S0/S2 Inclusion with Keypad door lock



I am in the process of developing a simple controller, but was wondering how S0/S2 inclusion works. I have generated an S2 pair for my controller and read about some SecureAPI functions, but can’t find documentation for the overall handshaking involved for inclusion to take place. I have the SDK and access to all documentation, so if someone to point me in the right direction (or the right documentation), that would be great.



All of S2, including the crypto primitives used, the handshaking, the commands, etc. is part of the Command Class Specification. For Security 2, you need to look in the “Transport Encapsulation” document: http://zwavepublic.com/sites/default/files/command_class_specs_2017A/SDS13783-3%20Z-Wave%20Transport-Encapsulation%20Command%20Class%20Specification.pdf

The S2-related material starts at section 3.6.


Thanks, one last question.

Does D2 bootstrapping(Figure 21) occur after a secure inclusion(Figure 8), or does it take the place of the secure inclusion?.


Figure 21 shows what the “secure inclusion” process consists of. It’s confusingly called “S2 Bootstrapping” but is referred to everywhere else as “secure inclusion.” The block at the top labeled “Network Inclusion” is the traditional Z-Wave inclusion process. Right after that has completed, the controller will check the device being included’s NIF for security support - if it finds support for S2, this “secure inclusion” process needs to be started.