Internet of Things (IoT), Microsoft, Microsoft Azure, OpenID Connect, Security, Software Development Insights, TLS/SSL

Microsoft LEAP: Design for Security

This year is already off to a fantastic start! I am so excited to be here at the LEAP conference at the Microsoft Headquarters in Redmond Seattle. LEAP is a perfect way for me to keep up to date with new technology and how to apply it here at Gunnebo.

IMG_5034

The focus of the day was to Design for Security. The threat of cyber attacks and hackers is still as pressing as ever, so the need for cloud security is crucial. Although technological advancement has triggered an evolution in cloud security over the years, keeping the right level of visibility and control over their applications is still a challenge to many organizations. This means that finding a balance between cloud security and ease of use is a hard nut to crack. Today’s program discusses how Azure can cope up with this issue. Also, speakers are expected to introduce new and updated features Azure brought recently to improve the security of cloud applications.

IMG_4953

The highlight of today’s program consists of five great keynotes. The first on the list was Scott Guthrie, the executive vice president for Microsoft’s Cloud. He is an incredible orator and kept the audience thrilled with his in-depth explanations on how Azure helps organizations to deliver product innovation and better customer experience securely. It was frankly impossible to have been there without taking away more than a few vital points and a better understanding of Azure.

IMG_4958

Then Stuart Kwan, who is a principal program manager at Microsoft, was the next in line. He backed up Scott Guthrie with a great keynote on how authentication works on today’s applications. Stuart has a wealth of experience under his belt, and he has worked on identity and security-related technologies since joining Microsoft in 1996. Few people have more experience in that field. He is the guy to listen to on topics like Active Directory Federation Services and Windows Identity Foundation. The main focus was on OAuth, Open ID Connect, and SAML. OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol. OAuth 2.0 defines mechanisms to obtain and use access tokens to access protected resources, but they do not define standard methods to provide identity information. OpenID Connect implements authentication as an extension to the OAuth 2.0 authorization process. It includes information about the end-user in the form of an id_token that verifies the identity of the user and provides necessary profile information about the user.

When Yuri Diogenes took control of the stage, everyone knew that his talk would be primarily based on how cloud security is evolving and becoming more mature. Yuri is a Senior Program Manager at Microsoft for Cloud and AI Security.

IMG_4968

Before Yuri moved on to talk about Azure security, he provided some insights into the problematic scenarios that many companies find themselves. According to him, security hygiene has to be taken seriously or any cloud-based infrastructure would suffer. Basically, organizations have to protect themselves against modern-day threats. He carefully explained that Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on-premises. In simple terms, Azure security is the new security hygiene which you need.

Yuri went further to explain the benefits of Azure security center and Azure Sentinel. It provides all-round security and also affords a degree of customizability. According to him, Azure is capable of protecting Linux and Windows VMs from threats, protecting cloud-native workloads from threats, detecting file-less attacks, cloud workload protection for containers and so on.

IMG_4984.jpg

The next person on stage was Nicholas DiCola who was a Security Jedi at Microsoft. He thrilled the audience with his discussions on the Azure Sentinel. He explained to everyone how the Sentinel functions as a cloud-native SIEM for intelligent security analytics for an entire organization. It offers limitless cloud speed and could be used at any scale. It also provides its users with faster threat protection and will easily integrate will all existing tools.

According to him, the Azure Sentinel was designed to collect visibility, helps in detecting analytics and hunting, investigates any incidents and respond automatically to them. Azure Sentinel gets data to function from numerous sources such as Linux Agent, Windows Agent, cloud services, custom app, appliances, azure services and so on. After collating all necessary data, it’s analytics scan for any possible threats. Then, you will now be able to monitor your data and activity.

Last but not least we had a session with Sumedh Barde and Narayan Annamalai. They opened a fascinating discussion on how to secure certificates, connection strings, or encryption keys and new networking capabilities of Azure. Sumedh Barde is Program Manager on the Azure Security team, and Narayan is the leader of the SDN product management group in Microsoft Azure that focuses on virtual networks, load balancing, and network security.

These two gave us great insight into the Azure Key Vault. They explained to us how it functions as a tool for securely storing and accessing secrets. From what I learned from the conference, the secret to tightly controlling and securing access on things API keys, passwords, or certificates is to use a vault. A vault is your very own logical group of secrets.

It was a great day here in Redmond and an excellent opportunity to brush up my knowledge of cloud security. I’m actively looking forward to tomorrow.

