Already a subscriber? 
MADCAD.com Free Trial
Sign up for a 3 day free trial to explore the MADCAD.com interface, PLUS access the
2009 International Building Code to see how it all works.
If you like to setup a quick demo, let us know at support@madcad.com
or +1 800.798.9296 and we will be happy to schedule a webinar for you.
Security check
Please login to your personal account to use this feature.
Please login to your authorized staff account to use this feature.
Are you sure you want to empty the cart?
BS EN 50090-4-4:2025 Home and Building Electronic Systems (HBES) - HBES IoT Point API, 2025
- undefined
- European foreword
- 1 Scope
- 2 Normative references
- 3 Terms, definitions and abbreviations [Go to Page]
- 3.1 Terms and definitions
- 3.2 Abbreviations
- 4 HBES IoT Point API [Go to Page]
- 4.1 Introduction
- Figure 1 — HBES IoT Point API [Go to Page]
- 4.2 System entities
- Figure 2 — System entities [Go to Page]
- 4.3 Device Model
- Figure 3 — HBES IoT Device Model
- Table 1 — Core elements and identifiers [Go to Page]
- 4.4 Conventions used in this document [Go to Page]
- 4.4.1 Conformance
- 4.4.2 Number Format
- 4.4.3 Uniform Resource Identifiers
- 4.4.4 Uniform Resource Name
- 5 Point API Standard [Go to Page]
- 5.1 Application Protocol
- 5.2 Overview [Go to Page]
- 5.2.1 Common Data Model
- Figure 4 — Point Interactions [Go to Page]
- 5.2.2 Application Layer Service Mapping
- 5.2.3 Application Protocol
- 5.2.4 Content-Format
- Table 2 — Used notations [Go to Page]
- 5.3 System Design [Go to Page]
- 5.3.1 Events and Group Communication
- 5.3.2 Brokerless System
- Figure 5 — Brokerless system [Go to Page]
- 5.3.3 Message Broker-based System
- Figure 6 — Broker-based System [Go to Page]
- 5.3.4 Device Linking [Go to Page]
- 5.3.4.1 Introduction
- 5.3.4.2 Function Point Tables
- Figure 7 — Function Point Tables [Go to Page]
- 5.4 Device Bootstrapping and Configuration [Go to Page]
- 5.4.1 Introduction
- 5.4.2 Device Individualization Procedure
- 5.4.3 Device Configuration Procedure [Go to Page]
- 5.4.3.1 General
- 5.4.3.2 Full download
- Table 3 — Full download [Go to Page]
- 5.4.3.3 Partial/Differential download
- Table 4 — Partial/differential download [Go to Page]
- 5.5 Resource Model [Go to Page]
- 5.5.1 Introduction
- 5.5.2 Resources (Points) [Go to Page]
- 5.5.2.1 Definition
- 5.5.2.2 Base Path
- 5.5.2.3 Resource Names
- 5.5.2.4 Resource Path
- Table 5 — Resource path definitions [Go to Page]
- 5.5.3 Interface Types (if) [Go to Page]
- 5.5.3.1 Introduction and overview
- Table 6 — Interface definitions and methods [Go to Page]
- 5.5.3.2 Link List Interface Type (if.ll)
- 5.5.3.3 Parameter and Diagnostic Interface Type (if.p, if.d)
- 5.5.3.4 Configuration Interface Type (if.c)
- 5.5.3.5 Input Interface Type (if.i)
- 5.5.3.6 Output Interface Type (if.o)
- 5.5.3.7 Group Object Interface (if.g.s)
- 5.5.3.8 Batch Interface Type (if.b)
- 5.5.3.9 Programming Mode Interface Type (if.pm)
- 5.5.3.10 Manufacturer Specific Interface Type (if.m.{name})
- 5.5.4 Device Discovery Resource (.well-known/core)
