Secure building functions are based on encrypted 'runtime' telegrams.
Runtime telegrams are exchanged via Group Objects. By definition any communication via a specific Group Object is either 100% secure or 100% plain, which means that in terms of security, Group Objects can be divided into two types:
- Group Objects encrypting/decrypting runtime telegrams (secure communication)
- Group Objects NOT encrypting/decrypting runtime telegrams (plain communication)
Whether a Group Object encrypts/decrypts runtime telegrams, depends on two settings in the ETS project:
- The property of the device (to which the Group Object belongs to) 'Secure Commissioning'
- The linked Group Addresses
About the 'Secure Commissioning' property
The Group Objects of a secure device can only encrypt/decrypt runtime telegrams if the property 'Secure Commissioning' of the device is set to 'Activated'.
About the linked Group Addresses
See here for more details.
In terms of security, Group Addresses can be divided into three categories:
- Group Addresses with 'Security' property set to 'On'
- Group Addresses with 'Security' property set to 'Off'
- Group Addresses with 'Security' property set to 'Automatic'
Group Addresses with Security = On
- Can be linked to Group Objects of devices with activated secure commissioning
- Cannot be linked to Group Objects of devices with deactivated secure commissioning
- Cannot be linked to Group Objects of plain devices
- Makes sure that the linked Group Objects encrypt/decrypt runtime telegrams
Group Addresses with Security = Off (*)
- Can be linked to Group Objects of devices with activated secure commissioning
- Can be linked to Group Objects of devices with deactivated secure commissioning
- Can be linked to Group Objects of plain devices
- Makes sure that the linked Group Objects do NOT encrypt/decrypt runtime telegrams
Group Addresses with Security = Automatic
- Can be linked to Group Objects of device with activated secure commissioning
- Can be linked to Group Objects of device with deactivated secure commissioning
- Can be linked to Group Objects of plain devices
- For Group Objects of device with activated secure commissioning: makes sure that the linked Group Objects encrypt/decrypt runtime telegrams
- For Group Objects of device with deactivated secure commissioning: makes sure that the linked Group Objects do NOT encrypt/decrypt runtime telegrams
(*) important note: A Group Object of secure device can also enforce security (this is defined by the manufacturer), in this case it is NOT possible to link it with a Group Address with Security = Off.