Ask a question

3430 questions

3907 answers

2915 comments

20049 members

Ask a question
0 votes
227 views
in Vehicle tracking by

We are considering using your FMB204 product.

I'm wondering how does this product authenticate against the server? In the configuration tool we can configure the server URL, but no authentication.

On the Codec Wiki page I see that the device identifies itself using it's IMEI. But it looks to me like anyone could send a package to a server using that IMEI, pretending to be that device - or am I missing something?

Ideally the packages would be signed on the device using a private key (non-retreivable, secured in hardware), so that the authenticity can be checked on the server side using the corresponding public key. Does such a mechanism exist? If not, how do you ensure authenticity?

1 Answer

0 votes
by
Hi,

If someone wants to send the data to your server,

they should know one IMEI from your data base,IP of your server and the port number.

But it's difficult to get these three details for someone who outside.

If someone took the hardware also, You can protect the device configuration file by setting password through configurator.

I think, for a normal vehicle tracking application, these security measures are enough.

Thanks in advance

Naveen