Skip to content

Nonce

Jump to bottom Edit New page
Joe Moran edited this page Nov 30, 2019 · 9 revisions

Many of the commands require a "nonce" in order to be accepted by the Pod. This ensures that important commands (such as insulin delivery) are only sent to the correct Pod by the instance of the master that originally paired with it (i.e., a PDM, Loop app or RileyLink app) without any duplicate or missing important commands. A given Pod can only be controlled by the original pairing device/software instance during the course of its life.

The nonce is a four-byte pseudo-random number generated in a sequence using the lot number (Lot) and serial number (TID) as a seed. The PDM sends a nonce to the Pod, which checks that the nonce is the expected value. If not, the command is rejected. The PDM and Pod both run the nonce algorithm with the same seed so they normally stay in sync. (The PDM receives the Lot and TID numbers from the Pod during initial pairing.) If the two sides fall out of sync, the nonce generation may be re-synced.

Example Nonces

Example nonces corresponding to known Lot and TID values can be extracted from traces.

Nonces from Pod setup with known Lot and TID with Lot 41847 & TID 240439: B83DB892 D14D9C49 CE629E28
Nonces from Pairing 03 with Lot 42560 & TID 0621607: C8A1E987 E3955E60 BED2E16B
Nonces from Pairing 02 with Lot 42560 & TID 0661771: 8C61EE59 C0256620 15022C8A

To see how the nonces appear in the messages, look at Pod setup with known Lot and TID:

MTYPE:190a BODY:b83db8924c000...
MTYPE:190a BODY:d14d9c497837...
MTYPE:1a0e BODY:ce629e280201...

The Lot and TID are in an earlier message:
MTYPE:0115 BODY:02070002070002020000a377 0003ab379f1f00ee87

Commands

The basic commands that require use of the nonce are:

The nonce is always the four bytes of the command immediately after the mtype and length bytes for the commands that require its use.

Implementation Notes

A message to the Pod can consist of one or more commands. In general nonce related commands can be combined into a single message (using the same nonce value for all of the nonce commands) along with non-nonce commands. The 0x1A Insulin Schedule command is unique and must always must occur in pair with its subsequent follow on subcommand in a single message without any additional commands. On a bad nonce response, all the nonce commands in the original message should be updated to use the new recalculated nonce value before retransmission of the message.

Add a custom footer

Communications

Reference

Message decoding

Device drivers

Hardware

Clone this wiki locally