- 5.5.5 Device API Resource (.well-known/knx) [Go to Page]
- 5.5.5.1 General requirement
- 5.5.5.2 API Version Resource Object
- Table 7 — Data in the basic response
- Table 8 — Mandatory and option configuration resources [Go to Page]
- 5.5.5.3 Device Command Resource Object [Go to Page]
- 5.5.5.3.1 Overview
- Table 9 — Command members of "/.well-known/knx"
- Table 10 — Response members of "/.well-known/knx" [Go to Page]
- 5.5.5.3.2 (Master) Reset Command
- Table 11 — Device Reset Command [Go to Page]
- 5.5.5.3.3 (Basic) Restart Command
- Table 12 — Device Restart command [Go to Page]
- 5.5.5.4 Device Configuration Fingerprint (.well-known/knx/f)
- Table 13 — Device Configuration Fingerprint resource [Go to Page]
- 5.5.5.5 Device Individualization Resource (.well-known/knx/ia)
- Table 14 — Device Individualization Resource Object
- Table 15 — Device Individualization Resource [Go to Page]
- 5.5.6 Device Object Resource (dev)
- Table 16 — Device resources and paths [Go to Page]
- 5.5.7 Function Point Table (fp) [Go to Page]
- 5.5.7.1 Introduction and Overview
- Figure 8 — Multicast Message Exchange
- Figure 9 — Direct Unicast Message Exchange [Go to Page]
- 5.5.7.2 Device Load State Machine State
- 5.5.7.3 Group Object Table Resource (fp/g) [Go to Page]
- 5.5.7.3.1 Definition
- Table 17 — Group Object Table resources and paths [Go to Page]
- 5.5.7.3.2 Function Point Group Object Resource Object
- Table 18 — Function Point Group Object resource object CBOR keys [Go to Page]
- 5.5.7.3.3 Group Object Configuration Flags Resource Object "cflag"
- Table 19 — Group Object configuration flags [Go to Page]
- 5.5.7.3.4 Group Object Table Modifications
- Figure 10 — Group Object Table Misconfiguration [Go to Page]
- 5.5.7.4 Function Point Recipient Table Resource (fp/r) [Go to Page]
- 5.5.7.4.1 Definition
- Table 20 — Function Point Recipient Table resource path and methods [Go to Page]
- 5.5.7.4.2 Function Point Recipient Resource Object
- Table 21 — Function Point Recipient resource object CBOR keys [Go to Page]
- 5.5.7.4.3 Publish Group Events
- Table 22 — Publish Group Event Messages
- Figure 11 — Multicast Function Point Recipient Table Item
- Figure 12 — Unicast Function Point Recipient Table Item [Go to Page]
- 5.5.7.5 Function Point Publisher Table Resource (fp/p) [Go to Page]
- 5.5.7.5.1 Definition
- Table 23 — Function Point Publisher table [Go to Page]
- 5.5.7.5.2 Function Point Publisher Resource Object
- Table 24 — Function Point Publisher resource object
- Figure 13 — Multicast Function Point Publisher Table Item
- Figure 14 — Unicast Function Point Publisher Table Item [Go to Page]
- 5.5.8 Application Program Object Resource (ap) [Go to Page]
- 5.5.8.1 General
- Table 25 — Application Program resources and paths [Go to Page]
- 5.5.8.2 Device Load State Machine Command (a/lsm)
- Table 26 — Device Load State Machine States
- Table 27 — Device Load State Machine Events
- Figure 15 — Device Load State Machine [Go to Page]
- 5.5.8.3 Device Load State Machine Resource Object
- Table 28 — Device Load State Machine Resource Object [Go to Page]
