I am designing a multi-purpose smartcard system using Mifare Desfire EV2.
I wonder if I have to share the master key with different usage managers, i.e. the door control manager, the food service manager if the card is used to pay the meal...
Is the card master key mandatory to read data on card applications ?
Thanks for tour help and happy Easter !
It's called MiSmartApp which is basically a framework if I am correct. But even if I am wrong with that, you don't have to share the master key.
Related
We want to add DRM encryption in our content and want to know if its actually feasible to have our own DRM server or should go with third party ? Also if feasible can we implement all 3 fairplay, playready, widevine ?
It is feasible in theory - companies have done that. It is, however, quite a lot of work... think about:
User authentication: is user XYZ a valid subscriber, whatever that means?
Entitlement management: does user XYZ have a right to access movie "The Hangover"? And if so, is it for a limited time? Are they allowed to view it in 4K? Can the output go via HDMI and if so, which HDCP version? Etc... All these things are spelled out in the studios license agreement, and therefore need to be enforced.
Keeping the server key material up to date: keeping the various server certificates up to date by dealing directly with Apple, Microsoft, Google; ensure reasonable key rotation, etc.
Interfacing with media encoders: you probably have a streaming server powered by an encoder (AWS Elemental, Harmonic, Bitmovin, etc.), which means you need to ensure the license servers share key material with the encoder, so that the stream gets protected with the correct key. Again, think about key rotation, especially for live events.
I could go on for a while, but this should give a hint of the extra effort involved when running it by yourself as opposed to licensing a pre-packaged multi-DRM solution.
Due to hardware restrictions, we are unable to retrieve the current status of many of our lights (their color/brightness/etc.).
In the QA test cases spreadsheet found here, at the bottom under Deploying, a number of QUERY intents are listed to be tested. Does this mean our Smart Home application will not be able to pass certification?
Thank you for reading.
There is some expectation from the user to know the status of your their house at any time. If you cannot retrieve the state directly from devices, you should be able to use your cloud provider to store a virtual equivalent of the device. Then instead of querying the device directly you can return the state of the virtual device.
If anything, just try to be honest with the review team and they will keep certain limitations in mind.
When submitting for review make sure you provide them with a perfectly working test environment. So if some of your lights don't function like you want them to and you can't get their info, don't provide them for testing.
I'm not familiar with the review process of Smart Home applications but if you provide the review team with the right information of which hardware is and isn't supported I'm sure they won't straight up reject your application for it.
I am working on IBM Watson IoT platform. I wish to understand how I can view my meta data attributes related to ALL devices registered in the platform, on the platform dashboard (not per device or device type)
you can do that : go to you watson iot dashboard ,
1_ go to Boards.
2_ choose one board or create new one ( I recommand the device centric analytics
3_ click on add new card and choose linechart
4_then u ll have to select your devices types that u want to visualise ( select them all in your case ) and then enter data properties name u wish u visualize. u ll see them all in one line chart.
if you want to see them in seperate linecharts on the same board. add different linechart.
If this help u please confirm it by cliking the "green tick"
I am afraid that this is not possible at this point in time.
The metadata that is defined at the Device Type level is used a template when creating a Device of that type. However, the user has the ability to completely override this metadata at Device creation time. As a result, the metadata on every single device registered with the platform could be unique. For a single Org, this is a potentially huge number of devices spread across multiple device types.
Providing support for this functionality would be possible, but it is a new requirement. Please could you raise an enhancement request for this functionality?
I try to send a push notification using ionic cloud, but Google now requires a restriction key . I don't know how to get key restriction. Please help me.
Update: There is now a visible note in the GCM docs saying:
Starting from Sept. 2016 new server key can only be created in the Firebase Console using the Cloud Messaging tab of the Settings panel. Existing projects that need to create a new server key can be imported in the Firebase console without affecting their existing configuration.
There have been recent changes with regards to the Google Developers Console interface when generating an API Key. Before there used to be a part where you have to select what type it is (Server, Android, iOS, Browser keys). But now, it automatically creates then you can simply select the type of restriction you want, depending on where you'll use the key.
I haven't tried using Ionic before, but I think it's pretty much the same where you'll use the API key (in this case, the Server Key). Simply set the correct server IP Address in the IP address whitelist and try again.
Do keep in mind that adding restrictions are highly encouraged for your security against unauthorized use and quota theft (seen as a warning for API keys with no restrictions).
See my answer here for more details.
So after MUCH research online, I'm coming to the one place I know someone will be able to help me!
We have a site that WILL accept credit card payments via PayPal's Classic API. More specifically, we'll be accepting credit cards for recurring payments. I know I have to be PCI compliant, and after speaking to PayPal today, I have been told (in writing) that:
"Once your account has processed over 20 transaction in the last 3 weeks (or 100 in a year), you will be able to register with Trustwave to become PCI compliant."
AND that I
"do not need to prove your compliance before reaching these levels"
Not sure what it is, but something doesn't sit right with me. Mainly, that I think I should be PCI compliant from the get-go. I think what they're saying is that I won't need to prove anything until then, but that I should be PCI compliant.
If anyone could give me a bit of guidance on this, it would be great. Here's a little bit more about our situation:
We will not store ANY customer card details on any system we run.
We send the details to the PayPal API by a regular old HTML POST form.
Recurring payments don't allow for a hosted solution by Paypal, so we are required to do it via our own form.
I'm sure I'm missing something here, but know that someone here will have had experience/be able to point me in the right direction!
Cheers guys!
You do indeed fall under PCI requirements immediately as a web page in your environment captures card-holder data and then transmits (the key term) it to PayPal. PCI/DSS does not have a volume threshold below which it does not apply.
Perhaps the thing that doesn't feel right is that they are happy to brush off any and all responsibility for your PCI compliancy by presenting the option of signing up with "Trustwave" whom I guess will present you with a SAQ to fill in and then take care of your quarterly scans.