IEC_BACNET_KEY_ID_NUMBER (ENUM)

TYPE IEC_BACNET_KEY_ID_NUMBER :

Definition of the BACnetKeyIdNumber enumeration which are almost vendor and implementors specific and not that well documented in the standard.

InOut:

Name

Initial

Comment

_KEY_ID_NUMBER_MAX_SIZE

16#7F

KEY_ID_NUMBER_NOT_USED

0

This value marks an currently unused key.

KEY_ID_NUMBER_DEVICE_MASTER

1

The Device-Master keys are used only for the distribution of the Distribution keys and remain the most secure of all key types because they are unique for every device and their use on the wire is very limited.

KEY_ID_NUMBER_DISTRIBUTION

2

The Distribution keys are used to distribute the General-Network-Access, User-Authenticated, and Application-Specific keys, which may change over time as needed to meet local security policies. They are also used to distribute the temporary Installation keys.

KEY_ID_NUMBER_INSTALLATION

3

Installation keys are distributed temporarily to small sets of devices, usually the configuration tool of a technician and a set of BACnet devices that require configuration. These keys are provided to allow temporary access to a specific set of controllers through a configuration tool that would not normally have access to the BACnet network. There may be multiple Installation keys in use by different devices simultaneously, so that different configuration tools could use different Installation keys, if desired.

KEY_ID_NUMBER_GENERAL_NETWORK_ACCESS

4

The General-Network-Access key is used for broadcast network layer messages, for encryption tunnels, and by user interface devices that cannot authenticate, or are not trusted to authenticate, a user. All devices must be given the General-NetworkAccess key pair to interoperate on a BACnet network. BACnet server devices that receive requests signed with the GeneralNetwork-Access key should assume that the User Id and User Role fields included in the message may not have been properly authenticated by the source device and may want to restrict access accordingly.

KEY_ID_NUMBER_USER_AUTHENTICATED

5

The User-Authenticated key is distributed to client devices that are trusted to authenticate a user’s identity by some means, or to devices that do not contain a user interface (where the user identity to use in BACnet messages is configured into the device and is not based on human interaction). This key is also distributed to BACnet server devices that restrict operations based on the identity of an authenticated user.

KEY_ID_NUMBER_APPLICATION_KEY_FIRST

6

An Application-Specific key may be used to provide security boundaries between application areas, such as access control and HVAC. Application-Specific keys are distributed only to those devices sharing a particular application and can thus be limited to highly secure communication.

KEY_ID_NUMBER_APPLICATION_KEY_1

6

See ::KEY_ID_NUMBER_APPLICATION_KEY_FIRST.

KEY_ID_NUMBER_APPLICATION_KEY_2

7

See ::KEY_ID_NUMBER_APPLICATION_KEY_FIRST.

KEY_ID_NUMBER_APPLICATION_KEY_3

8

See ::KEY_ID_NUMBER_APPLICATION_KEY_FIRST.

KEY_ID_NUMBER_APPLICATION_KEY_4

9

See ::KEY_ID_NUMBER_APPLICATION_KEY_FIRST.

KEY_ID_NUMBER_APPLICATION_KEY_5

10

See ::KEY_ID_NUMBER_APPLICATION_KEY_FIRST.

KEY_ID_NUMBER_APPLICATION_KEY_LAST

127

See ::KEY_ID_NUMBER_APPLICATION_KEY_FIRST.