Enhanced Security For Passwords And Oem Protection - GE PACSystems RX7i Reference Manual

4.9.3 Enhanced Security for Passwords and OEM Protection

Enhanced Security passwords are supported by CPU firmware versions 7.80 or later. This feature
provides a cryptographically secure password protocol between an SRTP client (for example Proficy
Machine Edition) and a PACSystems controller. Enhanced Security passwords operate in a very similar
fashion to the Legacy security password operation that is supported by previous firmware versions.
Enhanced Security passwords are enabled in Proficy Machine Edition
to enable/disable the Enhanced Security mode of a target. This PME password restricts changes to the
security mode used by a specific PME target and is independent of any passwords later configured on
the controller.
Enabling Enhanced Security on a target does not force the controller to use only Enhanced Security. The
controller supports both Legacy and Enhanced Security requests concurrently. For example, one PME
target could be used to set initial passwords with Legacy security and a different PME target with
Enhanced Security could connect and authenticate with the same controller.
Passwords set with one password mechanism (Legacy or Enhanced Security) can be authenticated and
changed using the other mechanism, as long as the password is 7 characters or less. Setting passwords
with Enhanced Security that are greater than 7 characters prevents access using the Legacy mechanism.
For example, you could use Enhanced Security to set a 10-character password for Level 4 and Level 3,
but set a 7-character password for Level 2. In this case, a Legacy target could be used to obtain Level 2
access, but the Legacy target could never access Level 4 or Level 3 because of 7-character limit of the
Legacy scheme.
Password and OEM Protection in Systems that Load from Flash Memory
For a recommended procedure, see OEM Protection in Systems that Load from Flash Memory.
74
To determine the required Proficy Machine Edition version, refer to the Important Product Information (IPI) document
provided with the CPU firmware version you are using.
GFK-2222AD
Be careful when setting passwords and loading passwords
from User Flash on every power-up. In this situation, it is not
possible to clear passwords back to a default state if the Level
4 password and OEM key are forgotten.
April 2018
Chapter 4. CPU Operation
74
. PME requires a password in order
Caution
165