I am creating a web service that will allow any third-party “device” to communicate with it. Each device has an unusual line for identifying itself and uses a web service to store data by this identifier. However, this allows someone who wants to play the service to check and guess device identifiers and store malicious data against them.
The device itself using this web service is relatively "dumb" and does not offer a suitable interface for entering data, so the password or any form of recording on the client is not available.
Since this web service is open to anyone who wants to create such a device that I use, I cannot increase security with a private key, as this will be publicly defined in the specification. Also, due to the simplified nature of the device and its IP / HTTP stack, HTTPS is not suitable for this implementation.
As far as I know, I do not see a way to use the private key in this operation. To this extent, I believe that it is impossible to provide such a system, but I wonder if some other methods that I still have to find can help me a little in this system?
source
share