manualshive.com logo in svg

Sunricher SR-SBP2801-BLE-E, Instructions Manual

The Sunricher SR-SBP2801-BLE-E user manual is available for free download from 88.208.23.73:8080. This manual provides detailed instructions on how to use and set up the product, ensuring a seamless experience for all users. Get your manual today and unlock the full potential of your Sunricher device.

Share
Download
background image

4.4 Source address

The 6 byte BLE Source Address (MAC address) uniquely identifies each SR-SBP2801-BLE-E product. SR-
SBP2801-BLE-E supports two source address modes:
1. Static Source Address mode (default)
In this mode, the source address is constant (but its lower 32 bit can be configured via NFC interface)

2. Resolvable Private Address mode (NFC configurable option)
In this mode, the source address changes for each transmission

By default, SR-SBP2801-BLE-E uses Static Source Address mode. Private Resolvable Address mode can be 
selected by setting the Private Source Address flag in the Configuration register (see chapter 6.7.3) to 0b1.

These two address modes are described in the following chapters.

4.4.1 Static source address mode

By default, SR-SBP2801-BLE-E uses static source addresses meaning that the source address is constant 
during normal operation. The static source address can be read and configured (written) via NFC as described 
in chapter 6.

The structure of SR-SBP2801-BLE-E static addresses is as follows:

1.The upper 2 bytes of the source address are used to identify the device type and set to 0xE215 for all SR-
SBP2801-BLE-E devices (to designate Sunricher SBP 2801 device type). These two bytes cannot be changed.

2.The lower 4 bytes are uniquely assigned to each device. They can be changed using the NFC configuration 
interface as described in chapter 6.7.4

Figure 11 below illustrates the static address structure used by SR-SBP2801-BLE-E.

Figure 11 – BLE static source address structure

4.4.2 Resolvable private address mode

For some applications it is desirable to obfuscate the origins of SR-SBP2801-BLE-E data telegrams in order to 
prevent tracking of its radio transmissions. This can be achieved by using resolvable private addresses (RPA) 
as defined in the Bluetooth Core Specification.

SR-SBP2801-BLE-E can be configured to use resolvable private addresses by setting the RPA ADDRESS 
MODE flag within the Configuration register (described in chapter 6.7.3) to 0b1.

When using resolvable private addresses, the address used by SR-SBP2801-BLE-E is modified (rotated) 
according to a defined scheme which on one hand precludes determining the device identity by unauthorized 
receivers while allowing authorized receivers (sharing a specific security key with SR-SBP2801-BLE-E) to do 
so.

The shared security key – which has to be known by both SR-SBP2801-BLE-E and the authorized receiver – is 
called the Identity Resolution Key (IRK). SR-SBP2801-BLE-E uses its device-unique random key as identity 
resolution key. This key can be modified if needed via the NFC configuration interface as described in chapter 
6.7.5.

For each data telegram transmitted by SR-SBP2801-BLE-E (i.e. for every button push or release), a new 

Figure 12 – BLE resolvable private address structure

The prand value is encrypted using the IRK. The lowest 24 bit of the result (encrypted val- ue) are then used as 
hash. The concatenation of 24 bit prand and 24 bit hash will be transmitted as 48 bit private resolvable source 
address.

The receiver maintains a list of IRK for all transmitters that have been commissioned to work with it.
 
Whenever the receiver receives a data telegram with a resolvable private address (identified by the most 
significant bits of the address field being set to 0b10), it will itself generate a 24 bit hash from the 24 bit prand 
sequentially using each IRK known to it (i.e. the IRK of each device that has been learned into it).

If an IRK matches (i.e. when prand is encoded with the IRK then the result matches hash), then the receiver has 
established the IRK used by the transmitter and thereby the identity of the transmitter.

So conceptually the IRK takes the role of the device address of the transmitter while prand and hash provide a 
mechanism for the receiver to select the correct IRK among the set of IRK known to it.

This mechanism is illustrated in Figure 13 below.

Refer to Appendix B for an example of resolving a resolvable private address.

Note that commissioning telegrams (as described in chapter 5.3.2) always use static source addresses (as 
described in chapter 4.4.1) since they establish the device identity and contain the IRK in the payload.

4.5 Check Sum

The 3 byte BLE Check Sum is used to verify data integrity of received BLE radio telegrams. It is calculated as 
CRC (cyclic redundancy check) of the BLE Header, Source Address and Payload fields.
 

4.6 Telegram payload

SR-SBP2801-BLE-E can transmit two types of telegrams:

1.Data telegrams
The payload of data telegrams contains the switch status together with optional data

Figure 13 – Resolving private addresses

Figure 10 – BLE header structure

resolvable private address is generated. The 48 bit address field of such resolvable private address is split into 
two sub-fields:

1.prand
This field contains a random number which always starts (two most significant bits) with 0b10. The prand value 
is changed for each telegram that is transmitted. Individual advertising events used to transmit one telegram 
(as described in chapter 3) use the same prand value.

2.hash
This field contains a verification value (hash) generated from prand using the IRK The structure of a resolvable 
private address is shown in Figure 12 below.

Summary of Contents for SR-SBP2801-BLE-E

Page 1: ...Wall Switches and US style rocker pads 1 2 Technical data Dimensions Weight Security Power Supply Button Inputs Communication Range guidance only Max transmit power measured Antenna Communication Sta...

Page 2: ...o channels Channel A and Channel B each containing two button contacts State O and State I The state of all four button contacts pressed or not pressed is transmitted together with a unique device ide...

Page 3: ...he two channel radio transmission sequence removes transmission on the third radio channel selected by TX_CHANNEL3 and instead repeats the transmission once more four times in total The SR SBP2801 BLE...

