GE PACSystems RXi User Manual

Chapter 5. CPU OperationGFK-2816F August 2015 915.9.3 Enhanced Security for Passwords and OEM ProtectionEnhanced Security passwords provide a cryptographically secure password protocol betweenan SRTP client (for example Proficy Machine Edition) and a PACSystems controller.Enhanced Security passwords operate very similar to the Legacy security passwordoperation that is supported by previous firmware releases.Enhanced Security passwords are enabled in Proficy Machine Edition (Machine Edition)2.Machine Edition requires a password to enable/disable a target’s Enhanced Security mode.This Machine Edition password restricts changes to the security mode used by a specificMachine Edition target and is independent of any passwords later configured on thecontroller.Enabling Enhanced Security on a target does not force the controller to use only EnhancedSecurity. The controller supports both Legacy and Enhanced Security requests concurrently.For example, one Machine Edition target could be used to set initial passwords with Legacysecurity and a different Machine Edition target with Enhanced Security could connect andauthenticate with the same controller.Passwords set with one password mechanism (Legacy or Enhanced Security) can beauthenticated and changed using the other mechanism, as long as the password is 7characters or less. Setting passwords with Enhanced Security that are greater than 7characters prevents access using the Legacy mechanism. For example, you could useEnhanced Security to set a 10 character password for Level 4 and Level 3, but set a7-character password for Level 2. In this case, a Legacy target could be used to obtainLevel 2 access, but the Legacy target could never access Level 4 or Level 3 because ofLegacy’s 7-character limit.Password and OEM Protection in Systems that Load from Flash MemoryCautionBe careful when setting passwords and loading passwordsfrom User Flash on every power-up. In this situation, it is notpossible to clear passwords back to a default state if theLevel 4 password and OEM key are forgotten.For a recommended procedure, refer to OEM Protection in Systems that Load from FlashMemory on page ICRXICTL000, GFK-2816, GFK281690.2 To determine the required Proficy Machine Edition version, refer to the Important Product Information(IPI) document provided with the CPU firmware version you are using.