(if applicable), the current sequence counter value and the resulting authentication signature
2.Commissioning telegrams
The payload of commissioning telegrams contains the private security key as well as the current value of the
sequence counter and the device address
The payload structure of both telegram types is described in the following chapters.
4.6.1 Data telegram payload
The payload of data telegrams is 13 … 17 bytes long (depending on the size of the Optional
Data field) and consists of the following fields:
1.Length (1 byte)
The Length field specifies the combined length of the following fields. The content of the field depends on the
size of the Optional Data field (which can be 0 / 1 / 2 or 4 byte). The resulting Length setting would be 12 / 13 /
14 or 16 byte (0x0C / 0x0D /
0x0E / 0x10) respectively
2.Type (1 byte)
The Type field identifies the data type used for this telegram. For SR-SBP2801-BLE-E data telegrams, this field
is always set to 0xFF to designate manufacturer-specific data field
3.Manufacturer ID (2 byte)
The Manufacturer ID field is used to identify the manufacturer of BLE devices based on assigned numbers.
Sunricher has been assigned 0x0A78 as manufacturer ID code.
The Manufacturer ID can be changed via the NFC configuration interface as described in chapter 6.7.7.
4.Sequence Counter (4 byte)
The Sequence Counter is a continuously incrementing counter used for security processing. It is initialized to 0
at the time of production and incremented for each telegram (data telegram or commissioning telegram) sent.
5.Switch Status (1 byte)
The Switch Status field reports the button action. The encoding of this field is described in chapter 4.6.2.
6.Optional Data (0 / 1 / 2 or 4 byte)
SR-SBP2801-BLE-E provides the option to transmit additional user-defined data within each data telegram as
described in chapter 6.7.8.
7.Security Signature (4 byte)
The Security Signature is used to authenticate SR-SBP2801-BLE-E radio telegrams as described in chapter
4.6.3
Figure 14 below illustrates the data telegram payload.
Figure 14 – Data telegram payload structure
4.6.2 Button action encoding
The Switch Status field within the data telegram payload identifies the SR-SBP2801-BLE-E button action
(button push or release). SR-SBP2801-BLE-E uses the following sequence to identify and transmit button
contact status:
1. Determine direction of the button movement (Push Action or Release Action)
2. Read input status of all button contacts
3. Calculate data payload
4. Calculate security signature
In SR-SBP2801-BLE-E, the type of action (Press Action or Release Action) is indicated by Bit 0 (button). If a
button contact has been actuated during Press Action or Release Action, then this is indicated by the according
status bit set to ‘1’.
Note that all contacts that were pressed during Press Action will be released during Release Action. The case of
continuing to hold one (or several) button contacts during Release Action is mechanically not possible.
Figure 15 - SR-SBP2801-BLE-E button action encoding
4.6.3 Commissioning telegram payload
The payload of commissioning telegrams is 30 bytes long and consists of the following fields:
1.Length (1 byte)
The Length field specifies the combined length of the following fields. For SR-SBP2801-BLE-E
commissioning telegrams, this field is set to 0x1D to indicate 29 byte of manufacturer-specific data.
Note: In product versions prior to DC-06 this field was incorrectly set to 0x1E.
2.Type (1 byte)
The Type field identifies the data type used for this telegram. This field is set to 0xFF
to indicate a “Manufacturer-specific Data” field
3.Manufacturer ID (2 byte)
The Manufacturer ID field is used to identify the manufacturer of BLE devices based on assigned numbers. By
default, this field is set to 0x0A78 (Sunricher). This field can be changed via the NFC configuration interface as
described in chapter
6.7.7.
4.Sequence Counter (4 byte)
The Sequence Counter is a continuously incrementing counter used for security processing. It is initialized to 0
at the time of production and incremented for each telegram (data telegram or commissioning telegram) sent.
5.Security Key (16 byte)
Each SR-SBP2801-BLE-E device contains its own 16 byte device-unique random security key which is
generated and programmed during manufacturing. It is transmitted during commissioning to enable the
receiver to authenticate SR-SBP2801-BLE-E data telegrams and used as IRK for the case of resolvable private
address mode
6.Static Source Address (6 byte)
The Static Source Address is used to uniquely identify each BLE device. It is transmitted as part of the BLE
frame as described in chapter 4.4.1.
Some devices (most notable all iOS-based products) however do not expose this address to their applications.
This makes it impossible to use such applications to
commission SR-SBP2801-BLE-E. The Static Source Address is therefore again transmitted as
part of the payload.
Figure 16 below illustrates the commissioning telegram payload.
Figure 16 – Commissioning telegram payload structure
4.7 SR-SBP2801-BLE-E data telegram authentication
SR-SBP2801-BLE-E implements telegram authentication for
transmitted data telegrams to ensure that only telegrams from
transmitters using a previously exchanged security key will be
accepted by the receiver. Authentication relies on a 32 bit
telegram signature which is calculated as shown in Figure 17
below and exchanged as part of the radio telegram.
Figure 17 – Telegram authentication flow
The button action encoding used by SR-SBP2801-BLE-E is shown Figure 15 in below.
