Information Security Model

This page describes the technical aspects of security regarding some of the major entities in our APIs. In case you find any situation (possible attack scenario) which doesn’t conform to this document, please notify us immediately. The purpose here is pure technical, for a legal text go to our privacy policy.

Controls

An API operation (read, list, create, etc.) can be:

Generics

Resources

Application

This entity represents the measurement application you develop.

All operations on an existing application is restricted-to-partner. This includes:

Operation Intention Note
Enumerate admin-only -
View restricted-to-partner -
Create restricted-to-partner -
Modify restricted-to-partner -
Delete admin-only -

License

This entity represents an allowance to use Notch sensors.

Operation Intention Note
Enumerate restricted-to-partner Must list only licenses that were purchased by the given partner.
View restricted-to-license -
Create restricted-to-partner Creating = purchasing a new one.
Modify restricted-to-partner -
Delete restricted-to-partner -

Activation

During activation the Notch sensor is authorized to make measurements with a given license key. This is a code exchange process initiated by our SDK.

Operation Intention Note
Enumerate restricted-to-partner -
View restricted-to-partner -
Create restricted-to-license -
Modify admin-only -
Delete admin-only -

License Network

Here is the sensor network represented (how devices communicate). This entity is managed by our mobile SDK.

Operation Intention Note
Enumerate admin only not supported operation
View restricted-to-license -
Create restricted-to-license -
Modify restricted-to-license -
Delete restricted-to-license -

Notch Device

This one is tricky, as it’s not represented on our public API, but some details must be available to the measurement SDK. The following details are unrestricted:

In some cases we want to hear about the sensor status. Re-reporting calibration data is restricted-to-license.