User's Manual
USER MANUAL PREVIEW
PTM 535BZ – BLUETOOTH AND ZIGBEE GREEN POWER PUSHBUTTON TRANSMITTER
© 2022 EnOcean | www.enocean.com F-710-017, V1.0 PTM 535BZ User Manual | v1.2 | July 2021 | Page 12/121
2.5 Security Keys
PTM 535BZ authenticates data telegrams based on an authentication signature as described
in Chapter 3.4.2 for BLE data telegrams and in Chapter 4.4.4 for ZGP data telegrams.
In addition to that, PTM 535BZ provides for BLE data telegrams the option to obfuscate the
sender identity by using Resolvable Private Addresses that are generated using an Identity
Resolution Key as described in Chapter 3.3.5.2.
The authentication and obfuscation functionalities are based on a device-specific random key.
PTM 535BZ provides SECURITY_KEY1 and SECURITY_KEY2 for this purpose.
SECURITY_KEY1 is programmed at manufacturing, can be changed by the user via the NFC
interface and is NFC-readable. SECURITY_KEY1 will be reset to its factory-programmed value
by a Factory Reset as described in Chapter 5.1.4.3.
SECURITY_KEY2 has to be programmed by the user via the NFC interface and is not NFC
readable. SECURITY_KEY2 will be updated to a new random value upon Factory Reset as
described in Chapter 5.1.4.3 or – if PTM 535BZ is transmitting ZGP data telegrams – upon a
ZGP decommissioning request as described in Chapter 5.1.4.2.
It is user-selectable via NFC if SECURITY_KEY1 or SECURITY_KEY2 is used. By default, SE-
CURITY_KEY1 is used. Use of SECURITY_KEY2 can be configured via the NFC interface as
described in Chapter 5.6.4 for the case of BLE and Chapter 5.6.10 for the case of ZGP.
In addition to these two security keys, SECURITY_KEY3 is an additional security key intended
for future use in ZGP applications as pre-shared key (or Install Code) to encrypt the actual
security key that is transmitted in the ZGP commissioning telegram.