BenQ WDC20 White Paper - Page 13

Network layer - firmware update

Get BenQ WDC20 PDF manuals and user guides View all BenQ WDC20 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 13 highlights

HDMI: Responsible for input/output of A/V transmissions, supports HDCP protections. USB Type-C: Supports DisplayPort alternate mode, responsible for input of DisplayPort format A/V data, the DPCP channel in its communication protocol supports the HDCP protection defined in the video. RJ-45: Ethernet physical port. Provides users with login access to the Web UI of the Host to set up system functions, supports firmware updates but does not support Internet access functions. The Ethernet of InstaShowTM S supports Internet w/ firewall function. Since the authentication mechanism for communication connections between the Host and the Button will not go through the above-mentioned physical ports, hackers cannot get the data and parameters shared between the Host and the Button from these ports. But firmware update is an exception as the firmware update program needs to verify the completeness and signature of the firmware encoding format, otherwise it won't be able to support firmware upgrades. As the InstaShowTM Series supports Wi-Fi network functions we treat Wi-Fi as a hidden port.The Wi-Fi port in the InstaShowTM Series has complete security controls in itself, the Host Wi-Fi provides verification when connections are made for the Host and the Button; when connection is confirmed, A/V transmission is then commenced. If other devices need to visit the application layer of the Host, then attached authentication is needed to ensure that control mechanisms like data confidentiality and system completeness are not broken. 2. Network layer The network system in the InstaShowTM Series is divided into:WAN (Wide Area Network) and LAN (Local Area Network). The WAN way is to connect to the network server through the RJ-45 port, the InstaShowTM Series enables the firewall to provide system network administrators the convenience to control the system fully in the application layer through the authentication mechanism of the enterprise network server(s).The network system and access control in the InstaShowTM Series is an independently working VLAN (Virtual Local Area Network) isolated from the enterprise network. The LAN way is to establish LAN connections through Wi-Fi and the Button or other Wi-Fi devices.The protection mechanism of Wi-Fi is based on the security standard of 802.11i that provides WPA2-PSK to couple with a pre-shared key (PSK) as the authentication.WPA2-PSK encryption will ensure the confidentiality and completeness of all the data passing through wireless communications.The data encryption mode used is AES with 128 bits of key length, the limit on the key length has to be between 8 and 63 bits. Completeness is an examination method that goes through the Counter Mode CBC-MAC protocol (CCMP) and coupled with MIC (Message Integrity Check).The WPA2-PSK password and SSID name can both be set up using the network administrator privilege through the Host RJ-45 port. 13 January 2020

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
13
January
2020
HDMI: Responsible for input/output of A/V transmissions, supports HDCP protections.
USB Type-C: Supports DisplayPort alternate mode, responsible for input of DisplayPort format A/V data, the
DPCP channel in its communication protocol supports the HDCP protection defined in the video.
RJ-45: Ethernet physical port. Provides users with login access to the Web UI of the Host to set up system
functions, supports firmware updates but does not support Internet access functions.
The Ethernet of InstaShow
TM
S supports Internet w/ firewall function.
Since the authentication mechanism for communication connections between the Host and the Button will
not go through the above-mentioned physical ports, hackers cannot get the data and parameters shared
between the Host and the Button from these ports. But firmware update is an exception as the firmware
update program needs to verify the completeness and signature of the firmware encoding format, otherwise
it won't be able to support firmware upgrades.
As the InstaShow
TM
Series supports Wi-Fi network functions we treat Wi-Fi as a hidden port. The Wi-Fi port
in the InstaShow
TM
Series has complete security controls in itself, the Host Wi-Fi provides verification when
connections are made for the Host and the Button; when connection is confirmed, A/V transmission is then
commenced. If other devices need to visit the application layer of the Host, then attached authentication is
needed to ensure that control mechanisms like data confidentiality and system completeness are not
broken.
2.
Network layer
The network system in the InstaShow
TM
Series is divided into: WAN (Wide Area Network) and LAN (Local
Area Network).
The WAN way is to connect to the network server through the RJ-45 port, the InstaShow
TM
Series enables
the firewall to provide system network administrators the convenience to control the system fully in the
application layer through the authentication mechanism of the enterprise network server(s). The network
system and access control in the InstaShow
TM
Series is an independently working VLAN (Virtual Local Area
Network) isolated from the enterprise network.
The LAN way is to establish LAN connections through Wi-Fi and the Button or other Wi-Fi devices. The
protection mechanism of Wi-Fi is based on the security standard of 802.11i that provides WPA2-PSK to
couple with a pre-shared key (PSK) as the authentication. WPA2-PSK encryption will ensure the
confidentiality and completeness of all the data passing through wireless communications. The data
encryption mode used is AES with 128 bits of key length, the limit on the key length has to be between 8 and
63 bits. Completeness is an examination method that goes through the Counter Mode CBC-MAC protocol
(CCMP) and coupled with MIC (Message Integrity Check). The WPA2-PSK password and SSID name can
both be set up using the network administrator privilege through the Host RJ-45 port.