The following tables provide a more detailed description of each slot key
and slot configuration information along with what commands and command modes can be run
using this slot.
Table 1. Slot 0 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
0 |
Key: |
|
NwkKey/AppKey(1,2)
- 128-bit AES
diversified network parent key
- 128-bit AES
diversified application parent key
- Writes by KDF
command are not permitted
|
Slot: |
|
- Derive key
allowed with authorizing MAC
- Key stored in
Slot 13 used for key derivation
- Contents of the
slot are secret and cannot be read.
|
Valid
commands |
|
Table 2. Slot 1 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
1 |
Key: |
|
Device Private Key
- Slot contains the
P256 NIST ECC private key
- A public version
the of key can always be generated
|
Slot: |
|
- Key generation is
never permitted
- Contents of this
slot are secret
- ECDH operations
are permitted
- External
signature of arbitrary messages is enabled
|
Valid
commands |
|
Table 3. Slot 2 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
2 |
Key: |
|
Application Session Key
- 128-bit AES
session key
- Writes by KDF
command are permitted
|
Slot: |
|
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
Valid
commands |
|
Table 4. Slot 3 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
3 |
Key: |
|
Network Session Encryption Key
- 128-bit AES
session key
- Writes by KDF
command are permitted
|
Slot: |
|
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
Valid
commands |
|
Table 5. Slot 4 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
4 |
Key: |
|
Serving Network Session Integrity Key
- 128-bit AES
session key
- Writes by KDF
command are permitted
|
Slot: |
|
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
Valid
commands |
|
Table 6. Slot 5 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
5 |
Key: |
|
Forwarding Network Session Integrity Key
- 128-bit AES
session key
- Writes by KDF
command are permitted
|
Slot: |
|
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
Valid
commands |
|
Table 7. Slot 6 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
6 |
Key: |
|
Join Server Integrity Key
- 128-bit AES
session key
- Writes by KDF
command are permitted
|
Slot: |
|
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
Valid
commands |
|
Table 8. Slot 7 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
7 |
Key: |
|
Join Server Encryption Key
- 128-bit AES
session key
- Writes by KDF
command are permitted
|
Slot: |
|
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
Valid
commands |
|
Table 9. Slot 8 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
8 |
Key: |
|
Certificate Data
- Slot contains ECC
public key and certificate data
- Slot is
lockable
|
Slot: |
|
- Writes are always
permitted
- Reads are always
permitted
|
Valid
commands |
|
Table 10. Slot 9 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
9 |
Key: |
|
JoinEUI(3)/DevNonce
- Slot contains
other data
- Data are used in
derive key calculation
|
Slot: |
|
- Writes are always
permitted
- Reads are always
permitted
|
Valid
commands |
|
Table 11. Slot 10 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
10 |
Key: |
|
DevEUI(4)
- Slot contains
other data (manually assigned Device EUI)
- Data is used to
derive the session keys
- Slot is
lockable
|
Slot: |
|
- Writes are always
permitted
- Reads are always
permitted
|
Valid
commands |
|
Table 12. Slot 11 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
11 |
Key: |
|
Multicast Application Session Key
- Slot contains
128-bit AES session key
- Writes by KDF
command are permitted
|
Slot: |
|
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
Valid
commands |
|
Table 13. Slot 12 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
12 |
Key: |
|
Multicast Network Session Key
- Slot contains
128-bit AES session key
- Writes by KDF
command are permitted
|
Slot: |
|
- Writes are always
permitted
- Contents of this
slot are secret
- Reads from this
slot are encrypted using the key stored in Slot 14
|
Valid
commands |
|
Table 14. Slot 13 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
13 |
Key: |
|
Repersonalization Key
- Slot contains a
SHA256 key
|
Slot: |
|
- Slot may be
written with an encrypted write back to itself
- Data stored in
slot is secret and reads are prohibited
- Key cannot be
used with the
MAC command.
|
Valid
commands |
|
Table 15. Slot 14 Configuration
Information
Slot |
Configuration Value |
Description of Enabled Features |
14 |
Key: |
|
IO Protection Key
- Slot contains a
SHA-256 key
- A random nonce is
required when using this key
- This slot is
lockable
|
Slot |
|
- Slot is always
writable
- Data in slot is
secret and reads are prohibited
|
Valid
commands |
|
Notes:
- 1.Each Major LoRa Network provider
will have their own Unique parent key which is used to generate the diversified
keys stored in the ATECC608A-TNGLoRaWAN device.
- 2.For the ATECC608A-TNGLoRaWAN
Diversified Parent Keys are generated based
on TTI, or Actility.
- 3.The JoinEUI value is associated with a particular network provider. For the ATECC608A-TNGLoRaWAN this value will be associated with
either TTI or Actility.
- 4.The DevEUI is an IEEE Extended
Unique Identifier. Each device will have its own value. For the ATECC608A-TNGLoRaWAN
the DevEUI will be assigned by
Mircrochip.