I'm developing an iOS application for a client that reads PLC controller data via TCP/IP. The PLC devices don't have any method to authenticate a user..so basically if you know what your looking for, are on net; you have the ability to read the data and write to the registers if you want to. Well the goal with this application is to allow for some sort of Permission or authentication in the app. Example. The engineer of said devices has the ability to right to the registers but a maintenance worker only has read only permissions. There is no way of adding a authentication method to the PLC devices sitting on the LAN. I need to come up with a way of doing it through the app.
Any suggestions?
Things to keep in mind...
1: More often than not these PLC devices are NOT on a LAN that has access to the internet.
2: More often than not the iPAD/iPhone will not be able to get to the internet for any sort of web based authentication.
3: This app will also need to be developed on the Android so the authentication will need to be cross platform compatible.
4: Different clients from different companies will need the ability to "adjust" and "customize" a users permissions.
Let me know if I need to clarify anything. Thanks!
Allen Bradley has already created a very similar software platform for their PLC's called Assetcentre for OC's. I suggest you read their documentation carefully to udnerstand their architecture. In their software system the first step is to delete the PLC communications software off all the PC's and force them to connect via a special "gateway" networked version which both handles authentication/security and does the actual PC<-->PLC communication.
For "unconnected" mode, a PC "borrows" a license (downloads the security profile) which has an expiration date in it so that the file "expires".
Obviously anyone with a "rogue" PC in the plant can bypass all of this by going back to the way they used to do it.
Related
A similar question was asked How to send data from one android device to another?
However their scope of data pass is between android devices.
And so to extend that question, I wanted to know ways of connecting two completely separate devices like ECG device to apps (Android or IOS).
For example, AliveCor allows to send reading of external device to their mobile app.
So what ways do we have apart from Bluetooth or TCP/IP?
You have essentially listed all reasonable means that are used nowadays. You can either transfer data via bluetooth, using your own/3rd party hosted webservices like firebase or direct tcp/ip connection. TCP/IP probably being the hardest, bluetooth being 2nd hardest and webservice being the easiest but yet requiring both devices to be online. The implementation is however totally your responsibility (with web you would either add user registration and sync user data to all signed in devices, or if sync is one time thing, you could upload data to your server, issue a expiring token, which if entered in other device allow it to download that data).
Another way is NFC(Near field communication). You can transmit data when phone(with NFC) is near to another device (with NFC). Also,
For example, AliveCor allows to send reading of external device to their mobile app.
this app use NFC for transmitting data.
From permissions ( google play AliveCor Kardia app)
Also read the information about this system on https://www.alivecor.com/faq/
https://books.google.com.ua/books?id=H-JRAwAAQBAJ&lpg=PA41&ots=EV9Qy61sjY&dq=nfc%20data%20transfer%20ECG&hl=uk&pg=PA41#v=onepage&q=nfc%20data%20transfer%20ECG&f=false
I am developing a voting application based on Android. This app will be used to create user accounts, receive notifications and caste vote.
I want to develop a back-end server for this application which will also have an Administrator interface to create new voting events. I want to know what all options I have to implement this project.
The server must maintain user account records in a secure manner, send out one-time-passwords from email, have sessions implemented for users logging in from the Android App, send out notifications about upcoming events to the app.
What back-end technology, database, parsing(for communication between server and android application), encryption(for secure communication) should I use to make this possible?
I also want to know how would I be able to host this server, both on a local virtual machine as well as on an online hosting.
The scope of your project is far too large if you're wanting sessions, administration views, E-mail integration, encryption, etc., without even knowing how it would all interact, or even what language to use.
As for what languages / services you would need, it varies for each task:
For administration views, you're probably looking at either ASP.NET or PHP with a CMS.
In terms of security, you'd want either MySQLi, or preferably, PDO. Make sure to read up on how to prevent things like LFI, RFI, SQLi, and XSS if you want semi-decent security.
Both ASP.NET and PHP can handle sessions, and they're fairly easy to understand in either language, so that wouldn't be too much of a concern.
While you can send out E-mails directly using scripts like PHP's mail() function, you probably want a system that can easily monitor things like how often users click on certain links, where the people who click the links are located, what campaigns are most effective, etc. For that, you'd want a service like MailChimp, Marketo, or Pardot.
As for how to have the back-end interact with the front-end, you're working with Android, so you're probably working with Java. That means you would be limited to functions like HttpMethod. Having said that, you can create plain HTML applications, or use a service like PhoneGap. In either of those situations, you have AJAX at your disposal, which will make things a lot easier.
For hosting, simply do a Google search for 'web hosting service'. There's literally thousands of decent hosts. Some have better pricing than others, but some have better features. I can't really recommend any brilliant ones, as they all meet different needs. To host locally, you'll want either IIS, or WAMP / LAMP depending on whether you are running Windows or Linux.
If you're not familiar with almost every term that I've mentioned, then the scope of your project is too large, and you'll definitely want to scale back.
