总结大概如下:
DSK -设备特定密钥
The S2 DSK (Device Specific Key) is used to authenticate the included device before exchanging the network keys.
The DSK is a part of the public key. The DSK is printed physically on the device – or it can be shown on a display if that is available. The DSK is a truncated version of the public key. The public key is 32 bytes long. The DSK is the first 16 bytes of the public key. The PIN code is the first 2 bytes of the public key.
Authentication ensures that the device being included in the network is actually the intended device, and not a malicious device under the control of an attacked.
For the highest S2 security classes, S2-AccessControl and S2-Authenticated, the DSK must be exchanged out of band, e.g. by manually entering it on the controller, or through a QR code. This out of band authentication prevents the nodes participating in the key exchange from establishing a shared secret, if an incorrect DSK was enter