Wifi Porter Security
Wifi Porter & Porter Hospitality local management mode
Data Privacy
During the initial Wifi Porter setup process, you are asked to enter your network credentials into the iOS or Android app. Both applications are carefully architected to keep this information on your phone and under your control. Each app uses the information only to program the One-Tap Wifi, and then create the QR code. The information is discarded afterward. If you wish to use the mode labeled 'Install Wi-Fi profile', please read the section below labeled 'Second optional mode security characteristics'.
Porter Hardware Lock Security
Wifi Porter allows its One-Tap Wifi information to be locked after programming. The lock mechanism protects Wifi Porter against attacks involving malicious modification of data on the device. This option is presented during setup when using an Android or iOS phone. We recommend enabling this option for situations where the Wifi Porter is used in public. A passcode will be generated and stored on the programming phone. The code may be transferred manually to other phones, and will be backed up to google drive or iCloud if you have automatic app backups enabled. A locked Wifi Porter can not be reprogrammed without this code, so take care when choosing to lock your device, and please record the code in a safe place.
One-Tap Wifi Support for iOS
Security characteristicsWifi Porter offers limited One-Tap Wifi support for 2018 or later iPhone devices. The default mode (labeled 'Send password to iPhone clipboard') stores the network credentials on the Wifi Porter. When the device is tapped, a small html document is downloaded to the phone using the phone’s data connection. The document is able to read the credentials and offer them to the user. The credentials are never transmitted from the phone, and are not stored on a server. This mode is recommended for all use cases.
A second optional mode (labeled 'Install Wi-Fi profile') comes with security implications you should be aware of. If you choose to enable this feature, your network information is encrypted and stored anonymously on a Ten One Design server. A decryption key is generated and subsequently stored in your Wifi Porter. The key is permanently deleted from the server. When the Wifi Porter is tapped by a compatible iPhone, the decryption key is sent to the Ten One Design server where it is used to decrypt the network information, after which the key is discarded once again. The server generates a server-signed Wi-Fi configuration profile using your network information and sends it securely to the iPhone. No sensitive data is logged during the transaction.
Security architecture attributes for the optional 'Install Wi-Fi profile' mode:- Your network information is encrypted and stored anonymously on an external server.
- The key for decrypting this data exists only on your Wifi Porter.
- Hashing and salt is applied responsibly to protect the data on the server.
- Stored data is anonymous and never assocatiated with a location, only a random id token.
- Physical access to your Wifi Porter is sufficient to retrieve your network information from our server.
- Network information may be stored on a server you control instead. Contact info@tenonedesign.com for guidance on best practices.
Porter Hospitality enterprise management mode
Data Privacy
Your network credentials are encrypted on your phone using key material known only to you, cryptographically signed, and then stored on a remote server. Key materials for decrypting an authenticating the credentials are then stored to your Porter device. Your data is protected at rest on the remote server, and may only be accessed by a guest’s phone when interacting with the Porter device. Throughout this process, key material is never sent to or handled by the remote server.
Porter Hardware Lock Security
Porter Hospitality enterprise managment mode automatically protects the device against attacks involving malicious modification of data on the device. This security mechanism is applied automatically, and the data required to unlock your Porter device is stored in your account for safekeeping.