is an optional layer of security that uses the link key to encrypt the data payload. Unlike network

encryption that is decrypted and encrypted on a hop-by-hop basis, APS encryption is only decrypted by the

destination device. The XBee must be configured with security enabled (EE set to 1) to use APS encryption.

APS encryption can be enabled in API firmware on a per-packet basis. To enable APS encryption for a given

transmission, the "enable APS encryption" transmit options bit should be set in the API transmit frame. Enabling

APS encryption decreases the maximum payload size by 9 bytes.

The EO command can be used to define the coordinator as a trust center. If the coordinator is a trust center, it

will be alerted to all new join attempts in the network. The trust center also has the ability to update or change

the network key on the network.

In ZB firmware, a secure network can be established with or without a trust center. Network and APS layer

encryption are supported if a trust center is used or not.

If the coordinator selects a random trust center link key (KY=0, default), then it will allow devices to join

the network without having a pre-configured link key. However, this will cause the network key to be sent

unencrypted over-the-air to joining devices and is not recommended.

If the coordinator uses a pre-configured link key (KY > 0), then the coordinator will not send the network

key unencrypted to joining devices. Only devices with the correct pre-configured link key will be able to join

and communicate on the network.

XK-Z11-M Digi International, XK-Z11-M Datasheet - Page 75

XK-Z11-M

Specifications of XK-Z11-M

Related parts for XK-Z11-M