Data over sound technology seems to be the most reliable medium of communication in the fast-moving and socially distanced society. NFC (near-field communication) contains the risk of security attacks include eavesdropping, data corruption, or modification, in consumer devices like phones, Bluetooth is fiddly to make work. However, Data over Sound (DoS) is frictionless, works with the two most widely used devices -a speaker and a microphone. Additionally benefitting the functionalities of any device with the existing hardware leveraging data over sound to drive down costs for their business. The use cases of Ultrasonic “Audio QR code” empowering the array of industrial sectors are-
1. Network Provisioning
Onboarding and setup for IoT devices is a major hurdle and a high priority for enterprises and consumers. Upon unboxing, most IoT devices need to connect to a wireless network. For headless devices, this setup involves a multi-step process with little visibility when things go wrong. When a user needs to repeat the setup process multiple times, such as for failed initial setups, network changes, or when provisioning multiple devices, a complex initial process is compounded and can frustrate the user. This leads to poor “out-of-box” first impressions and can be the cause of costly customer service calls and product returns.
Currently, a typical IoT device provisioning process for a headless device requires the transfer of user inputs to a smartphone or computer. A common approach is to have the IoT device enter “setup mode” upon unboxing to create a; temporary WiFi hotspot, which a smartphone or computer can join to transmit inputs and credentials for the user network. This is a multi-step process, potentially causing friction for less experienced users, and a process vulnerable to attacks on the temporary network to intercept credentials.
A second method of provisioning the IoT device used Bluetooth instead of a WiFi hotspot, but the two flows are analogous. With Data Over Sound, the process to transfer network credentials to a headless device is vastly simplified. Upon unboxing, the IoT device activates its microphone. Then, the user transmits credentials from a smartphone or computer in a one-step process. www.trillbit.com 10 The credentials are encoded in an audio signal, which provides a physically bounded one-to-many signal to onboard devices. The signal can also be made cryptographically secure, as with the process mentioned below, to ensure that only approved devices are onboarded.
Data Over Sound also allows for certificate installation on devices and provisioning by claim where devices have a provisioning claim certificate and private key. Data Over Sound can be used in provisioning by a trusted authority, where a trusted user signs in to a provisioning mobile app or web service. The mobile app or web application uses Data Over Sound to supply the temporary provisioning claim certificate to the device along with any required configuration information. The IoT device uses the temporary provisioning claim certificate to connect to the backend servers.
2. Multi-Factor Authentication (MFA)
MFA or second-factor authentication (2FA) is the primary defense against compromised passwords to stop account takeover. For example, many enterprise IoT systems require authentication to access device data or to connect devices such as laptops and phones. Companies are recently moving away from pure password-based authentication due to major vulnerabilities to phishing, man-in-the-middle attacks, and compromised passwords. However, the implementation of MFA can be challenging in IoT devices, especially headless devices, that lack a user interface. Data Over Sound can easily solve the problem of MFA on devices even without an input interface. The advantage of Data Over Sound is that it is compatible with all kinds of MFA based on public-key cryptography, One Time Password (OTP) or Time based One Time Password (TOTP)
3. Proof of Presence
Authentication, in simple terms, is the process of verifying the identity of a person or device. There are several ways to establish identities, such as username/password, certificates, trusted devices, one-time passwords, and cryptographic proofs. Data Over Sound can be used for any authentication and makes the authentication process fast, seamless, and adds a layer of security. It establishes possession of a trusted device and provides a “proof of presence.” As sound does not travel outside the confines of physical space, using Data Over Sound either as a primary method (first factor) or second-factor authentication establishes two additional security features.
Access to Trusted Device: Credentials (Cryptographic challenge, password, TOTP, etc.) are played from a trusted device, either using an app or a link sent to the trusted phone number, which establishes that the user has access to the trusted device.
Proof of Presence: Sound cannot travel outside the confines of physical spaces/boundaries. Hence Data Over Sound with its time signature established that the user and the device are in the same physical space. This eliminates the possibility of phishing attacks and social hacks where the user is duped into clicking a link or sharing his password/code.
Internet-of-Things (IoT) devices—especially those that lack a user interface have two competing challenges: strong security and simple user experience. Data Over Sound solves both of those challenges.
Authentication using Data Over Sound can be a powerful tool to protect our devices, networks, and data while making the process more seamless and user-friendly. Data over sound can also be used in several different ways such as in the mobility industry as a way of authentication and financial industry, including the transfer of payments: it acts as the transport layer within a transaction, to seamlessly transfer the payment data from one device to another.
Trillbits’ data over sound technology enables the most secured and advanced transmission method with given flexibility of performance range customizable by the client.
Get in touch to connect with our team to explore how Trillbit can help your business.