- 5.5.9 S-Mode Messaging Resource (k) [Go to Page]
- 5.5.9.1 Definition
- Table 29 — Resources for Publisher and Recipient Communication [Go to Page]
- 5.5.9.2 Group Notification Resource Object
- Table 30 — JSON keys for Group Object notification [Go to Page]
- 5.5.9.3 Lifetime Query Parameter "lt"
- 5.5.9.4 Non-Confirmable Notification Query Parameter "non"
- 5.5.10 Functional Block Resource (f)
- Table 31 — Functional Block resource [Go to Page]
- 5.5.11 Parameter and Diagnostic Property Resource (p) [Go to Page]
- 5.5.11.1 General Requirements
- Table 32 — Parameter and Diagnostic Properties [Go to Page]
- 5.5.11.2 Point Value Update Notification
- 5.5.11.3 Metadata Query Parameter "m"
- 5.5.11.4 Metadata Resource Object
- Table 33 — HBES IoT common metadata [Go to Page]
- 5.5.11.5 Datapoint Type "dpt"
- 5.5.11.6 Status and Command Resource Object (Z8)
- Table 34 — Status and Command JSON/CBOR keys [Go to Page]
- 5.5.11.7 Lifetime Query Parameter "lt"
- 5.5.12 Subscription Resource (sub) [Go to Page]
- 5.5.12.1 Definition
- Table 35 — Mandatory and optional subscription resources [Go to Page]
- 5.5.13 Datatype Mapping [Go to Page]
- 5.5.13.1 Introduction and general requirements
- 5.5.13.2 Simple Datatypes
- Table 36 — Simple datatypes and CBOR representation [Go to Page]
- 5.5.13.3 Complex Datatypes
- Table 37 — Complex datatypes and CBOR representation [Go to Page]
- 5.5.13.4 HBES IoT Datatype Extensions
- Table 38 — Datatype Extension CBOR representation [Go to Page]
- 5.6 Runtime Interworking [Go to Page]
- 5.6.1 Discovery [Go to Page]
- 5.6.1.1 Introduction
- 5.6.1.2 Device Discovery with DNS-SD [Go to Page]
- 5.6.1.2.1 Motivation
- Figure 16 — Bidirectional DNS Service Discovery for HBES IoT device discovery [Go to Page]
- 5.6.1.2.2 DNS-SD Services
- 5.6.1.2.3 Commissioning and Operational Discovery
- 5.6.1.2.4 TXT Records [Go to Page]
- 5.6.1.2.4.1 General
- 5.6.1.2.4.2 Sleep Period Record "SP"
- 5.6.1.3 Resource Discovery with CoAP [Go to Page]
- 5.6.1.3.1 Introduction
- 5.6.1.3.2 Basic Query Format
- 5.6.1.3.3 Multiple Query-Attributes Format
- 5.6.1.3.4 Wildcard Usage and Hierarchy
- 5.6.1.3.5 Basic Response Format
- 5.6.1.3.6 Query-Attributes [Go to Page]
- 5.6.1.3.6.1 Endpoint Name "ep"
- 5.6.1.3.6.2 Programming Mode "if.pm"
- 5.6.1.3.6.3 Interface Description "if"
- 5.6.1.3.6.4 Resource Type "rt"
- 5.6.1.3.6.5 Sector "d"
- 5.6.1.4 Linkage and resolution
- 5.6.2 Device IP Address [Go to Page]
- 5.6.2.1 Requirements
- 5.6.2.2 HBES Network Example
- Figure 17 — KNX Network Example [Go to Page]
- 5.6.3 Unicast Operation [Go to Page]
- 5.6.3.1 IPv6 Unicast Port Number
- 5.6.3.2 Options
- Table 39 — Unicast operation server requirements [Go to Page]
- 5.6.3.3 Response Codes [Go to Page]
- 5.6.3.3.1 Overview
- Table 40 — Server response codes [Go to Page]
- 5.6.3.3.2 Error Responses to Queries
- 5.6.3.3.3 Rate limiting
- 5.6.3.3.4 Block-wise Transfer
- 5.6.4 Multicast Operation [Go to Page]
- 5.6.4.1 IPv6 Multicast Port Number
- 5.6.4.2 CoAP multicast scopes
- 5.6.4.3 Response suppression
- 5.6.4.4 Response timing
