Example: Register a joining node using an install code

To provide the highest level of security, Digi recommends using install codes to register devices. Install codes are randomly assigned to each Zigbee 3.0 device at the factory for the purpose of securely joining a network. The process to register a device using an install code is similar to registering a link key, but with some additional steps:

Configure a joining XBee 3 Zigbee RF Module with the following parameters:

• EE = 1

The joining node must have the same encryption settings as the network it is joining.

• EO = 2
  • If joining a centralized trust center, EO bit 1 must be set so the joining device is aware a link key exchange is needed.
  • If joining a distributed trust center, clear EO bit 1.
• DC = 1

This tells the joining device to generate a link key from the install code of the device. If this bit is enabled, then the device ignores and does not use the KY parameter. If you want to register the device with the trust center using the device's link key, do not set the DC parameter. The DC parameter is only used for registering a device using the I? install code.

On the trust center, you must register this device using an API frame. Generate a 0x24 frame that contains the following information:

• The install code (I?) of the joining device.
• The serial number of the joining device.

Install code registration example

A device with the serial number 0013A200 12345678 that has a I? value of F6F1913D834A08D6ADAF1F91BAF4052D7316 is trying to join a secure network.

The following 0x24 frame is generated and passed into the UART of the trust center. Set the options field of the API frame to 01 to indicate that the supplied key is actually an install code:

7E 00 1F 24 D5 00 13 A2 00 12 34 56 78 FF FE 01 F6 F1 91 3D 83 4A 08 D6 AD AF 1F 91 BA F4 05 2D 73 16 6A

The trust center will respond with the following 0xA4 registration response frame:

7E 00 03 A4 D5 00 86

Note The Frame ID (0xD5) in the response corresponds with the Frame ID of the registration attempt. A 00 result indicates that the key was successfully registered.

When the registration succeeds, the join window automatically opens for NJ seconds (or 60 seconds if NJ = 0).

If the trust center is centralized, this registered key table entry is transient and expires after KT seconds. In a distributed trust center, it persists until explicitly cleared.