Confusion about networkSecurityLevel

Our customers complained to us that the networkSecurityLevel was ZWAVE_S2_UNAUTHENTICATED after the product was added. After verifying and confirming, we found a fact: the same device, hub, and the same device handler file, after adding a device with an iPhone, the networkSecurityLevel is ZWAVE_S2_AUTHENTICATED, and the networkSecurityLevel of the device added with an Android phone is ZWAVE_S2_UNAUTHENTICATED. How can I ensure that it is always in the ZWAVE_S2_AUTHENTICATED state?

Maybe @garrett.kranz can help you

Thanks! We checked the product interface documentation, ZWAVE_S2_UNAUTHENTICATED is correct. Now I’m just confused why I can configure ZWAVE_S2_AUTHENTICATED through iPhone, it is really magical!

Do these devices utilize a QR Code for their DSK? Could you provide a model number for the device(s)?

1 Like

most likely this is the cause, must be paired with the QR code scanned.

No QR Code for their DSK, the model is MP21Z.

I’m looking at this:

Which says:

Security S2 Classes: S2 Authenticated, S2 Unauthenticated

As far as I’m aware, to be S2_Authenticated means a DSK (commonly passed to controller as QR code) must be used in some form. I’m not immediately sure why the OS the App is running on would make a difference in what Security Level the device reports as utilizing after Inclusion (unless opportunity to enter DSK is not offered), but definitely something we can look at further.

@nayelyz could you help with this?

1 Like

I verified with the internal team and they agree with you, @garrett.kranz:

There are just two different levels of S2 encryption:

  • Authenticated is when you have scanned a QR code or manually input a device-specific key.
  • Unauthenticated is when you haven’t done that.

The instructions to connect the device to a Hub mention scanning the QR code.

1 Like