Commercial, Gunnebo Retail Solution, Innovation, Internet of Things (IoT), Reflections, Software Development Insights

NRF: Technology keeps retailers two steps ahead

Socioeconomics or social economics is a branch of social science that tries to understand the effect of social structures and processses  on economic activity. At its basic, it studies the relationship between societies progress and local economy, or the global economy. 

Efficient social structures inadvertently lead to a stronger economy. Retail is a critical structure in any society, apart from its obvious importance in economic revenue, it is also a huge platform for human interactions at all levels. Embedding technology deeply into retail to the point that it reaches brick and mortar stores and small businesses will make a more efficient retail industry, and hence, economy.

During my second day at NRF, I wanted to focus on technology and how technology empower brick and mortart stores to keep relevant in 2020.

Female Executives are Leading the Way

Specific and measurable action is required for any scalable transformation in business, retail and other industries. Talk and plans alone cannot push and motivate performance and possibilities.  And when it comes to leading the way, some of the biggest moves are coming from female executives. Progressive voices from the biggest names in retail  and CEO Action leaders share fresh winning strategies, successful tactics, and takeaways that are both valuable and practical.

Horizontal photo african female boss talking at corporate meeting

There has always been a disparity in the treatment of female employees when compared to their male counterparts. Although informal moments are important, it isn’t quite sad that top female managers are treated different than their male opponents. This isn’t obviously not an issue common only in the retail industry, it’s a humanity issue.

What makes this difference in treatment more worrisome is that females even seem to thrive more in the retail industry since it is flexible work. Retail requires a lot of contact with clients and other entities (suppliers, producers, etc), females on average excel in such roles

Issues like this constitute some of the reasons why top management and CEOs are taking political stands more than ever. CEOs are realizing how powerful their voices are and the influence it yields. Progressive views are embraced by many top executives and they can greatly influence employees.

Visiting the Gunnebo Stand

Being a security and technology company, Gunnebo was of course present at NRF showing our cash management devices for retail. From cash management to loss prevention, there are several areas where Gunnebo Cash Management Solutions can help improve retail processes and security procedures to increase efficiencies, reduce costs and enhance the customer experience.

IMG_0023.jpg

It was also good to meet ut with collegues I do not see that often, from Sweden, Holland, USA and Denmark amongst other.

Retail and the global social economics scene: The 2020 Vision

The business environment has effectively created space for retailers. But because of the nature of the market, new strategies are important to ensure that retailers can get the best and gain the required advantage. It is assumed that all retailers usually look to establish a fair amount of advantage. This usually ensures that the concept of globalisation is discussed in relation to the retail sector.

Paul_Ryan_official_photo

So, how do factors such as government policies, such as tax reform, reciprocal trade agreements and monetary regulation, persist as key instruments in managing global economic health? Former US senator and Speaker of the US House of representatives, Paul Ryan joins NRF 2020 with Recode co-founder and editor-at-large Kara Swisher as expert panelists providing insights on the business impacts of recent political and policy decisions in Washington. Whether it’s tariffs, international trade agreements, tax reforms or impending Big Tech regulations, the former chairman of the Ways and Means Committee, Ryan, and tech and innovation authority, Swisher will explore and anticipate what lies ahead for consumers and the retail industry on the global stage.

It is in the interest of every retailer to embrace retail technology. All aspects of retail have some sort of software or technology that aids its smooth running. Customer tracking software can greatly improve customer experience and garner loyalty to your brand. Technology makes for a swift and clutter free way to analyze data, monitor sales and keep inventory.

POS (Point of sale), Executive Information Systems and Electronic Data Interchange (EDI) are some ways technology can help in sales, warehousing and analysis.

Technology also has tremendous applications on the executive level. With data mining and planning software, executives can delegate most of their work and focus on strategic tests, hence increasing productivity.

Technology in retail is more important now than ever. It is so crucial that NRF has transformed from a retail show to a full blown tech show for one simple reason: most of the advancements in retail are directly as a result of tech advancements.

China Innovation Concept

China is the new innovator, the Chinese government is making huge investments in cooperation with private companies into AI, robotics etc. Domestic tech giants receive huge support from their government and this has yielded positive results in China’s retail sector. The almost sudden rise of Alibaba and other Chinese brands is testament to this fact. Innovation does not work in the same way in democratic countries as autocracies like China, and countries like USA can not outspend China in innovation simply because it does not enjoy the liberties of Chinese autocracy.

