Chapter 4. CPU OperationGFK-2222AD April 2018 1654.9.3 Enhanced Security for Passwords and OEM ProtectionEnhanced Security passwords are supported by CPU firmware versions 7.80 or later. This featureprovides a cryptographically secure password protocol between an SRTP client (for example ProficyMachine Edition) and a PACSystems controller. Enhanced Security passwords operate in a very similarfashion to the Legacy security password operation that is supported by previous firmware versions.Enhanced Security passwords are enabled in Proficy Machine Edition74. PME requires a password in orderto enable/disable the Enhanced Security mode of a target. This PME password restricts changes to thesecurity mode used by a specific PME target and is independent of any passwords later configured onthe controller.Enabling Enhanced Security on a target does not force the controller to use only Enhanced Security. Thecontroller supports both Legacy and Enhanced Security requests concurrently. For example, one PMEtarget could be used to set initial passwords with Legacy security and a different PME target withEnhanced Security could connect and authenticate with the same controller.Passwords set with one password mechanism (Legacy or Enhanced Security) can be authenticated andchanged using the other mechanism, as long as the password is 7 characters or less. Setting passwordswith Enhanced Security that are greater than 7 characters prevents access using the Legacy mechanism.For example, you could use Enhanced Security to set a 10-character password for Level 4 and Level 3,but set a 7-character password for Level 2. In this case, a Legacy target could be used to obtain Level 2access, but the Legacy target could never access Level 4 or Level 3 because of 7-character limit of theLegacy scheme.Password and OEM Protection in Systems that Load from Flash MemoryCautionBe careful when setting passwords and loading passwordsfrom User Flash on every power-up. In this situation, it is notpossible to clear passwords back to a default state if the Level4 password and OEM key are forgotten.For a recommended procedure, see OEM Protection in Systems that Load from Flash Memory.74 To determine the required Proficy Machine Edition version, refer to the Important Product Information (IPI) documentprovided with the CPU firmware version you are using.
