AT+i Programmer's Manual - SE Spezial-Electronic AG
AT+i Programmer's Manual - SE Spezial-Electronic AG
AT+i Programmer's Manual - SE Spezial-Electronic AG
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Firmware Version: ~RP1~<br />
<br />
<br />
Serial Number: ~RP5~ <br />
Hardware Version: ~RP0~<br />
<br />
<br />
26.10 Security and Restrictions<br />
iChip Embedded Web Server<br />
The authorization to view and update iChip‘s configuration parameters, firmware, or<br />
application website via the web can be password-protected using the <strong>AT+i</strong>RPG parameter<br />
(Remote Parameter Group/Password).<br />
When the RPG parameter in an iChip device contains a value, it is considered a password<br />
that restricts remote iChip parameter viewing/updates. By default, iChip‘s configuration<br />
site can be viewed (browsed), unless the Security Disable Mode (SDM) bit 3 is set, in<br />
which case the user is authenticated by submitting the RPG value. To enable remote<br />
updates, a distant user is always authenticated by submitting that value. The iChip<br />
configuration site includes an authentication form that automatically pops up on the<br />
remote browser when parameter updates are attempted. The password submitted through<br />
this form must match the actual value of iChip‘s local RPG parameter. Otherwise, remote<br />
value updates are rejected.<br />
iChip uses the industry standard SHA1 algorithm to authenticate the remote user.<br />
According to SHA1, the password typed into the authentication form is not literally<br />
communicated back to iChip. Rather, a SHA1-encrypted token is transferred. To achieve<br />
this, iChip‘s web server sends a JavaScript, which calculates SHA1 encryption at the<br />
browser end together with the authentication form. iChip also issues a different random<br />
number, used as part of the encryption key, each time authentication is required, to<br />
eliminate the possibility of impersonation based on eavesdropping to a legal<br />
authentication session.<br />
If the RPG parameter is empty (<strong>AT+i</strong>RPG=‗‘), remote iChip configuration parameter<br />
update is fully restricted. In other words, it is not possible to update configuration<br />
parameter values using a remote browser. Conversely, if the RPG parameter contains an<br />
(*) character (match any), the configuration parameters can be updated freely, without<br />
requiring authentication at all.<br />
The Parameter Tags defined in the application website are secured from remote updates<br />
in the same manner as the iChip configuration parameters. In this case, the authentication<br />
password is stored in iChip‘s local parameter WPWD (Web Password). If the WPWD<br />
parameter contains a value, a remote user needs to issue this value as an authentication<br />
password in order to gain update access to the application level Parameter Tags. Like in<br />
the case of the RPG parameter, if WPWD is empty, application level Parameter Tags are<br />
fully restricted, whereas when WPWD contains an (*), updates are unrestricted and<br />
authentication is not required.<br />
When authentication is required, iChip‘s web server automatically issues an<br />
authentication form to the remote browser in response to an attempt to update Parameter