The Z-Wave Alliance has announced the new 2024A Z-Wave Specification Package, bringing with it new security features and updates designed to define how user credentials are managed and communicated between devices and within a Z-Wave network, leading to a more secure and interoperable user experience.
In addition, the Alliance published a new Z-Wave Reference Application Design (ZRAD), a publicly available repository of data such as detailed schematics and reference designs to help developers create and update Z-Wave products with enhanced range capabilities using Z-Wave Long Range.
According to the Alliance, the new Specification Package includes documents that have undergone an intellectual Property Rights review, as well as clarifications and fixes to the User Credential Command Class (CC) and the User Credential Control Specification. Minor clarifications in the Association v4 and MAC v5 Command Classes are also included.
The Alliance defines the Z-Wave User Credential Command Class (CC)Â as a security specification within the Z-Wave protocol that defines how user credentials, such as passwords or PIN codes, are managed and communicated between devices in a Z-Wave network.
Specifically, the Command Class update is designed for smart locks, providing a standardized security method for smart locks to handle user authentication in access control, ensuring secure and reliable operation within a Z-Wave smart home network.
2024 Lighting Controls and Fixtures Report
Lightapalooza took place in late February, and the growth of the event has mirrored the rapid ascension lighting fixtures and controls.Download your copy now!
According to the Alliance, key aspects include:
- Credential Management: It allows devices such as smart locks to create, modify, and delete user credentials. This includes defining the type of credential (e.g., PIN code, password), its validity period, and any associated permissions.
- Security: The Command Class ensures that user credentials are transmitted and stored securely within the network. This is crucial for maintaining the integrity and confidentiality of the smart home environment.
- Interoperability: By following the specifications of the User Credential Command Class, different Z-Wave devices can work together seamlessly to manage user access. For instance, a smart lock from one manufacturer can understand and use the credentials provided by a smart home controller from another manufacturer.
- User Control: It allows users to control who can access their Z-Wave network and devices. For example, homeowners can add or remove users and set different access levels for family members, guests, or service personnel.
- Automation Integration: The Command Class can be used in conjunction with other Z-Wave Command Classes to create sophisticated automation scenarios. For instance, unlocking a door could trigger a series of events, such as turning on lights, adjusting the thermostat, or disarming a security system.
Meanwhile, the Z-Wave User Credential Control Specification update outlines the security standards and protocols for managing user credentials within a Z-Wave network. It defines how devices should handle, store, and communicate user credentials such as PIN codes, passwords, or biometric data to ensure secure access control and authentication.
The Z-Wave Alliance says the key components are:
- Credential Types: Defines the different types of user credentials that can be used, such as numeric PIN codes, alphanumeric passwords, and biometric data.
- Credential Management: Specifies how to create, update, and delete user credentials. It includes procedures for adding new users, changing existing credentials, and removing users from the system.
- Access Control: Establishes how user credentials control access to devices and services within the Z-Wave network. This involves setting permissions and access levels for different users.
- Security Protocols: Outlines the security measures required to protect user credentials. This includes encryption standards for transmitting credentials, secure storage practices, and methods for verifying the authenticity of credentials.
- Interoperability: This standardization ensures that different Z-Wave devices can work together seamlessly when managing user credentials. It allows devices from various manufacturers to understand and use credentials consistently.
- Event Logging: Describes how to log events related to credential use, such as successful and failed authentication attempts. This is important for auditing and monitoring the security of the network.
- User Interface: Provides guidelines for user interfaces that manage credentials, ensuring they are user-friendly and secure.
- Error Handling: Defines how devices should handle errors related to credential management, such as incorrect PIN entries or expired passwords.
Devices that adhere to the User Credential Command Class and User Credential Control Specifications offer more robust, secure and interoperable user authentication and access control, the Alliance says.
The Alliance also released the Z-Wave Reference Application Design (ZRAD), an open-source reference design of best-in-class RF range device. Developed by IoT expert Eric Ryherd, the document seeks to accelerate time-to-market for new Z-Wave products by providing an application design example with step-by-step instructions for implementing Z-Wave technology and the latest features.
The Alliance says ZRAD lowers the barrier to entry for development and provides a clear path from concept to product, offering tools required to leverage Z-Wave technology and Z-Wave Long Range.
It is a publicly available repository of data, including detailed schematics and reference designs, to help developers create Z-Wave products with enhanced range capabilities, the Alliance says.
According to the Alliance, the ZRAD design features a USB controller with a best-in-class RF range. It achieved over 2 miles of successful transmission in line of sight (LoS) testing and yielded exceptional performance in noisy urban environments with over 1 mile of successful transmission. The design can be implemented as both a controller connected to a computer or as an end device with battery power, enabling the development of versatile applications.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!