Scope and Purpose
This specification details everything necessary to implement an application and transport layer stack. It is intended to be used by implementers as a complete specification but where necessary other references are noted with details on how these references apply to this specification.
In case of discrepancies between this specification and the SDK, this specification SHALL take precedence.
Acronyms and Abbreviations
Acronym
Definition
ACL
Access Control List
AGID
Application Group Identifier
AEAD
Authenticated Encryption with Associated Data
AES
Advanced Encryption Standard (from FIPS 197)
AP
Access Point
API
Application Programming Interface
ASN.1
Abstract Syntax Notation 1 (from ITU ASN.1)
BLE
Bluetooth Low Energy
BDX
Bulk Data Exchange
BTP
Bluetooth Transport Protocol
CA
Certificate Authority (also known as Certification Authority)
CASE
Certificate Authenticated Session Establishment
CAT
CASE Authenticated Tag
CBC-MAC
Cipher Block Chaining Message Authentication Code
CCM
Counter mode of encryption with CBC-MAC (AEAD mode) (from NIST 800-38C)
CD
Certification Declaration
CMS
Cryptographic Message Syntax
CN
Common Name (from X.520)
CSR
Certificate Signing Request
CTR
Counter Mode (AES block cipher mode) (from NIST 800-38A)
Acronym
Definition
DAC
Device Attestation Certificate
DER
Distinguished Encoding Rule (from X.690)
DN
Distinguished Name (from X.520)
DNS
Domain Name System
DNS-SD
DNS Based Service Discovery (from RFC 6763)
DRBG
Deterministic Random Bit Generator (from NIST 800-90A)
ECC
Elliptic Curve Cryptography (from SEC 1) (also "Error Correction Code")
ECDHE
Elliptic Curve Ephemeral Diffie-Hellman (from SEC 1)
ECDSA
Elliptic Curve Digital Signature Algorithm (from SEC 1)
EUI
Extended Unique Identifier
EUI-64
64-bit EUI
GATT
Bluetooth Generic Attribute Profile
GID
Group Identifier (also referred to as "Group ID")
GKH
Group Key Hash
GUA
Global Unicast Address
HMAC
Keyed-Hash Message Authentication Code (from FIPS 198-1)
ID
Identifier
IP
Internet Protocol
IPK
Identity Protection Key (a Universal Group key shared across a Fabric)
KDF
Key Derivation Function (from NIST 800-56C)
KDM
Key Derivation Method (from NIST 800-56C)
LLA
Link local address
LLN
Low power and Lossy Network
MAC
Medium Access Control (or "Message Authentication Code")
MCSP
Message Counter Synchronization Protocol
MIC
Message Integrity Code (used as synonym for MAC (Message Authentication Code) to avoid confusion with MAC (Medium Access Control) as used in network addressing contexts)
MRP
Message Reliability Protocol
NFC
Near Field Communication
NOC
Node Operational Certificate
NOCSR
Node Operational Certificate Signing Request
Acronym
Definition
OID
Object Identifier (from ITU ASN.1)
OTA
Over-the-air (used mostly in context of "Over-the-air Software Update")
PAA
Product Attestation Authority
PAI
Product Attestation Intermediate
PAKE
Password-Authenticated Key Exchange (from SPAKE2+)
PASE
Passcode-Authenticated Session Establishment
PBKDF
Password-Based Key Derivation Function (from NIST 800-132)
PDU
Protocol Data Unit
PKI
Public Key Infrastructure
PID
Product Identifier (also Product ID)
PIN
Personal Identification Number
QR code
Quick Response (code)
SDU
Service Data Unit
SED
Sleepy End Device
SHA
Secure Hash Algorithm (from FIPS 180-4)
SRP
Service Registration Protocol (from SRP)
TCP
Transmission Control Protocol
TFTP
Trivial File Transfer Protocol (from RFC 1350)
TLV
Tag Length Value (refers mostly to Tag-length-value (TLV) Encoding Format)
TRNG
True Random Number Generator (from NIST 800-90B)
UDP
User Datagram Protocol
UGID
Universal Group Identifier
ULA
Unique local address
UTC
Universal Time Coordinated
UUID
Universally Unique Identifier
VID
Vendor Identifier (also Vendor ID)
ZCL
Zigbee Cluster Library
Definitions
Term
Definition
Access Control List
A list of entries in the Access Control Cluster expressing individual rules which grant privileges to access cluster elements.
