User Identification (Auth ID)
The 2N® Mobile Key application authenticates itself with a unique identifier on the intercom side: Auth ID (128-bit number) is generated randomly for every user and paired with the intercom user and its mobile device.
- The generated Auth ID cannot be saved in more mobile devices than one. This means that Auth ID uniquely identifies just one mobile device or its user.
You can set and edit the Auth ID value for each user in the Mobile Key section of the intercom phone book. You can move Auth ID to another user or copy it to another intercom. By deleting the Auth ID value you can block the user's access.
Encryption Keys and Locations
The 2N® Mobile Key – intercom communication is always encrypted. 2N® Mobile Key cannot authenticate a user without knowing the encryption key. The primary encryption key is automatically generated upon the intercom first launch and can be re-generated manually any time later. Together with AuthID, the primary encryption key is transmitted to the mobile device for pairing.
You can export/import the encryption keys and location identifier to other intercoms. Intercoms with identical location names and encryption keys form so-called locations. In one location, a mobile device is paired just once and identifies itself with one unique Auth ID (i.e. a user AuthID can be copied from one intercom to another within a location).
Pairing means transmission of user access data to a user personal mobile device. The user access data can only be saved into one mobile device, i.e. a user cannot have two mobile devices for authentication, for example. However, the user access data can be saved into multiple locations in one mobile device (i.e. the mobile device is used as a key for more locations at the same time).
To pair a user with a mobile device, use the user's page in the intercom phone book. Physically, you can pair a user locally using the USB Bluetooth module connected to your PC or remotely using an integrated Bluetooth module. The results of both the pairing methods are the same.
The following data is transmitted to a mobile device for pairing:
- Location identifier
- Location encryption key
- User Auth ID
Encryption Key for Pairing
An encryption key other than that used for communication after pairing is used in the pairing mode for security reasons. This key is generated automatically upon the intercom first launch and can be re-generated any time later.
Encryption Key Administration
The intercom can keep up to 4 valid encryption keys: 1 primary and up to 3 secondary ones. A mobile device can use any of the 4 keys for communication encryption. The encryption keys are fully controlled by the system administrator. It is recommended that the encryption keys should be periodically updated for security reasons, especially in the event of a mobile device loss or intercom configuration leak.
- The encryption keys are generated automatically upon the intercom first launch and saved into the intercom configuration file. We recommend you to re-generate the encryption keys manually before the first use to enhance security.
The primary key can be re-generated any time. Thus, the original primary key becomes the first secondary key, the first secondary key becomes the second secondary key and so on. Secondary keys can be deleted any time.
When a key is deleted, the 2N® Mobile Key users that still use this key will not be able to authenticate themselves unless they have updated the encryption keys in their mobile devices before deletion. The mobile device keys are updated at every use of the 2N® Mobile Key application.
List of Parameters
- Location ID – set a unique identifier for the location in which the selected encryption key set is valid.
- Export – push the button to export the location ID and current encryption keys into a file. Subsequently, the exported file can be imported to another device.
- Import – push the button to import the location ID and current encryption keys from a file exported from another intercom.
- Restore primary key – by generating a new primary encryption key you delete the oldest secondary key. Thus, the 2N® Mobile Key users that still use this key will not be able to authenticate themselves unless they have updated the encryption keys in their mobile devices before deletion. The mobile device keys are updated at every use of the 2N® Mobile Key application.
- Delete primary key – delete the primary key to prevent the users that still use this key from authentication.
- Delete secondary key – the 2N® Mobile Key users that still use this key will not be able to authenticate themselves unless they have updated the encryption keys in their mobile devices before deletion. The mobile device keys are updated at every use of the 2N® Mobile Key application.
- Pairing PIN validity – set the authorisation PIN validity for user mobile device pairing with the intercom.
- In the case of loss of a mobile phone with access data proceed as follows:
- Delete the Mobile Key Auth ID value for the user to block the lost phone and avoid misuse.
- Re-generate the primary encryption key (optionally) to avoid misuse of the encryption key stored in the mobile device.
- With the upgrade to version 2.30, the bluetooth modules will also be upgraded. When downgrading to version 2.29 and lower, they may malfunction.