Step 7 - Security 2 DSK Information

Since April 2 of 2017, Z-Wave has required the use of the Security Command Class version 2 (S2) on all new product certifications. This step in the certification case is where the critical information about Security 2's Device Specific Key (DSK) can be found on the product or with the product's packaging.

The DSK is not used as part of the encrypted security used in Z-Wave communications to and from devices. The DSK is used to prevent "man in the middle" security attacks which would make it possible for somebody to add a malicious device to your network at the time you are attempting to include another device; such a malicious device could expose the encrypted security key(s) used for communication to and from devices. When a Security S2 enabled device is being added to a Security S2 enabled controller, the controller will display all of the DSK except the first five digits. (Except in the case of a SmartStart enabled controller.) The first five digits are then entered by the end user to confirm that the device being included to the network is the one that the end user intended to add, and not a potentially malicious device that may be within radio range of the inclusion process.

The Z-Wave Alliance has additional information and rules regarding the application of the DSK on the product. These rules do not supersede those of the Silicon Labs' Specifications, they are clarifications on the size, application methods, and materials which can be used. A link to this information is in the market certification system at the top of this step, and you may also get a copy at the information page for the Z-Wave Plus Market Certification system at the Z-Wave Alliance Member Site.

Click the red areas below to learn more or choose the topics from the menu at the left.