p and usage-based services, either through an app or

p { text-indent: 0.51cm; margin-bottom: 0.21cm; direction: ltr; color: rgb(0, 0, 0); line-height: 95%; text-align: justify; orphans: 2; widows: 2; }p.western { font-family: “Times New Roman”,serif; font-size: 10pt; }p.cjk { font-family: “MS Mincho”,”?? ??”,monospace; font-size: 10pt; }p.ctl { font-family: “Times New Roman”,serif; font-size: 10pt; }a:link { }

F. Privacy and Security
Issues

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Recent press coverage has
highlighted fears among some consumers about beacons “tracking your
every move.” In reality, typical beacons do not collect data since
they are one-way devices—they only broadcast.

They do however, provide the
ability for a smartphone to know when it’s near a known beacon, and
in some cases (if the beacon is stationary), the smartphone might
have access to information about the location of that beacon. The
smartphone translates this information to provide location and
usage-based services, either through an app or in the case of the
Physical Web, with contextually-relevant search results.

It’s important to note that
the same smartphone can provide the same services based on GPS,
Wi-Fi, or cell towers, so beacons are not exposing new concerns, just
making them more widespread through their success. In all cases,
smartphone users can simply enable or disable proximity services in
their settings.

Similarly, concerns have been
raised about beacons creating added security risks for IT systems.
But this again implies capabilities that most beacons do not have.
The typical beacon is a standalone device with no connection to any
other network, wired or wireless.

However, some beacons are
designed with infrastructure network access which allows for central
management of a beacon fleet. In these cases, the beacon manufacturer
provides the same level of tamper security as they would for any
other device attached to their IT network. On the beaconing side, the
beacon’s data is, by design, broadcast for all to hear so does not
necessarily need to be encrypted or protected in any way.

In beaconing applications
where proximity to the beacon may have tangible value, such as reward
points for example, the beacon OEM will implement additional
safeguards against beacon spoofing. Without them, spoofed beacons
might fool the system into crediting events too often or to the wrong
person. The safeguards could include simple timestamps for each
proximity event with a test for an improbable or unanticipated
frequency, the use of ephemeral IDs, or the use of randomized
security keys, generated with each proximity event and validated by
the back-end system.

G. Security for Device
Management Functions

In general, Bluetooth
security isn’t a concern with beacons since by definition they are
broadcast devices with the intent that any listener can receive the
data.

But if the device includes
other internal services like device management functions, then those
services might be protected and require authentication before
allowing access. In those cases, the beacon will use the security
features built into the Bluetooth protocol (i.e., pairing,
authentication, encryption, etc.) and other security measures
implemented by the beacon OEM such as strong password protection.

The most common device
management functions are used to configure the beacon during the
provisioning, and access to those services may be limited to a short
window of time after the device is reset. After the access window
expires the device becomes a normal broadcast beacon and no longer
advertises its internal services.