Protecting the Project Configuration via the ETS

In the ETS, you can define a project password that protects the devices and configuration data from unauthorized access.

1. Find your project in the Overview tab of the ETS.

2. Click the Details > Security > Add device certificate and set your project password.
   
   

   NOTE: A good password should consist of at least 8 characters in the project window, consisting of a number, an upper case letter, a lower case letter and a special character. Never use weak PIN codes, e.g., 1234, 0000.
   
   

3. Scan or enter the device certificates for all devices in your project that you intend to download using secure commissioning > click OK
   
   

   NOTE: The certificate consists of the serial number and the security key FDSK (Factory Default Setup Key). The FDSK is only used for initial commissioning and is replaced by the ETS during the first download. This prevents unauthorized persons from gaining access to the installation despite knowing the FDSK.
   The FDSK is printed on the device label both as a QR code and in text form.

Background information on the encryption process

• Read or enter the FDSK into the ETS.

• The ETS then generates a device-specific tool key.

• When configuring the device, the ETS sends the tool key to the device. The transmission is encrypted and authenticated with the FDSK.

• From this point on, the device only accepts the tool key for communication and the FDSK can only be used to reset the device to the delivery status. All safety-relevant data is deleted during this reset. Therefore, please keep the FDSK in your project documents.

• The ETS then generates runtime keys, which are required for protected group communication. The transmission is encrypted and authenticated with the tool key.