- 5.6.4.5 Sleepy devices
- 5.6.5 Multicast Group IP Addresses
- 5.6.6 Message Flow Control
- 5.6.7 Creating, Updating, and Deleting Resources [Go to Page]
- 5.6.7.1 Introduction
- 5.6.7.2 Creating resources
- 5.6.7.3 Updating resources
- 5.6.7.4 Deleting Resources
- 5.6.8 Pagination [Go to Page]
- 5.6.8.1 Basic principle
- 5.6.8.2 List Metadata Query Parameter "l"
- Table 41 — List metadata member [Go to Page]
- 5.6.8.3 Link List
- 5.6.9 S-Mode Group Communication [Go to Page]
- 5.6.9.1 Publish Group Notification – Unacknowledged Multicast
- 5.6.9.2 Publish Group Notification – Acknowledged Unicast
- 5.6.9.3 Group Notification Subscription – Acknowledged Unicast
- 5.6.9.4 IP Address Resolving
- Table 42 — IP address resolving steps [Go to Page]
- 5.6.10 Point Publish/Subscribe [Go to Page]
- 5.6.10.1 Subscriptions
- 5.6.10.2 Notifications
- 6 Security [Go to Page]
- 6.1 Introduction
- 6.2 Device Identity Enrollment [Go to Page]
- 6.2.1 Common requirements
- Figure 18 — Device Identity Enrollment [Go to Page]
- 6.2.2 Device Authentication
- 6.2.3 Domain CA Provisioning
- 6.2.4 Operational Device Certificate Enrollment (Pull Certificate) [Go to Page]
- 6.2.4.1 Requirements
- 6.2.4.2 LDevID Simple Enrollment Command (a/sen)
- Table 43 — LDevID enrollment resource [Go to Page]
- 6.2.4.3 LDevID Simple Enrollment Resource Object
- Table 44 — LDevID Simple Enrollment Resource Object members [Go to Page]
- 6.2.5 Management Client as Registrar (Push Certificate)
- Table 45 — Security configuration resources [Go to Page]
- 6.3 Device Identity Certificates [Go to Page]
- 6.3.1 Manufacturer Device Certificates (IDevID)
- 6.3.2 Operational Device Certificates (LDevID)
- 6.4 Certificate Validation [Go to Page]
- 6.4.1 General requirements
- 6.4.2 Device Certificate Cipher Suites
- 6.5 Device Access Control [Go to Page]
- 6.5.1 General requirements
- 6.5.2 Trust List Resource (auth/crts) [Go to Page]
- 6.5.2.1 General Requirements
- Table 46 — Trust List resources [Go to Page]
- 6.5.3 Access Scope
- Table 47 — HBES IoT Access scopes [Go to Page]
- 6.5.4 Device Access Control List Resource (auth/at) [Go to Page]
- 6.5.4.1 Common requirements
- Figure 19 — Access Token Configuration Example
- Figure 20 — Subscription Access Token Configuration Example
- Table 48 — Access token configuration resources on an HBES IoT device (EXAMPLE) [Go to Page]
- 6.5.4.2 Access Token Resource Object
- Table 49 — Access token item members [Go to Page]
- 6.5.5 Revocation List
- 6.6 OSCORE Application Layer Security [Go to Page]
- 6.6.1 General requirements
- Figure 21 — OSCORE Access Token Configuration [Go to Page]
- 6.6.2 OSCORE Key Configuration Resource Object
- Table 50 — Members in the "cnf"-claim
- Table 51 — OSCORE configuration resources [Go to Page]
- 6.6.3 Password Authenticated Access Token Enrollment [Go to Page]
- 6.6.3.1 Introduction
- 6.6.3.2 PASE Resource Object
- Table 52 — JSON keys and the CBOR mapping [Go to Page]
- 6.6.3.3 Device Authentication with SPAKE2+ over CoAP
- Figure 22 — Password Authenticated OSCORE Access Token Enrollment
