Today Predix provides UAA authentication provider which is 1-factor authenticator. In the modern IT world, where data resides on publicly accessible cloud, 2-factor authentication is a standard widespread mechanism to better secure application and data behind it. You must have experienced a 2-factor authentication when you were asked to enter a pin messaged/emailed to you or click on a link from an email confirming your identity. We built a 2-factor authentication provider and application commander which can be used to authenticate into Predix web, mobile or machine (Intel Edison, Raspberry PI) applications. In addition to the 2-factor authenticator, our solution provides rich visual interface from smartphone to application which may come in very handy when communicating to machine enablers (Intel Edison, Raspberry PI) that don’t come with such interface out of the box.
What it does
- Two factor authentication using Bluetooth and Touch ID for any Bluetooth enabled device.
- Execute commands on the logged in application using messages sent from smartphone via Bluetooth connection.
How we built it
- We used following technologies: nginx (API gateway), Predix UAA, redis, Predix machine, Objective C, Java Micro-services on Predix
- The first step is to have user login to UAA, the authorized request (gained in the first step) is then forwarded to 2nd factor API gateway (which loads the page to enter the pin/code for secondary authentication); this code can be injected by the BLE (bluetooth) agent to the loaded page from smartphone, which upon success redirects the handler to the application.
- User now can execute commands using the smartphone app via BLE(bluetooth)
Challenges we ran into
- Integrating iOS core code with Intel board, specifically Intel’s XDK IDE did not deploy well on iOS or Android devices
- Domain knowledge of APM
- UAA redirect logic
Accomplishments that we're proud of
- We were able to build end-to-end authentication provider and commander for both iOS and Mac OS in one day
- We got Predix’s Machine SDK installed on Intel Edison, connected to Predix APM
What we learned
- Injecting bluetooth messages to various devices
- Being patient and persistent in trying to get it done trial after trial when number technologies failed
- Predix APM APIs
- Build agents for additional platforms to enable OneThouch app we built on various platforms
- Dynamic generation of the PIN code
- iOS oneTouch custom application with bluetooth enabled
- Mac oneTouch application with bluetooth enabled
- Access the application with custom one factor application https://t3-predix-seed.run.aws-usw02-pr.ice.predix.io/