Term
Definition
Administrator
A Node having Administer privilege over at least the Access Control Cluster of another Node.
Advertising Data
A data container used in BLE Advertisements to convey a logical grouping of information.
Attribute
A data entity which represents a physical quantity or state. This data is communicated to other Nodes using commands.
Binding
A persistent attachment between an instance on one Node to one-or-more corresponding instances on another (or the same) Node.
Border Router
A router, also known as Edge Router, that provides routing services between two IP subnets (typically, between a hub network and a peripheral network).
Bridge
A Node that represents one or more non-Matter devices on the Fabric.
Bridged Device
A non-Matter device that is represented on the Fabric by a Bridge so it can be used by Nodes on the Fabric.
Broadcast
The transmission of a message to every Node in a particular broadcast domain, be it all Nodes on a Ethernet or Wi-Fi link, and/or all Nodes on a Thread mesh.
Certificate Authority (CA)
An entity that issues digital certificates such as a DAC or NOC
Certification Declaration
A digitally signed token that conveys Matter certification status of a vendor’s certified Device.
Client
A Cluster interface that typically sends commands that manipulate the attributes on the corresponding server cluster. A client cluster communicates with a corresponding remote server cluster with the same cluster identifier.
Cluster
A specification defining one or more attributes, commands, behaviors and dependencies, that supports an independent utility or application function. The term may also be used for an implementation or instance of such a specification on an endpoint.
Command
Requests for action on a value with an expected response which may have parameters and a response with a status and parameters.
Commission
To bring a Node into a Fabric.
Commissionable Node
A Node that is able to be commissioned. Specific actions such as a button press may be required to put a Commissionable Node into Commissioning Mode in order for it to allow Commissioning.
Commissionable Node Discovery
Discovery of a Node that is able to be Commissioned, but not necessarily in Commissioning Mode, for the purpose of performing Commissioning. The Node may be brand new, after factory reset, or it may have have already been Commissioned.
Commissioner
A Role of a Node that performs Commissioning.
Term
Definition
Commissioner Discovery
Discovery of a Commissioner.
Commissionee
An entity that is being Commissioned to become a Node.
Commissioning
Sequence of operations to bring a Node into a Fabric by assigning an Operational Node ID and Node Operational credentials.
Commissioning Channel
A Secure Channel used to perform Commissioning.
Commissioning Mode
The mode of a Node in which it allows Commissioning.
Controller
A Role of a Node that has permissions to enable it to control one or more Nodes.
Controlee
A Role of a Node that has permissions defined to enable it to be controlled by one or more Nodes.
Device
A piece of equipment containing one or more Nodes.
Device Attestation Certificate
An RFC 5280 compliant X.509 v3 document with attestable attributes.
Discriminator
A 12-bit value used to discern between multiple commissionable Matter device advertisements. See Discriminator value.
Endpoint
A particular component within a Node that is individually addressable.
Endpoint Address
The address assigned to an Endpoint.
Fabric
A logical collection of communicating Nodes, sharing a common root of trust, and a common distributed configuration state.
Information Element
A Wi-Fi (IEEE 802.11-2020) data container used to convey various information regarding a particular Wi-Fi network’s capabilities and operation.
Key Center
A system component which takes the NOCSR from a Commissioner and allocates an Operational Node ID that is unique to the Fabric, inserts this Operational Node ID as the DN into the NOC, and signs the NOC.
Manual Pairing Code
An 11-digit or 21-digit numeric code that can be manually entered/spoken instead of scanning a QR code, which contains the information needed to commission a Matter device.
Network
A set of nodes that have addressability, connectivity, and reachability to one another via Internet Protocol.
Node
An addressable entity which supports the Matter protocol stack and (once Commissioned) has its own Operational Node ID and Node Operational credentials. A Device MAY host multiple Nodes.
Operational Discovery
Discovery of a previously commissioned Node for the purpose of performing operations with that Node.