- Table 53 — Access token example after PASE Credential Exchange [Go to Page]
- 6.6.3.4 Access Token Configuration [Go to Page]
- 6.6.3.4.1 General
- 6.6.3.4.2 Temporary Access Token Configuration (Responder Key)
- Figure 23 — Access Token Configuration (Pub/Sub) [Go to Page]
- 6.6.3.4.3 Access Token for Group Communication
- Figure 24 — Access Token Configuration (Group Communication) [Go to Page]
- 6.6.3.5 Device Handover
- Table 54 — SPAKE2+ Handover Password JSON keys and the CBOR mapping [Go to Page]
- 6.6.4 Message Replay Protection [Go to Page]
- 6.6.4.1 General
- 6.6.4.2 Sender Security Context
- Figure 25 — Security context [Go to Page]
- 6.6.4.3 Message Sequence Number
- 6.6.4.4 Sequence Number Synchronization
- Figure 26 — OSCORE Sequence Number Synchronization (with "sia" attribute only)
- Figure 27 — OSCORE Sequence Number Synchronization (with "sia" and “s” attribute)
- Table 55 — Resources for sequence number synchronization [Go to Page]
- 6.6.5 Message Processing
- 6.6.6 OSCORE Cipher Suites [Go to Page]
- 6.6.6.1 Key Derivation Function
- Figure 28 — HKDF [Go to Page]
- 6.6.6.2 Password-based Key Derivation Function (PBKDF)
- 6.6.6.3 OSCORE Security Context
- 6.6.6.4 SPAKE2+ Enrollment Configurations
- 6.6.6.5 Transcript Computation (TT)
- 6.6.6.6 Password
- 7 Software Update [Go to Page]
- 7.1 Introduction
- 7.2 Software Update Client Resource (swu)
- Table 56 — Resources for software update [Go to Page]
- 7.3 Software Update Modes [Go to Page]
- 7.3.1 Overview
- 7.3.2 Software Update Query Resource Object
- Table 57 — Software Update Query Resource Object members [Go to Page]
- 7.3.3 Software Update Query Parameter "p", "ps", and "pkg" [Go to Page]
- 7.3.3.1 General
- Figure 29 — Software Package Query Parameter [Go to Page]
- 7.3.3.2 Resume Software Update
- 7.3.4 Software Update PULL [Go to Page]
- 7.3.4.1 Basic requirements
- Figure 30 — Software Update PULL [Go to Page]
- 7.3.4.2 Software Update Notification
- 7.3.4.3 Software Update Query
- 7.3.5 Software Update PUSH
- Figure 31 — Software Update PUSH
- 8 Profiles [Go to Page]
- 8.1 HBES IoT Point API Device [Go to Page]
- 8.1.1 Default Configuration State
- Table 58 — Features in the default configuration state [Go to Page]
- 8.1.2 Commissioned Mode
- Table 59 — Features for normal operation [Go to Page]
- 8.1.3 Device Resource List
- Table 60 — Device Resource List [Go to Page]
- 8.2 CBOR Encoding [Go to Page]
- 8.2.1 Function Point Tables, Functional Blocks, and Properties
- Table 61 — Function Point, Functional Block, and Property CBOR encoding [Go to Page]
- 8.2.2 Software Update Package Query
- Table 62 — Software Update CBOR encoding [Go to Page]
- 8.2.3 Security [Go to Page]
- 8.2.3.1 Access Token (RFC 8392)
- Table 63 — Access Token CBOR encoding [Go to Page]
- 8.2.3.2 Access Token Confirmation Methods (RFC 8747)
- Table 64 — Access Token Confirmation Methods [Go to Page]
- 8.2.3.3 OSCORE Key Configuration incl. PASE
- Table 65 — OSCORE Key Configuration
- 9 Examples [Go to Page]
- 9.1 Device point list examples [Go to Page]
