Google’s new ‘EID’ is an encryption layer for its Eddystone beacon platform
Called Ephemeral IDs (EID), it allows a company to manage who has access to beacon signal. That also means it manages who doesn’t have beacon access, which is the real attraction.
While we currently think of beacons as a one-way street for passing information, Google thinks EIDs will help create a safe environment for beacons to send you information, or let you communicate with them if you like.
In a controlled group (those who can access the signal), the AES encryption key of an EID beacon changes periodically, all based on a timer in the beacon’s software that can cycle through keys at intervals from one second up to nine hours. Using a Elliptic Curve Diffie-Hellman key agreement protocol, only the beacon and service it’s communicating with have access to new key identifiers.
Google says that when using multiple beacons — which is almost always the case — hackers won’t be able to accurately spoof any beacon location. The location signal is also only available to the developer, and EID can be used with any beacon.
The upside is huge with EID. Not only does it allow for a more personalized experience, it also creates a framework for transferring information securely. Currently, Google is partnering with Samsonite for smart luggage using EID, which seems to be the clearest example of how it might benefit real-world scenarios. A secure line of communication between you and your luggage is something you definitely don’t want a hacker getting in the middle of Growing Eddystone with Ephemeral Identifiers: A Privacy Aware & Secure Open Beacon Format on Google developers blog