The following tables provide a more detailed description of each slot key
and slot configuration information along with what commands and command modes can be run
using this slot.
Table 2-6. Slot 0 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 0 | Key: | | NwkKey/AppKey(1,2)- 128-bit AES
diversified network parent key
- 128-bit AES
diversified application parent key
- Writes by KDF
command are not permitted
|
| Slot: | |
- Derive key
allowed with authorizing MAC
- Key stored in
Slot 13 used for key derivation
- Contents of the
slot are secret and cannot be read.
|
| Valid
commands |
|
Table 2-7. Slot 1 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 1 | Key: | | Device Private Key- Slot contains the
P256 NIST ECC private key
- A public version
the of key can always be generated
|
| Slot: | |
- Key generation is
never permitted
- Contents of this
slot are secret
- ECDH operations
are permitted
- External
signature of arbitrary messages is enabled
|
| Valid
commands |
|
Table 2-8. Slot 2 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 2 | Key: | | Application Session Key- 128-bit AES
session key
- Writes by KDF
command are permitted
|
| Slot: | |
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
| Valid
commands |
|
Table 2-9. Slot 3 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 3 | Key: | | Network Session Encryption Key- 128-bit AES
session key
- Writes by KDF
command are permitted
|
| Slot: | |
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
| Valid
commands |
|
Table 2-10. Slot 4 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 4 | Key: | | Serving Network Session Integrity Key- 128-bit AES
session key
- Writes by KDF
command are permitted
|
| Slot: | |
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
| Valid
commands |
|
Table 2-11. Slot 5 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 5 | Key: | | Forwarding Network Session Integrity Key- 128-bit AES
session key
- Writes by KDF
command are permitted
|
| Slot: | |
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
| Valid
commands |
|
Table 2-12. Slot 6 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 6 | Key: | | Join Server Integrity Key- 128-bit AES
session key
- Writes by KDF
command are permitted
|
| Slot: | |
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
| Valid
commands |
|
Table 2-13. Slot 7 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 7 | Key: | | Join Server Encryption Key- 128-bit AES
session key
- Writes by KDF
command are permitted
|
| Slot: | |
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
| Valid
commands |
|
Table 2-14. Slot 8 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 8 | Key: | | Certificate Data- Slot contains ECC
public key and certificate data
- Slot is
lockable
|
| Slot: | |
- Writes are always
permitted
- Reads are always
permitted
|
| Valid
commands |
|
Table 2-15. Slot 9 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 9 | Key: | | JoinEUI(3)/DevNonce- Slot contains
other data
- Data are used in
derive key calculation
|
| Slot: | |
- Writes are always
permitted
- Reads are always
permitted
|
| Valid
commands |
|
Table 2-16. Slot 10 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 10 | Key: | | DevEUI(4)- Slot contains
other data (manually assigned Device EUI)
- Data is used to
derive the session keys
- Slot is
lockable
|
| Slot: | |
- Writes are always
permitted
- Reads are always
permitted
|
| Valid
commands |
|
Table 2-17. Slot 11 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 11 | Key: | | Multicast Application Session Key- Slot contains
128-bit AES session key
- Writes by KDF
command are permitted
|
| Slot: | |
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
| Valid
commands |
|
Table 2-18. Slot 12 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 12 | Key: | | Multicast Network Session Key- Slot contains
128-bit AES session key
- Writes by KDF
command are permitted
|
| Slot: | |
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
| Valid
commands |
|
Table 2-19. Slot 13 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 13 | Key: | | Repersonalization Key- Slot contains a
SHA256 key
|
| Slot: | |
- Slot may be
written with an encrypted write back to itself
- Data stored in
slot is secret and reads are prohibited
- Key cannot be
used with the
MAC command.
|
| Valid
commands |
|
Table 2-20. Slot 14 Configuration
Information| Slot | Configuration Value | Description of Enabled Features |
|---|
| 14 | Key: | | IO Protection Key- Slot contains a
SHA-256 key
- A random nonce is
required when using this key
- This slot is
lockable
|
| Slot | |
- Slot is always
writable
- Data in slot is
secret and reads are prohibited
|
| Valid
commands |
|
Note:
- Each Major LoRa Network provider
will have their own Unique parent key which is used to generate the diversified
keys stored in the ATECC608B-TNGLoRaWAN device.
- For the ATECC608B-TNGLoRaWAN
Diversified Parent Keys are generated based
on TTI, or Actility.
- The JoinEUI value is associated with a particular network provider. For the ATECC608B-TNGLoRaWAN this value will be associated with
either TTI or Actility.
- The DevEUI is an IEEE Extended
Unique Identifier. Each device will have its own value. For the ATECC608B-TNGLoRaWAN
the DevEUI will be assigned by
Mircrochip.