Onboarding Payload
The information needed to start the process of commissioning a Device.
Term
Definition
OTA Provider
A Node implementing the OTA Software Update Provider role (see OTA Software Update Provider Cluster Definition).
OTA Requestor
A Node implementing the OTA Software Update Requestor role (see OTA Software Update Requestor Cluster Definition).
Product Attestation Authority
An entity which operates a root level Certificate Authority for the purpose of Device Attestation.
Product Attestation Intermediate
An entity which operates an intermediate level Certificate Authority for the purpose of Device Attestation.
Product ID (PID)
A 16-bit number that identifies the type of a Device, uniquely among the product types made by a given vendor. See Product ID.
QR Code
A machine-readable optical label that contains information about the item to which it is attached (see QR Code).
Role
Some set of (related) behaviors of a Node. Each Node can have multiple roles.
Router
A device that provides routing services in its network in cooperation with other Routers.
Soft-AP
A device utilizing Wi-Fi (IEEE 802.11-2020) Access Point (AP) functionality to advertise its presence and allow IP-bearing connections but does not offer Internet connectivity.
Secure Channel
A channel in which messages are encrypted and authenticated. Unicast secure channels also provide authentication of each peer.
Server
A Cluster interface that typically supports all or most of the attributes of the Cluster. A Server Cluster communicates with a corresponding remote Client Cluster with the same Cluster identifier.
Service Discovery
The ability of a Node to locate services of interest.
Software Image
A data blob, equivalent to a file, utilized by a Node to update its software. For the purposes of OTA Software Update, this further refers to files conforming to the OTA Software Image File Format.
Thread
A low-power IEEE 802.15.4-based IPv6 mesh networking technology (see Thread specification).
Vendor
The organization that made a Device.
Vendor ID (VID)
A 16-bit number that uniquely identifies the Vendor of the Device. See Vendor ID.
Standards Terminology Mapping
Matter
HomeKit
Weave
Thread
Zigbee
Administrator
Admin
Fabric provisioner
Commissioner
Coordinator
Matter
HomeKit
Weave
Thread
Zigbee
Attribute
Characteristics
Property
Attribute
Binding
Event subscription
Subscription
Link
Binding
Broadcast
Broadcast
Broadcast
Client
Service client
Client
Client
Cluster
Services
interface
Cluster
Cluster
Trait
Service
Cluster
Command
Command
Command
Command
Command
Commissioning
Pairing
Pairing
Commissioning
Association
Commissioner
Admin
Fabric provisioner
Commissioner
Coordinator
Device
Accessory
Device
Device
Device
End Device
End Device
End Device
Endpoint
Profile
Resource
Interface
Endpoint
Endpoint Address
Device ID
Resource ID
Endpoint Identifier
Endpoint address
Fabric
Network
Fabric
Partition
Network
Network Manager
Device / Controller
Nest Service
Leader
Network manager
Node
Accessory
Node
Node
Node
Router
Router
Router
Server
Service host
Server
Server
Service Discovery
Service directory
Service Discovery
Conformance Levels
The key words below are usually capitalized in the document to make the requirement clear.
Key Word
Description
MAY
A key word that indicates flexibility of choice with no implied preference.
NOT
A key word that used to describe that the requirement is the inverse of the behavior specified (i.e. SHALL NOT, MAY NOT, etc)
SHALL
A key word indicating a mandatory requirement. Designers are required to implement all such mandatory requirements.
SHOULD
A key word indicating flexibility of choice with a strongly preferred alternative. Equivalent to the phrase is recommended.
References
The following standards and specifications contain provisions, which through reference in this
document constitute provisions of this specification. All the standards and specifications listed are normative references. At the time of publication, the editions indicated were valid. All standards and specifications are subject to revision, and parties to agreements based on this specification are encouraged to investigate the possibility of applying the most recent editions of the standards and specifications indicated below.
