The MinFarm API and Dashboard Allows Customers to Easily Integrate MinFarm Products Using The MinFarm Optimized Satellite Protocol Architecture With Their Private Networks to Control and Manage Field Device Deployments Over LoRaWAN® and Satellite. (Download the API documentation).
MinFarm API and Dashboard Overview
The MinFarm API and Dashboard can be installed on a customer network or accessed securely on the cloud (see security architecture below) and presents customer network applications with the following functionality for managing field device deployments using LoRaWAN, Satellite and SCADA devices:
- LoRaWAN® device allow-list management over satellite (what devices can send uplinks)
- CCTV image capture parameters (camera selection, compression levels, edge AI settings, edge storage database searches, image trigger events, image uplink scheduling)
- Satellite terminal and satellite teleport ‘Mailbox’ configuration
- Remote device firmware updates over satellite (firmware updates, security patches)
- Unpacking of field device payload data (LoRaWAN® sensors and SCADA devices)
- Forwarding options for payload data and images to HTTPS (with authentication), LoRa Basics Station forwarding to existing customer LoRaWAN® Network Server infrastructures and SCADA servers
- Downlink configuration commands to LoRaWAN® sensors and SCADA to LoRaWAN® converter nodes (e.g. change alert configurations on a sensor)
MinFarm Security Architecture
The MinFarm API utilizes a defense in depth security architecture with options for complete data autonomy with Customer-Managed Encryption Keys (CMEK) and an option for the private hosting of all network components. Below is a typical data flow diagram with important terms explained.
MinFarm API Server
The MinFarm API Server is provided in two formats:
- A fully managed cloud service from MinFarm (Configuration 1)
- Self-hosting of the Server within the customer's own network (Configuration 2)
Configuration 1: The MinFarm API is located on the MinFarm Server. The MinFarm Bridge Server is hosted on the Cloud. The MinFarm API uses OAuth 2.0 authentication. OAuth 2.0 does not share password information, but gives the user a token, known as a Personal Access Token (also called a Bearer Token), which allows access to a Scope, or access capability, within the API. The MinFarm API supports four types of Scope: Read, Write, Manager, and Firmware. Read is the most basic Scope allowing for Read only access, and no editing. The Write Scope allows for editing. While the Manager Scope contains full range of access. The Firmware scope is for transferring firmware to connected devices. The Personal Access Token is generated via the MinFarm Dashboard.
Configuration 2: The MinFarm API is located on the MinFarm Server which is hosted within a customer network behind the customer’s firewall. The MinFarm protocol retrieves the satellite data from the IDP Mailbox by polling the Teleport’s Secure REST API. The Customer Firewall only needs to allow outgoing https requests to this endpoint.
End to End Transport Encryption
The encrypted data is transferred over the Satellite Link using an end-to-end encrypted tunnel between the MinFarm Edge Device and the MinFarm Server. This provides:
- Confidentiality (an eavesdropper cannot view the data as it is transferred over the S
- satellite link)
- Integrity (the data transferred over the satellite link has not been tampered with)
- Authentication (the data transferred over the satellite link originated from the specific MinFarm Edge Device)
Secure Edge Storage
Data can be securely stored on the MinFarm Edge Device, if required.
Edge Data Processing for Optimised Satellite Transmission and Reduced Latency
Data processing techniques such as deep packet inspection and edge processing of sensor data, CCTV image compression and AI object identification can be utilized by the MinFarm Edge Device to significantly reduce the data usage over satellite and the systems latency.
MinFarm Protocol for Low Cost Reliable Transport over Satellite
The MinFarm Protocol is an optimized protocol for reliable and low-cost data transfer over small satellite terminals. It splits data to be transferred into smaller blocks and sends these blocks over the satellite link. If a block is lost during transmission, only the individual block needs to be retransmitted. The MinFarm protocol supports a full set of telemetry commands to assist in remote troubleshooting of the MinFarm Edge Device. It allows new firmware to be transferred over satellite to remote devices to provide new features and fix security issues. It uses a differential transfer method that only sends the changes to the firmware, keeping the file size to a minimum.
Public Key Infrastructure
Data, such as compressed images can first be encrypted using the MinFarm Server's public key and a digital signature is generated using the MinFarm Edge Device's private key. This creates an encrypted image which can be transferred over the satellite link. The encrypted image provides:
- Confidentiality (an eavesdropper cannot view the original image)
- Integrity (the image has not been tampered with)
- Authentication (the image came from the specific MinFarm Edge Device)
- Non-repudiation (this provides proof that the specific MinFarm Edge Device sent the image)
Each MinFarm Edge Device requires its own public/private key pair. It also requires the public key of the MinFarm Server. These three keys need to be installed before deployment. This can be done at a secure production facility and managed by the customer directly. The keys can be rotated at a frequency that is determined by the customer and new keys can be securely distributed over the satellite link.