Google Provides Open Source Platform for Beacon Security



After an initial splash, news about beacon technology has been fairly quiet recently, but last week an advancement was announced that will support easier access to privacy and security capabilities on this unique technology.

Beacons are sometimes misunderstood – thought to collect or retain data on nearby people, or able to track smartphone movements without their owner’s awareness. In fact, they only transmit, never collect, data. And location tracking is possible ONLY if you have given that specific app permission to use your phone’s location functions, and if you have your Bluetooth access turned on. You can control this on your phone’s setting, and you can deny an app access to contact you via notifications.

The use of low-powered beacons has spread slowly and steadily – in stores, museums, airports or other spaces that set up a device that broadcasts a unique code. If your phone has Bluetooth turned on and you download the particular app for that location, and then you allow permission to use Bluetooth and location, the app can detect that beacon. By determining the location of your phone, the app then enables features.

Beacons positioned near an airport security checkpoint might trigger your airline’s app to show your boarding pass. A beacon in a museum might signal the museum app to show information about the artist of a painting you’re looking at. Retail-store beacons may help users locate products or indicate sale items. Beacons are inexpensive, simple to deploy and are supported by most mobile operating systems.

Since their introduction on a broader scale, retailers, shopping centers, public attractions, airports, and sports arenas have explored how to use beacons in many new and different ways. As consumers become more familiar with the advantages, they have grown to enjoy the benefits of a more personalized experience.

However, one continued challenge to a broader array of applications for beacons is that of security. They work well for a standardized response triggered by a general member of the public who enters their zone, but greater protection in general applications has been limited when needed to protect information to allow for an individualized response. Since unencrypted beacon signals are also susceptible to long-term tracking, this security shortfall has limited the pace of their increased use.

Last week, however, Google announced an offering of an open-source platform with the rollout of Eddystone-EID. Per the design team, other companies may have similar technologies, but they are proprietary without easy transparency into the process for how the encryption is achieved. This is where Eddystone-EID shines, since the technical specifications are open-source.

According to Google’s statement :

“Eddystone-EID enables a new set of use cases where it is important for users to be able to exchange information securely and privately. Since the beacon frame changes periodically, the signal is only useful to clients with access to a resolution service that maps the beacon’s current identifier to stable data. In other words, the signal is only recognizable to a controlled set of users.”

Google has developed the entire suite of Eddystone platforms as open source technology; they are available on GitHub. This newest addition – EID – turns the beacon-to-app-enabled phone into an encrypted, moving target. If another phone in the area doesn’t have the shared key, the EID representation is just gibberish. With the new tools, the exchange can’t be tracked or spoofed, and there is also access to safety features such as proximity awareness, device authentication, and data encryption on packet transmission.

Now, in addition to being able to find your way around the airport, you will be able to track your luggage without anyone else knowing which bag is yours. During sporting events, the facility can communicate with individual patrons in the “nosebleed” sections to offer them better seats, when available. A UK company will use this to offer subscribers personalized commuting information.

Introduced along with other new offerings – Beacon Tools, and Eddystone GATT-Service – this new open-source platform for secure encryption practices represents for an important moment in beacon technology for the increased security and protection of personal data.