- 9.1.1 Device Point List Example with OSCORE and (D)TLS
- 9.2 Device configuration example [Go to Page]
- 9.2.1 Full Download Example
- 9.2.2 Partial Download Example
- 9.3 Data encryption/decryption example [Go to Page]
- 9.3.1 OSCORE Unicast [Go to Page]
- 9.3.1.1 General
- 9.3.1.2 PASE Example
- Figure 32 — PAKE-based OSCORE Credential Configuration Example [Go to Page]
- 9.3.1.3 Unicast Read/Write Point Example
- Figure 33 — Unicast OSCORE Request/Response Example [Go to Page]
- 9.3.2 OSCORE Multicast [Go to Page]
- 9.3.2.1 Multicast S-Mode Example
- Figure 34 — Multicast OSCORE S-Mode Example
- 10 HBES IoT Router [Go to Page]
- 10.1 Introduction
- 10.2 Conformance
- 10.3 Number Format
- 10.4 Uniform Resource Identifiers
- 10.5 Uniform Resource Name
- 10.6 HBES IoT Router Specification [Go to Page]
- 10.6.1 System Design - HBES Subsystem Interworking
- Figure 35 — HBES Installation example [Go to Page]
- 10.6.2 Device Bootstrapping and Configuration [Go to Page]
- 10.6.2.1 Introduction
- 10.6.2.2 Device Configuration Procedure
- 10.6.3 Resource Model [Go to Page]
- 10.6.3.1 Group Address Mapping Table Resource (fp/gm) [Go to Page]
- 10.6.3.1.1 Introduction
- Table 66 — Group Address Mapping Table resources [Go to Page]
- 10.6.3.1.2 Group Address Mapping Resource Object
- Table 67 — Group Address mapping item members [Go to Page]
- 10.6.3.1.3 Routing Group Event Messages
- Table 68 — non-IoT HBES to HBES IoT
- Table 69 — Knx IoT to non-IoT HBES [Go to Page]
- 10.6.3.2 KNXnet/IP Resources (f/netip & p/netip)
- Table 70 — KNXnet/IP resources and paths [Go to Page]
- 10.6.3.3 HBES Data Security Resources (f/datasec & p/datasec)
- Table 71 — Data Security resources and paths [Go to Page]
- 10.6.3.4 Data Security Resource Object
- Table 72 — Data Security mapping item members [Go to Page]
- 10.6.4 Device Load State Machine Command (a/lsm)
- 10.6.5 Device Configuration Fingerprint (.well-known/knx/f)
- 10.7 Runtime Interworking [Go to Page]
- 10.7.1 Discovery [Go to Page]
- 10.7.1.1 General
- 10.7.1.2 Device Discovery with DNS-SD
- 10.7.1.3 Discovery on KNXnet/IP
- 10.7.2 Message Routing [Go to Page]
- 10.7.2.1 Introduction
- Figure 36 — HBES IoT Router [Go to Page]
- 10.7.2.2 Forwarding Rules
- 10.7.2.3 Message Queuing
- 10.7.2.4 Message Translation
- 10.7.2.5 Message Routing over KNXnet/IP
- 10.7.2.6 Individual Address Defending
- 10.8 Profiles [Go to Page]
- 10.8.1 Device Resource List
- Table 73 — Device Resource List [Go to Page]
- 10.8.2 CBOR Encoding [Go to Page]
- 10.8.2.1 Group Address Mapping Table and HBES Data Security
- Table 74 —Group Address Mapping Table and HBES Data Security CBOR encoding [Go to Page]
- 10.8.2.2 non-IoT HBES support
- Table 75 — non-IoT HBES support
- Table 76 — KNXnet/IP support [Go to Page]
- 10.9 Security
- 10.10 Examples [Go to Page]
- 10.10.1 Network Segmentation & Zones
- Figure 37 — Network Segmentation & Zones [Go to Page]
- 10.10.2 Example Relation logical and physical Topology
- Figure 38 — Example logical topology
- Figure 39 — Example physical topology
- Bibliography [Go to Page]
