Security & Authorization¶
Security is becoming an increasing need for all digital solutions to protect our sensitive data and we need to stay up to date in secure measures to have an efficient solution. As a result, we also decided to increase the security of the MobileConnect system (incl. the MobileConnect Manager and Station). The solution makes use of industry standard IoT security practices in combination with a proprietary implementation to upgrade the security of the MobileConnect system. The solution intends to provide the best security practices with most ease-of use to the customers. The solution provides the following secure features:
Identification and authentication of MobileConnect Station devices connecting to MobileConnect software.
Encrypted data flow between MobileConnect Manager and MobileConnect Stations.
To make use of the secure solution, please upgrade your MobileConnect software:
Upgrade the Manager software to newest version (1.2.0 or higher) by following the steps in MobileConnect Manager Upgrade and Redeploy.
Update the Station firmware to version 6.1.0 or higher using the Manager (1.2.0 or higher) web interface.
Authorize a Station¶
If a new Station with firmware version 6.1.0 or higher needs to be installed in the MobileConnect system for the first time, please follow the steps below.
Pre-requisites:
MobileConnect Manager version is 1.2.0 or higher.
MobileConnect Station firmware version is 6.1.0 or higher.
Steps to authorize a Station:
Connect the Station to your network and power it on.
Open the Manager web interface and log in.
Go to the Station list page. It should show the MobileConnect Station with the status “Unauthorized”.
Click on the device and you will be prompted to authorize it. The authorize page will display the serial number, the MAC address of the streaming interface and the MAC address of the control Interface. Check these details to make sure the Station is the one you intend to connect to.
Additionally, you can verify the fingerprint of the Station. Because the fingerprint acts as a digital signature of the device, we strongly recommend you execute this step, in order to verify the Station is exactly the device you intend to connect. Make sure the displayed fingerprint matches the fingerprint displayed in the local admin interface of the MobileConnect Station. To access this interface, follow the steps described in Configure Your Station Using the Local Admin Interface.
Once you have verified the Station is legitimate please click on “Accept”. The Station then becomes part of the MobileConnect system. If you find the device to be illegitimate, click on “Reject” to deny access and ignore all further authorization requests from this device.
If you rejected a Station by mistake, see Reauthorize a Station.
Update and Authorize a Station¶
If a new Station with firmware version lower than 6.1.0 needs to be installed in to the MobileConnect system, please follow the steps below.
Pre-requisites:
MobileConnect Manager version is 1.2.0 or higher.
MobileConnect Station firmware version is lower than 6.1.0 (valid versions are 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7).
Steps to authorize a Station:
Connect the Station to your network and power it on.
Open the Manager web interface and log in.
Go to the Station list page. It should show the MobileConnect Station with the status “Update Required”.
Open the Station details page by clicking on the device. Start the firmware update of the Station to the newest available (6.1.0 or higher) by clicking on “Start Update”.
The MobileConnect Station will update and reboot into the new version.
The Manager device list page now shows Station with the status “Unauthorized”. Proceed with authorizing the Station, following the steps in Authorize a Station.
Reauthorize a Rejected Station¶
In case you rejected a MobileConnect Station by clicking on the “Reject” button, you can re-initiate the authorization process by following these steps:
Go to the Manager web interface and open the Devices page.
There should be a “Rejected MobileConnect Stations” section below your device list.
Click on the “Clear” button in the “Rejected MobileConnect Stations” as shown below:
Now reboot the rejected MobileConnect Station. The MobileConnect Station will reboot and enter the authorization mode. The Station will be available in the device list page with status “Unauthorized”. Proceed with authorizing the Station, following the steps in Authorize a Station.
Reset Authorization¶
There are two different ways to reset the authorization status on the MobileConnect Station, depending on whether your Station’s status is shown in the Manager as “Running” or “Not Running”.
In case of “Running”, please see “Reset Authorization with the Manager”.
In case of “Not Running”, please see “Reset Authorization with the Local Admin Interface”.
Reset Authorization with the Manager
It is possible for you to re-initiate the authorization process of an already authorized MobileConnect Station with the following steps:
Open the Manager web interface and click on the Station. Select the “Reset Device” button and confirm with “Reset”.
The Station will be removed from the Manager list of authorized devices and has to be authorized again. The reset can take up to 5 minutes.
After the reset is completed the Station is rebooted and enters the authorization state. You can now reauthorize the Station following the steps in Authorize a Station.
Reset Authorization with the Local Admin Interface
In case the device has status “Not Running” in the Manager, you can still re-initiate the authorization process of an already authorized MobileConnect Station with the following steps:
Open the Manager web interface and click the Station with status “Not Running”.
Now click on the “Remove Device” button.
A pop-up window appears. Click “Remove” to remove the Station from your Manager list of devices.
Connect to the local admin interface of your MobileConnect Station, following the steps in Configure Your Station Using the Local Admin Interface.
Click on the “Reset Device” button.
The reset can take up to 5 minutes.
After the reset is completed the Station is rebooted and enters the authorization state. You can now reauthorize the Station in the Manager following the steps in Authorize a Station.
Security Recommendations¶
In case you deleted the authorization using the local admin interface and did not remove the Station from the Manager first, the following steps are needed to authorize the MobileConnect Station again:
Remove the Station from the Manager.
Reboot the Station by using the local admin interface or power cycle.
If you changed the network configuration in an incompatible way and want to reset it using the local admin interface, you can do a “Network Reset” on the network page, instead of a full reset. This way your authorization is kept intact.
You can always force a re-authentication by removing the Station from the Manager.
When putting a Station into storage for a longer period, it is recommended to remove the Station from the Manager.
If a Station leaves your premise, we strongly suggest resetting it completely using the local admin interface.