One of the common requests for our Bleu Station beacons is how to prevent hijacking, or “spoofing”, of the beacon signals. Since the iBeacon spec (and for that matter, Physical Web Beacons) do not provide a way to prevent someone else setting up a beacon in a different location that broadcasts the exact same identifiers, an app must find some other way to verify physical location (for example, prompting a user to complete an action when in range of a beacon).
An app or solution cannot trust that the beacon identifiers are actually coming from a known beacon. The app must look for other ways to gain that trust. This limits beacon solutions to activities where trust is not critical, or requires actions to provide that trust (and sometimes no other ways are available).
For the last year, we have been working way to trust a beacon and we are well on our way to rolling out a solution that does exactly that. Let me explain a bit of how it works.
Standard Beacon Behavior on iOS
- In app registers with the iOS to be notified when in range of specific beacons.
- When the device comes into range of one of these beacons that is advertising the registered identifiers, iOS notifies the app (if it is running) or launches it and notifies it (if it is not running).
- The app can do ranging to determine how close the device is to the beacon.
With our Trusted Beacon, we introduce an additional advertisement: a digital signature of the beacon identifiers. The digital signature is dynamically generated on the beacon and advertised in a similar way as the beacon identifiers.
The standard beacon behavior doesn’t change. The app now has an additional option to listen for a Trusted Beacon advertisement and once it receives the digital signature, can verify the authenticity of the beacon identifiers.
In order to accomplish this, each of our Trusted Beacons will have a digital identity generated for it, consisting of a private key and a certificate that contains a public key. These identities can be generated by the app developer, or can be created and managed using some enterprise tools we are creating. The app can either look up the public key based on the beacon identifiers, or can have the public key installed directly in the app.
Once you have updated your app to only use a Trusted Beacon, your app can do things with confidence that the user is where they say they are. Some examples:
- limit room controls (projector, heating, cooling) only when in room
- limit access to a student test to the test room
- limit coupons to in store access
- only allow authentication when in range of a Trusted Beacon (two factor authentication)
We are just rolling out the beginnings of a trusted beacon network. We are making firmware available for our Bleu Station beacons (both the series 100 and series 200) that contains a digital identity. We also have a sample app, sample code, and an iOS API. We are updating our tools to provision digital identities on our beacons. Check out our Trusted Beacon page and sign up for updates. If you are building a beacon solution and want to integrate enterprise beacons, drop me a line at firstname.lastname@example.org.
Or better yet, grab yourself a starter kit and start developing today.
Learn all about our trusted beacons at http://proxidyne.com