有Lonworks论坛的朋友问到Lonworks authentication (身份认证)有关的问题,请参考一下解释. How Authentication Works(认证如何工作) The following sequence describes an example of authentication. The figure below illustrates the process. 1 Node A sends an update to a network variable declared as authenticated on Node B using the acknowledged service. If Node A does not receive the challenge, it sends a retry of the initial update. 2 Node B generates a 64-bit random number and returns to Node A challenge packet that includes the 64-bit random number. Node B then uses the encryption algorithm (built in to the Neuron Chip firmware) to compute a transformation on that random number using its 48-bit authentication key and the message data. The transformation is stored in Node B. 3 Node A then also uses the encryption algorithm (built in to the Neuron Chip firmware) to compute a transformation on the random number (returned to it by Node B) using its 48-bit authentication key and the message data. Node A then sends this computed transformation to Node B. 4 Node B compares its computed transformation with the number it receives from Node A. If the two numbers match, the identity of the sender is verified, and Node B can perform the requested action and send its acknowledgment to Node A. If the two numbers do not match, Node B does not perform the requested action and an error is logged in the error table. If the acknowledgment is lost and Node A tries to send the same message again, Node B remembers that the authentication was successfully completed and acknowledges it again. If Node A attempts to update an output network variable connected to multiple readers, each receiver node generates a different 64-bit random number and sends it in a challenge packet to Node A. Node A must then transform each of these numbers and send a reply to each receiver node. The principal strength of authentication is that it cannot be defeated by simple record and playback of commands that implement the desired functions (for example, unlocking the lock). Authentication does not require that the specific messages and commands be secret, since they are sent unencrypted over the network, and anyone who is determined can read those messages. It is good practice to connect a node directly to a network management tool when installing its authentication key the first time. This prevents the key from being sent over the network where it might be detected by an intruder. Once a node has its authentication key, a network management tool can modify the key, over the network, by sending an increment to be added to the existing key.
备注: 以上内容在ECHELON Lonworks 网络设计课程中讲授，限于篇幅，有兴趣的同行可以参加ECHELON LonWorks技术培训。