I don't mean to scare you off, just making sure you're aware of just how difficult it would be to put all of that together :)
Starting to build an app where we will have a desktop and a mobile client applications. These two apps will exchange messages/info on frequent basis. The idea is not to have any server/central entity for this communication. We want to send/receive messages without any server implementation. I googled on these and got peerjs.com, openpeer.org and google project apprtc. Peerjs and apprtc are kind of web based applications which are not in our kind of.
But still it's not very clear on how this things works out as they involve any server or not. Kind of stuck and not sure where to start and how. Is it possible at all?
We are not yet tied to any platform, so open to any kind of implementation. Please share if you have any similar experiences of any applications using this kind of technical stack?
use webrtc ios project, and its what you need
https://github.com/gandg/webrtc-ios
Sockets is what I'd use, assuming the network requirements mentioned above
Those two devices may or may not be on the same network.
Then you need a server of some form, whether you want one or not. That server may simply be a data broker (see PeerJS) or provide more functionality, but it must exist. That server may be one that you host yourself or be some common cloud provider, but it must exist.
Can any one help me out how to do MDM Integration in Android from client and server prespective?
I want to do an enterprise application which having lock and wipe functionality. I have no any clue of workflow of MDM in Android.
Thanks.
Android Device Admin API will do both things what you want to do (lock/wipe device and even more). An example is given and also you can find this complete source code in your Android SDK directory.
Now as client server perspective:
You have to implement your task (lock and wipe) in your android application (in client, i.e. known as agent). Now your application should be capable to communicate with your server or vice-verse.
I am 100% agree with adamk as he said "Remote controlling your application remains exclusively your responsibility - the Android framework does not provide (or enforce) any solution for that."
And Android gives your this feature too, as adamk said to use C2DM, he was right but now C2DM is deprecated, and GCM has been introduced, “a service that helps developers send data from servers to their Android applications on Android devices.” The service can send a message of up to 4 kb to an application on an Android device, most often to tell the application to retrieve a larger set of data. GCM will now handle all queueing and delivery for messages to Android applications.
You should read how to use GCM, and you can find sample code too. Download GCM Android Library from SDK Manager
and check android-sdk/extras/google/GCM directory
After establishing successful communication between your agent and server, evaluate msg in agent sent by server and perform desire action (lock/ wipe). This is again up to you how you define your message payload and how you handle those payloads in agent application.
Here is an article about Android MDM.
Happy Coding :)
You can use DeviceAdmin to gain privileges for managing the Lock preferences and performing device wipe (among other stuff).
(The user must add your app as a device administrator beforehand)
Remote controlling your application remains exclusively your responsibility - the Android framework does not provide (or enforce) any solution for that.
You may want to consider using Google's C2DM API, which is a convenient push mechanism.
As mentioned in the above answer, DeviceAdmin API can help. If you are using an Android device, you might know about the Android Device Manager (the web-based version) which allows you to manage your device. Basically, you can track, locate, lock, and wipe your device, some of the basic features of an MDM solution. So, in coding (though I am not a coding expert), you need to get access to the Device Manager (I guess, using some listener codes, or notification access).
Apart from this, MDM allows creating policies and groups of users (which would be a part of the coding in the app itself), then pushing the command over the internet (or OTA) to the connected device.
MDM also allows managing Apps and Data on the device, for which, you need the app to get access to the internal as well as external device storage.
Hope this helps. Good luck creating your MDM software
I'm writing an Android app that communicates via HTTPS with a server application. On the server side, I have to be absolutely sure about the Android app's integrity. This means that the server app needs to be sure that it's communicating with the Android app that I developed and not with a re-written one (e.g. after decompiling the original app or after having rooted the device).
Is there a possibility to ensure that? Maybe there is a possibility with the signature of the apk file?
Any hint is appreciated.
Regards,
Peter
You are trying to address a known problem:
You can never trust an application on an open device (mobile phone, desktop computer). In order to trust it, it should be tamper proof. An example of such device is a SmartCard. Mobile devices are certainly not it.
You should never send data to device that user is not supposed to see. The implication of this is that all business logic must be done on the server.
All requests to the server should be authenticated with user's credentials (username/password) and made via a secure protocol (HTTPS/SSL).
No way. Whatever is in user's hands, is not yours anymore. Even if you somehow manage to transfer the APK to the server for validation, nothing prevents the hacked program send an original copy to the server.
In order to validate that your software is running, the client devices need to be able to provide remote attestation services, which is one of many piles of acronyms in the TPM world. I found that someone has been working on providing TPM services, including IBM's IMA, which is almost good enough for what you want.
Details here: http://www.vogue-project.de/cms/upload/vogueSoftware/Manual.pdf (Google Quickview).
Of course, this is emulating the TPM, and requires patching the Android kernel. But perhaps one of the various manufacturers would be willing to build a model with the TPM hardware included for you?