The Moniott solution helps companies track where their mobile assets, such as machinery and manufactured goods, are at any given time. Indoors and on the road. We designed a solution with which we defined the technical architecture to make it a true Real Time Monitoring solution. By leveraging the power of AWS and keeping everything in the Cloud, we ensured minimal IT overhead.

 

 

A key decision was to choose a serverless approach to ensure maximum scalability. Further security was ensured by using AWS Cognito and a huge amount of data ingestion we ensured by connecting AWS IoT service to the login level, Amazon Kinesis to ensure streaming consistency.

 

Moniott Smart Business logic and ETL is done using .NET Core AWS Lambdas. All data ends up in a mix of DynamoDB and RDS, to keep data costs as low as possible while still providing real-time OLAP functionalities. We saw ELT processes with AWS Glue and AWS Athena as a full-fledged OLAP. In addition to an available REST API to integrate the platform with third-party solutions or mobile apps, we built a rich Angular web application.

 

On top of that, we built a bespoken JIRA Service Desk solution that provides full 24/7 support for Moniott and its end customers, ticketing solution and phone service.

The components Security Overview

 

Tags

 

Data is advertised using the standard BLE ad format as described in the Bluetooth specification. Part of the ad frame of the payload is proprietary. The data generated consists of the encrypted cryptogram encoded with AES 128, in which all sensitive information (sensory data) is stored. The cryptogram is also protected against spoofing attacks and replay attacks using random byte paddings and counters. This ensures that if the data is captured, it is unusable by the attacker. Decryption of the data is never done locally and is always forwarded to the platform.

 

BLE Locators

The BLE Locators scan for BLE data packets and forward them to the platform. The firmware on the Locator devices is secured via code-signing and secure-boot, so only Moniott firmware can be flashed. Our BLE Locators communicate with the platform using TLS 1.2 encrypted MQTT messages. All communication between the Locator and the platform is encrypted by the X.509 certificate and each device is identified with a unique X.509 certificate, so that in the event of an unlikely certificate breach and extraction from the device, it can be safely isolated.

Moniott data entry point to the platform is implemented using AWS IoT service, which is based on an MQTT protocol with TLS encrypted communication. Each Locator device is provided in the platform with a unique Client Identifier and a specific X.509 certificate to handle all device-side communication. X.509 certificates are issued by the AWS IoT service itself, making the CA directly monitored and maintained by Amazon. All data is stored encrypted in Amazon's RDS and Dynamo DB services, with limited and controlled access to these environments.

 

APIs

Communication from UI, mobile apps or third-party integrators takes place via the REST API, exclusively under TLS communication transport, e.g. HTTPS. Individual clients are authenticated and authorised to the platform in the form of requesting and obtaining unique JWT tokens, with a time limit of 1 hour. This ensures that only authorised user data can be obtained.

 

Specs of the sensor:\

 

General

- Battery reference: CR2032 - 210 mAh battery with insulating pull strip

- Battery life: Up to 5 years with transmissions every 5 seconds (battery replaceable)

- Transmission range: Up to 15 m / 590.55″ (-5 dBm; RSSI @ 12 m / 472.44″ = -100 dBm)

- Location accuracy: Depending on available Wi-Fi and Bluetooth() infrastructure

- Temperature accuracy: Accuracy of +/- 2°C / 35.6°F

 

Physical

- Dimensions: 38 mm / 1.49″ x 24 mm / 0.94″ x 5 mm / 0.19″

- Colour: Housing in white

- Housing: ABS, highly durable automotive composite structures

 

Chemical and mechanical

- Operating temperature: -10°C to +60°C / +14°F to +140°F

- Heating for 10 seconds: +85°C / +185°F

- IP65: Resistant to salt water, salt spray, acetic acid water, carbonated sodium water, sweetened water, ethylene glycol, 95% humidity (50°C / 122°F, 24 hours)

 

Environmental and chemical properties

- Certificates: BLE, CE, FCC, ISED, RoHS & Reach compliant (www.conflictfreesourcing.org)

 

Start monitoring and locating your assets

 

The locator/receiver

 

The BT-L1 is pre-configured, works straight out of the box and includes remote management (OTA). Based on BLE MAC address prefixes or BLE manufacturer IDs, the locator listens only for relevant BLE broadcasts, reducing overall network traffic.

 

After picking up BLE broadcasts, the data is securely transmitted to the Moniott Cloud via the built-in 10/100 Mbit/s Ethernet port or 2.4 GHz Wi-Fi.

 

The firmware on the BT-L1 is protected via code signing and secure boot. Communication between the locator and the Cloud is via the MQTT protocol, secured by a TLS tunnel layer. In addition, authentication and encryption are performed via X.509 certificates, which are individually assigned to each device and linked to the platform. That way, you can safely isolate devices in the unlikely event that certificates are breached.

 

The device is powered via USB or PoE and is fully configurable via the Remote Insights Platform (OTA).