• ...creativity never sucked... otherwise we would not have this communication... because I'm not sure if the person of post #6 and #7 are the same... and you would have to go to a trustworthy place and cable connect your phone for an update... I though get your concern. Device ID and (asymmetric - public/private) encryption could help here, and Espruino includes encryption... Microchip has I2c connectable secure devices - using same protocol as serial memory - that can help with that.

    Since your requirement is not OTA, which I assume means: I can touch my device at the update attempt/event, you can 'enter a code' to accept update request on your puck - for example, sequences of short/long presses of the built in button like Morse Code - that only you know as told by the updating device/apparatus/mechanism. The code is randomly generated by the the updating device/apparatus/mechanism, displayed to you, entered on the puck by you and communicated from puck back to the updating device/apparatus/mechanism while in connected mode. This is about as safe it can get and and the implementation of near absolute authentication concept (you may need to go into a Faraday's cage to really really really make sure that no one close by will jump in after authentication with overpowering RF and take the update process from there...).

    I'll made a RFU to @Gordon to implement a secure feature in Web IDE and Puck to implement a version of above like this: update will not happen until such code is 'entered' on Puck, displayed in IDE, and confirmed by 'operator' in IDE. ...which makes the operator('s brain) the security/encryption device... (inspired by make-your-bluetooth-low-energy-iot-device-more-secure).

About

Avatar for allObjects @allObjects started