Another stepping stone in the path of USA retail technology is that the US does not have any laws to regulate new technology. EU has GDPR and heavy privacy legislation, but US is lagging behind. Unfortunatley the education is also lagging behind, and both modern US and EU must find ways to educate students for working with AI, not doing the same work as AI. This sort of education does not have to be costly and does not have to involve any complex learning, it should be simply focused on teaching people to make the best use of AI and expose them to how AI can increase productivity.

All in all a fresh discussion and enlightening discussion between Paul Ryan and Kara Swisher.

Cloud Computing: Paving the way for the future of retail

The retail industry is on the cusp of great change with customer expectations evolving and impacting all areas of the retail value chain. The most forward-thinking businesses recognize that they must embark on a digital transformation strategy to stay competitive and deliver innovation. And this involves the adoption of cloud computing. The investment brands in cloud computing has risen from about $4 billion in 2011 to a whopping sum of $15 billion in 2016. Retailers are looking to adopt cloud computing just like in the banking and manufacturing industries. There are numerous benefits that can accrue from the adoption of cloud computing.

Google Cloud Platform on a phone screen in a pocket

Winners are retailers that transforms the fastest. The most successful retail brands are those that pursue advancement and embed new systems into their business models. Cloud computing appears to be the next major milestone in retail technology and embracing it now is the way to stay competitive.

Personalization has always been key to brand identity, preserving the identity of your brand in this age of cloud based computing should be a priority. Technology should be utilized to to help retailers optimize the efficiency of business and not totally replace identity.

Digital advisors are automated investment platforms that process the construction and upkeep of an investment portfolio for retsilers. All it takes is opening an investment account, answering some questions about goals and risk tolerance, and the platform makes the best decisions based on answers given. In addition to ease of use and efficiency, digital advisors are also tax effective.

Google works with retailers to solve pain points and shape a future vision that focuses on a set of businesses that brings to bear the very best of Google. Using cloud technologies such as application development, data management, advanced analytics, and AI/ML capabilities, Google is helping retailers unlock impending opportunities. Join Google Cloud CEO, Thomas Kurian and Kohl’s CTO, Paul Gaffney as they discuss how Kohls is infusing their business with intelligence and cloud capabilities to better serve employees and customers.

Global retail mindset: Bold moves from leaders looking to fuel future growth

Retail businesses have extended into every corner of the world. Every business leader is always concerned about the growth of his or her business but sometimes, it can be harder to achieve. This is due to the fact that many retail business owners lack the technical know-how to ensure the sustained growth of the business. A retail business will usually reach a peak after which it may seem like a herculean task to inspire any more growth. How possible is it to get the much-desired growth? Apparently, you have to learn from the techniques used by many industry experts. The insight could be the fuel that you need.

In consecutive interviews, hear from retail and brand executives with penchants for evolution who are tackling new growth challenges, reimaging core customer strategies, and living up to their “change agent” personas? Featuring leaders with bold ideas for leading enterprise transformation, each interview will examine the company’s current landscape, ideas to solve or proactively disrupt industry challenges, and each executive’s vision for future profitable growth.

Debounce, Internet of Things (IoT), Microsoft Azure, Node RED, Software Development Insights

Debounce Algorithms in IoT

Working in IoT we sometimes need to handle large data streams of information, that might or might not be totally accurate. Streams might contain noise, inaccurate/unreal readings and other unwanted data.

Digital oscilloscope-1

Switch debouncing

Debouncing can be done on the hardware itself, or in software. Hardware debouncing can be done either using an S-R circuit or an R-C circuit. Two famous algorithms to do software debouncing is vertical counter and shift registers. Despite being well-known, in literature, these methods are typically presented as a code dump with little or no explanation. In this article, I will touch upon these circuits, methods and other algorithms and their use in IoT debouncing.

Understanding Switch Bounce

When the contacts of mechanical switches toggle from one position to another, these contacts bounce (or “chatter”) for a brief moment. During the first millisecond, the bounces are closely spaced and irregular, and although all of it happens in the course of milliseconds, high-speed logic will detect these bounces as genuine presses and releases.

Electrical panel. Low voltage device. Electrical equipment. Power supply. Electro substation. Power net.jpg

A button release produces bounces too, but it is common for a switch release to produce less bounce than for a switch press.

Switches usually become stable after 5-20ms depending on the quality, size and electronics of the hardware.

