Security - Honeywell CNI4 Operating And Installation Manual

3 Safety

3.3 Security

Using MasterLink R510.1, the CNI4 device can be configured through the following interfaces:
Serial (using MasterLink desktop application)
Bluetooth (using MasterLink mobile application)
Cellular (using MasterLink desktop)
To start using MasterLink Application, Administrator must be registered using the license key provided by
Honeywell. MasterLink administrator can create roles with access permissions and assign roles to
different users. With this role based access mechanism, a user is restricted to the operations that are
associated with assigned role.
A valid user name and password are required to access the MasterLink application, and a valid user ID
and access code are required to sign-in to the Cloud Link 4G Modem.
For bluetooth communication with the CNI4, the Cloud Link 4G Modem uses Just Works pairing method.
In order to connect a Cloud Link 4G Modem with MasterLink mobile app, you need to perform a bluetooth
pairing first. That said, from the security standpoint, it is advised to disable the bluetooth interface and
use the serial interface for configuration, to avoid malicious user configuration changes.
Every Cloud Link 4G Modem device has a unique IMEI and RUID numbers. RUIDs are used to identify a
device using MasterLink desktop application.
The CNI4 supports white-listing of cellular communications. You can configure up to 10 host IP
addresses for the device to allow specific hosts in case of host initiated call outs.
For communication over a cellular interface, the Cloud Link 4G Modem can use SSL/TLS 1.2 certificates
for mutual authentication and secure connection. The following certificates can be loaded for secure
communication over a cellular interface.
Client Certificate - A client certificate is a type of digital certificate that is used by client
systems to make authenticated requests to a remote server.
Server Certificate - Server certificates or SSL certificates are small data files that digitally bind
a cryptographic key to an organization's details.
Private Key (Encrypted) - The private key is used to decrypt the information and restore it to its
original format so that it can be read.
CA Certificate - A Certification Authority (CA) is a trusted entity that issues electronic
documents that verify a digital entity's identity on the Internet.
All files transferred to an Android device for use by MasterLink Software must be deleted after use to
ensure that there is no data loss / leak. It is recommended to keep the Android phone or iPhone used for
MasterLink Software updated with the security patches released by the respective platforms.
It is also recommended to enable SSL for secure communication with MasterLink Software R510.1.
Honeywell
| 6