Estimote platforms offer two layers of security:
- cloud-based authentication protecting beacons from the unauthorized access
- Estimote Secure Monitoring
Secure UUID is a legacy encryption option if you work with iBeacon. While authentication is mandatory, using Secure UUID is optional and is designed to work with iBeacon only.
Note that to use the most reliable proximity monitoring with security features, consider Estimote Monitoring and its security component.
Authentication
Every beacon is automatically registered in the Estimote Cloud and assigned to its owner in the factory, based on the email address using during purchase. If a user is not an owner of the beacon, they won’t be able to change any settings.
When you connect to a beacon with the Estimote app, you will see its basic properties like identifier or color. But to be able to configure beacons’ settings with the Estimote app, you need to be logged in to your Estimote Account and Estimote Cloud needs to authenticate you as the owner. If you don’t have an account, you can sign up here.
The same applies to Estimote SDK, but instead of Estimote Account login and password, we use API tokens to authorize access for third-party apps.
We explain how the API token works in a separate article.
If you want to learn more about ownership management and transferring beacons between users, there’s another article that will help.
Secure UUID
Enabling Secure UUID causes rotation of the beacon’s ID (UUID, Major and Minor) so it’s broadcasting unpredictable, encrypted values. We advise using it in the production environment, especially in case of large deployments. In order to use Secure UUID, you'll need to enable iBeacon protocol first.
By default the IDs that beacons broadcast(UUID, Major, Minor), used by apps to identify them, are visible to any device supporting Bluetooth Low Energy. This means anyone could piggyback on your beacon network. For instance, imagine you’re a store owner and your customers are using your app that is integrated with beacons. Beacons broadcast their IDs, so your competitor can easily build an app that will show competing offers to your customers. Secure UUID solves that problem.
With Secure UUID enabled, the only way to resolve the beacon’s ID is via authorized access to Estimote Cloud which requires your username and password or the proper app ID & app token.
Estimote SDK detects whether Secure UUID is enabled on the beacon and automatically takes care of the decryption—you are able to use ranging & monitoring as usual.
Pro tip: don't forget to change ESTBeaconManager to ESTSecureBeaconManager.
Estimote Monitoring currently doesn't offer any alternatives to Secure UUID but we're hard at work to implement it in the near future.
How to enable Secure UUID?
It’s pretty easy. First, UUID rotation requires beacons to have Estimote firmware version 2.2 or later. All you need is log into your Estimote Account in the Estimote iOS app and connect to the beacon. Secure UUID will appear in the settings list.
You can also secure your beacons directly from Estimote Cloud dashboard. Simply go to beacon settings and set Secure UUID and save changes. The change will be applied via remote settings update.