Page 4: ...key as identity resolution key This key can be modified if needed via the NFC configuration interface as described in chapter 6 7 5 For each data telegram transmitted by SR SBP2801 BLE E i e for every...

Page 5: ...lease Action then this is indicated by the according status bit set to 1 Note that all contacts that were pressed during Press Action will be released during Release Action The case of continuing to h...

Page 6: ...key as part of the NFC based commissioning process To do so follow the procedure outlined in chapter 6 7 5 For additional security NFC read out of the new security key can be disabled by setting the P...

Page 7: ...ssioning mode Button_X is pressed or released again 5 3 3 Exit from commissioning mode Pressing any key except the button used for entry into commissioning mode Button_X will cause SR SBP2801 BLE E to...

Page 8: ...e Any other data received by the NFC tag while in IDLE state is discarded and the NFC tag will remain in IDLE state 6 2 3 READY 1 state READY 1 is the first UID resolving state where the NFC tag resol...

Page 9: ...ID of such tag This should always be used as first operation ahead of any read write authenticate actions Example SearchTag 32 2 NTAG_PwdAuth 32 bit password as hex bytes 16 bit password_ack as hex b...

Page 10: ...FC Data SR SBP2801 BLE E reserves 64 byte for customer specific NFC data see chapter 6 7 11 specific security measures are used to restrict read access to this data The following items are located in...

Page 11: ...and release the button of SR SBP2801 BLE E SR SBP2801 BLE E will determine that it should modify the security key based on the setting of the Update Security Key flag and copy the value of the Securit...

Page 12: ...ngs 6 7 9 2 Interval selection Starting with version DC 06 it is possible to reduce the transmission interval from the default setting of 20 ms to 10 ms by setting bit 3 of the Variant register Settin...

Page 13: ...product label encodes key product parameter according to the ANSI MH10 8 2 2013 industry standard The QR code shown in Figure 32 above encodes the following string 30SE280101500100 Z0123456789ABCDEF0...

Page 14: ...estricting transmission range include Switch mounting on metal surfaces up to 30 loss of transmission range Hollow lightweight walls filled with insulating wool on metal foil False ceilings with panel...

Page 15: ...advertising intervals then the scan interval has to be less than the time between the end of the first advertising event and the begin of the third advertising event 2 10 ms 20 ms minus 0 5 ms telegra...

Page 16: ...ules Operation is subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause...

Page 17: ...essage shown above can be parsed into the following components keep in mind the little endian byte order BLE Access Address 4 byte 0x8E89BED6 BLE Frame Control 2 byte 0x2442 Size of source address pay...

Page 18: ...rameter Comment Description Example Length Field Size Size in bytes of the field used to encode the input length 2 always minimum permissible size Desired size in byte of the signa ture generated by t...

Page 19: ...for a description of the commission telegram structure The location of the security key is for reference highlighted above This means that the security key of this red device is 3DDA31AD44767AE3CE56D...

Page 20: ...table XOR calculator could be found here http xor pw The execution sequence would then be as follows X_1 AES128 B0 Key X_1 AES128 49B819000015E25D0400000000000000 3DDA31AD44767AE3CE56DCE2B3CE2ABB X_1...

Page 21: ...15E2630400000000000000 3DDA31AD44767AE3CE56DCE2B3CE2ABB X_1 ab5ec24beabc9ddeeb73751c7734cc64 X_1A XOR X_1 B_1 X_1A XOR ab5ec24beabc9ddeeb73751c7734cc64 000B0EFFDA0363040000111234000000 X_1A ab55ccb430...

Reviews:

No comments

Related manuals for SR-SBP2801-BLE-E

Masimo SafetuNet Alert Quick Start Manual preview
SafetuNet Alert
Brand: Masimo Pages: 2
FJC 45135 User Manual preview
45135
Brand: FJC Pages: 2
BACtrack S75 Owner'S Manual preview
S75
Brand: BACtrack Pages: 13
TA Instruments DHR Series Getting Started Manual preview
DHR Series
Brand: TA Instruments Pages: 35
Elation SATURA SPOT LED PRO User Manual preview
SATURA SPOT LED PRO
Brand: Elation Pages: 41
Tapco 4400 Service Manual preview
4400
Brand: Tapco Pages: 16
Zenbooth Solo Build Instructions preview
Solo
Brand: Zenbooth Pages: 40
10x Genomics Visium CytAssist User Manual preview
Visium CytAssist
Brand: 10x Genomics Pages: 51
10x Genomics Chromium X Series Quick Start Manual preview
Chromium X Series
Brand: 10x Genomics Pages: 5
T-Rex BIG FOOT User Manual preview
BIG FOOT
Brand: T-Rex Pages: 13
G-Systems GSE User Manual preview
GSE
Brand: G-Systems Pages: 60
G-Lab DR-2 User Manual preview
DR-2
Brand: G-Lab Pages: 16
G&G T3X Quick Start Manual preview
T3X
Brand: G&G Pages: 2
RayLight HERA Technical Document preview
HERA
Brand: RayLight Pages: 34
Gazelle GAZELLE FREESTYLE User Manual preview
GAZELLE FREESTYLE
Brand: Gazelle Pages: 10
Latham ECLIPSE Installation Manual preview
ECLIPSE
Brand: Latham Pages: 19
Haaga 677 Original Operating Instructions preview
677
Brand: Haaga Pages: 31
Konica Minolta DF-619 Service Manual preview
DF-619
Brand: Konica Minolta Pages: 32

Brands by name

Popular brands

Load more brands