Hardware Debouncing

Debouncing using S-R circuits

Switch debouncing using S-R circuit is one of the earliest hardware debouncing methods. In this circuit, S-R latch avoids bounces in the circuit along with the pull-up resistor. It is still the most effective debouncing approach.

The figure below depicts a simple digital debouncing circuit which is used quite often.

1

The circuit utilizes two cross-coupled NAND gates which aim to create an S-R latch, A SPDT (Single Pole Double Throw) switch and two pull up resistors. Then the resistor produces and generates a logic ‘one’ for the gates and the Switch pulls one of the inputs to ground.

If the switch is kept in a position as  seen in the figure, the output of the upper gate is ‘1’ regardless of the input of the other gate and the one created by the bottom pull up resistor which stimulates the lower NAND gate to zero, rapidly in turn hustles back to the other gate. If the switch moves back and forth like a pendulum between the contacts and is suspended or halted for a while in neither one of the regions amidst the terminals, the latch preserves its’ state because ‘0’ from the bottom NAND gate is fed back. The switch may move between the contacts but the latch’s output assures that not in any way it would bang back and therefore, the switch is bounce free.

R-C Debouncing

Although S-R is still common, it’s bulkiness cause problems when you try to use it frequently. You can see that it uses many hardware pieces. Another drawback to using S-R circuits is SPDT switches are more expensive than SPST switches. Thus, a new approach of debouncing emerged using an R-C circuit. The basic principle behind it is to use a capacitor to filter out swift adjustments or changes in the switch signal.

The following image demonstrates a basic R-C circuit which is used for debouncing.

2

It is a simple circuit which uses two Resistors, a Capacitor, a Schmidt trigger hex inverter and an SPST switch.

  • In the event where the switch opens, the voltage across the capacitor which is initially zero begins to charge to Vcc through R1 & R2. The voltage at Vin is higher and hence, the output of the inverting Schmitt trigger is low (logic 0)
  • When the switch is closed, the capacitor discharges to zero and subsequently, the voltage at Vin is ‘0’ and output of the inverting Schmidt trigger is high (logic 1)

At the time of the bouncing condition, the capacitor will halt the voltage at Vin when it comes to either Vcc or Gnd.

You may wonder why a standard inverter is not used. There is a problem for using the standard inverter gate here. TTL defines a zero input when the applied voltage is between 0 and 0.8 and the output in certain circumstances or situations is very unpredictable or unforeseeable. Thus, we must use a Scmitt trigger hex inverter. Thereby, the output remains constant even if the inputs vary or dither and it also ensures to prevent the output from switching due to its’ hysteresis trait.

Software Debouncing

We can debounce switches using the software as well. The basic principle is still to switch signals and filter out glitches if any. The most used algorithms used for that are counters and shift registers.

Counter Method

The first approach uses a counter to time how long the switch signal has been low. If the signal has been low continuously for a set amount of time, then it is considered pressed and stable. 

Let’s see the steps in the Counter method. 

First, we set up the count value to Zero. Then set up a sampling event with a certain period, say 1 ms. You can use a timer for that. On the sample event, Do the following things.

If the switch signal is high, reset the counter variable to 0 and set the internal switch state to ‘released’. If the switch signal is low, increment the counter variable by 1 until it reaches 10. once the counter reached 10, set the internal switch state to ‘pressed’. 

Shift Register Method

Similar to that of the counter method. The only difference is that it uses a shift register. The algorithm assumes unsigned 8-bit reg value usually found in microcontrollers

First, set up the shift register variable to xFF. Set up a sampling event of period 1 ms with the help of a timer. On the sample event, Do the following things.

First, shift the variable towards MSB, the most significant bit. Set LSB, the least significant bit to the current switch value. if the shift register value is equal to 0, set internal switch state to ‘pressed’. otherwise, set internal switch state to ‘released’. 

IoT Sensor Bounce

Recently my team has been working on telemetry involving OCR decoding of License Plates. I consider data from an OCR routine, a temperature sensor or a push button the same thing and debouncing the telemetry can be done very much in the same way.

Collection of European license plates from different countries

First of all, we needed to clean up the data stream by filtering out incorrect values. Since there are not control digits on license plates, we chose to trust the result if the camera would return three similar plates within five iterations.

If you want to know more about how to debounce data streams or if you have any questions, please reach out to me: bjorn.nostdahl@gunnebo.com