CSA Reference Documents
Reference
Reference Location/URL
Description
[CSA-05- 03874]
CSA Manufacturer Code Database
[AppClusters]
https://github.com/CHIP- Specifications/ connectedhomeip-spec/raw/ build-sample/pdf/ appclusters.pdf
Application Clusters - Under development
[Matter Brand Guidelines]
Matter Brand Guidelines
External Reference Documents
Reference
Reference Location/URL
Description
[AdProx]
Advertising Proxy for DNS-SD SRP
[ANSI C18]
ANSI C18 Standards on Portable Cells and Batteries
[Bluetooth®]
https://www.bluetooth.org/ docman/handlers/ downloaddoc.ashx? doc_id=441541
Bluetooth® Core Specification 4.2
[FIPS 180-4]
https://csrc.nist.gov/ publications/detail/fips/180/ 4/final
NIST FIPS 180-4 Secure Hash Standard (SHS), August 2015
[FIPS 186-4]
https://csrc.nist.gov/ publications/detail/fips/186/ 4/final
NIST FIPS 186-4 Digital Signature Standard (DSS), July 2013
[FIPS 197]
NIST FIPS 197 Advanced Encryption Standard (AES), November 2001
[FIPS 198-1]
https://csrc.nist.gov/ publications/detail/fips/198/ 1/final
NIST FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC), July 2008
[IEC 60086]
IEC 60086 standard for Primary Batteries
Reference
Reference Location/URL
Description
[IEEE 754-
2019]
"IEEE Standard for Floating-Point Arithmetic," in IEEE Std 754-2019 (Revision of IEEE 754-2008) July 2019, doi: 10.1109/IEEESTD.2019.8766229.
[IEEE 802.11-
2020]
IEEE 802.11-2020 - IEEE Standard for Information Technology - Telecommunications and Information Exchange between Systems - Local and Metropolitan Area Networks - Specific Requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications
[ISO/IEC 1800
4:2015]
Information technology - Automatic identification and data capture techniques - QR Code bar code symbology specification
[ITU ASN.1]
ITU ASN.1 Project
[NFCForum- TS-NDEF 1.0]
Data Exchange Format (NDEF) Technical Specification, NFC Forum
[NFCForum- TS-RTD 1.0]
Record Type Definition (RTD) Technical Specification, NFC Forum
[NFCForum- TS-
RTD URI 1.0]
URI Record Type Definition Technical Specification, NFC Forum
[NIST 800- 38A]
https://nvlpubs.nist.gov/ nistpubs/Legacy/SP/ nistspecialpublication800- 38a.pdf
NIST SP 800-38A Recommendation for Block Cipher Modes of Operation: Methods and Techniques, December 2001
[NIST 800- 38C]
https://nvlpubs.nist.gov/ nistpubs/Legacy/SP/ nistspecialpublication800- 38c.pdf
NIST SP 800-38C Recommendations for Block Cipher Mode of Operation: The CCM Mode for Authentication and Confidentiality, Morris Dworkin, May 2004 (errata update 2007)
[NIST 800- 56C]
https://csrc.nist.gov/ publications/detail/sp/800- 56c/rev-2/final
NIST SP 800-56C Recommendation for Key-Derivation Methods in Key-Establishment Schemes, Revision 2, August 2020
[NIST 800- 90A]
https://csrc.nist.gov/ publications/detail/sp/800- 90a/rev-1/final
NIST SP 800-90A Rev. 1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators
Reference
Reference Location/URL
Description
[NIST 800- 90B]
https://csrc.nist.gov/ publications/detail/sp/800- 90b/final
NIST SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation
[NIST 800-
132]
https://nvlpubs.nist.gov/ nistpubs/Legacy/SP/ nistspecialpublication800- 132.pdf
NIST SP 800-132 Recommendation for Password- Based Key Derivation, Part 1: Storage Applications, December 2010
[NIST 800-
186]
https://nvlpubs.nist.gov/ nistpubs/ SpecialPublications/ NIST.SP.800-186-draft.pdf
NIST Draft SP 800-186 Recommendation for Discrete Logarithm-Based Cryptography, October 2019
[RFC 1350]
The TFTP Protocol (Revision 2)
[RFC 2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997
[RFC 2782]
A DNS RR for specifying the location of services (DNS SRV)
[RFC 2986]
PKCS #10: Certification Request Syntax Specification Version 1.7
[RFC 3306]
Unicast-Prefix-based IPv6 Multicast Addresses
[RFC 3587]
IPv6 Global Unicast Address Format
[RFC 3986]
Uniform Resource Identifier (URI)
[RFC 4007]
IPv6 Scoped Address Architecture
[RFC 4191]
