Specifying the authentication key – Echelon LonTal Stack User Manual

72

Creating a Model File

that the “open” message comes from the owner, not from someone attempting to

break into the system.

Authentication doubles the number of messages per transaction. An

acknowledged message normally requires two messages: an update and an

acknowledgment. An authenticated message requires four messages, as
illustrated in the next section. These extra messages can affect system response

time and capacity.

A device can use authentication with acknowledged updates or network variable

polls. However, a device cannot use authentication with unacknowledged or

repeated updates.

For a program to use authenticated network variables or send authenticated

messages, you must perform the following steps:

1. Declare the network variable as authenticated, or allow the network

management tool to specify that the network variable is to be

authenticated.

2. Specify the authentication key to be used for this device using a network

management tool, and enable authentication. You can use the OpenLNS

Commissioning Tool to install a key during network integration, or your

application can use the LonQueryDomainConfig() and
LonUpdateDomainConfig() API functions to install a key locally.

Specifying the Authentication Key

All devices that read or write a given authenticated network variable connection
must have the same authentication key. This 48-bit authentication key is used

in a special way for authentication, as described in the next section, How

Authentication Works. If a device belongs to more than one domain, you must
specify a separate key for each domain.
The key itself is transmitted to the device only during the initial configuration.
All subsequent changes to the key do not involve sending it over the network.

The network management tool can modify a device’s key over the network, in a

secure fashion, with a network management message.

Alternatively, your application can use a combination of the

LonQueryDomainConfig() and LonUpdateDomainConfig() API calls to

specify the authentication keys during application start-up.

If you set the authentication key during device manufacturing, you must perform

the following tasks to ensure that the key is not exposed to the network during
device installation:

1. Specify that the device should use network-management authentication

(set the configuration data in the LonConfigData data structure, which
is defined in the FtxlTypes.h file).

2. Set the device’s state to configured. An unconfigured device does not

enforce authentication.

3. Set the device’s domain to a unique domain value to avoid address

conflicts during device installation.

If you do not set the authentication key during device manufacturing, the device

installer can specify authentication for the device using the network management