Default Router Preferences and More-Specific Routes
[RFC 4193]
Unique Local IPv6 Unicast Addresses (ULA)
[RFC 4291]
IPv6 Addressing Architecture
[RFC 4506]
XDR: External Data Representation Standard
[RFC 4648]
The Base16, Base32, and Base64 Data Encodings
[RFC 4861]
Neighbor Discovery for IP version 6 (IPv6)
Reference
Reference Location/URL
Description
[RFC 4862]
IPv6 Stateless Address Autoconfiguration
[RFC 5280]
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
[RFC 5505]
Principles of Internet Host Configuration
[RFC 5652]
Cryptographic Message Syntax (CMS)
[RFC 6335]
Service Name and Port Number Procedures
[RFC 6760]
Replacement of AppleTalk NBP
[RFC 6762]
Multicast DNS
[RFC 6763]
DNS-Based Service Discovery
[RFC 6920]
Naming Things with Hashes
[RFC 7230]
Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
[RFC 7346]
IPv6 Multicast Address Scopes
[RFC 7468]
Textual Encodings of PKIX, PKCS, and CMS Structures
[RFC 7558]
Scalable DNS-SD Requirements
[RFC 8305]
Happy Eyeballs Version 2: Better Connectivity Using Concurrency
[RFC 8490]
DNS Stateful Operations
[RFC 8765]
DNS Push Notifications
[RFC 8766]
Discovery Proxy
[draft-lemon- stub- networks]
https://datatracker.ietf.org/ doc/html/draft-lemon-stub- networks-02
Connecting Stub Networks to Existing Infrastructure
[SEC 1]
SEC 1: Elliptic Curve Cryptography, Version 2.0, Certicom Research, May 2009
Reference
Reference Location/URL
Description
[SEC 2]
SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0, Certicom Research, January 2010
[SIGMA]
Krawczyk H. (2003) SIGMA: The ‘SIGn-and-MAc’ Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols. In: Boneh D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg.
[SPAKE2+]
https://tools.ietf.org/pdf/ draft-bar-cfrg-spake2plus- 02.pdf
SPAKE2+, an Augmented PAKE (Draft 02, 10 December 2020)
[SRP]
Service Registration Protocol
[Thread]
Thread 1.1 Specification
[Verhoeff]
Verhoeff, J. (1969). Error detecting decimal codes. MC Tracts. Centrum Voor Wiskunde en Informatica.
[X.501]
ITU X.501 : Information technology - Open Systems Interconnection - The Directory: Models
[X.509]
ITU X.509 : Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks
[X.520]
ITU X.520 : Information technology - Open Systems Interconnection - The Directory: Selected attribute types
[X.680]
ITU X.680 : Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation
[X.690]
ITU X.690 : Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)
Informative References
CSA Reference Documents
Reference
Reference Location/URL
Description
[DotdotArch]
Dotdot Architecture Model, document 13-0589, revision 14, February 2019
Reference
Reference Location/URL
Description
[ZCL]
Zigbee Cluster Library Specification, document 07- 5123, revision 8, December 2019
Conventions
The following conventions are used in this document.
Enumerations and Reserved Values
An undefined value or range of an enumeration, field, or identifier SHALL be considered reserved for future revisions of this standard and SHALL not be available for implementation.
A value or range of an enumeration, field, or identifier that is available for non-standard implementation SHALL be described as “manufacturer specific”, “ms”, or “MS”.
A value or range of an enumeration, field, or identifier that is available for other parts of this standard SHALL be described as such.
A value or range of an enumeration, field, or identifier that is deprecated, and not available for implementation, SHALL be described as “Deprecated” or “D”.
Reserved Bit Fields
Each full or partial data field (e.g., message data field), of any bit length, that is undefined, SHALL be considered reserved for future revisions of this standard and SHALL not be available for implementation.
An implementation of a revision where a bit is reserved SHALL indicate that bit as zero when conveying that bit in a message, and ignore that bit when conveyed from another implementation.
Number Format