28
ST150M User Manual
Confidential & Proprietary Information
9150-0125-01 R-1
7.1 AT COMMANDS
AT commands are list of commands giving accesses to APIs that can configure runtime settings on the device. All end users
accessing the device will leverage APIs at the Unified API level. The ST150 Security Library is a UAPI level library intended to
prevent access to device configuration APIs via external access.
7.1.1 ST150 DEVICE CONFIGURATION
ST150 device supports different type of AT commands to configure all supported software components over the NORDIC UART
SERVICE (NUS), UART and Configuration service interface.
To access the AT command list and corresponding authentication levels details please refer to document:
8550-0002-01 Globalstar ST150 Unified API Reference
7.1.2 CONFIGURATION SECURITY
The Configuration security settings include individual settings via three supported interfaces. A user can set the settings such
that the module never allows access to auth commands, does so temporarily, or does so all the time. An AT auth command is
issued through the command “AT+SECAUTH={1/0}, {passphrase}, where the first parameter is set to 1 if auth permissions are
being requested, and a non-null passphrase must be set on the device if enabling auth. This command is only required if the
policy is not set to AUTH_PERMANENT.
For more details on security refer to Section 3 the Globalstar ST150 Unified API Reference.
Query state of authentication using AT+SECAUTH?
Security policy types are supported as described below:
• AUTH_BASIC - 0
AUTH_BASIC never allows any elevated auth permissions.
• AUTH_PERMANENT - 1
AUTH_PERMANENT always allows any commands that requires auth privileges to be passed through.
• AUTH_TEMPORARY - 2
AUTH_TEMPORARY allows the auth command to set elevated auth permissions for the current thread, which will
remain in effect until cleared by a subsequent auth command. This state will not persist across a device reset.
• AUTH_TIMEOUT - 3
AUTH_TIMEOUT allows the auth command to set elevated auth permissions for the current thread, which will remain
in effect until the elapsed seconds denoted by the applicable timeout setting occur.
The ST150 device configuration AT commands can be accessed via three interfaces:
• ST150 Configuration BLE Service
This interface requires usage of a 128bit shared AES key to encrypt/decrypt BLE traffic. Only the device owner can
access the shared key, either via the Device Management APIs or using the Globalstar mobile application.
Specific details of the ST150 Configuration Service Implementation can be found in the document:
8550-0009-01 R-1 Globalstar IOT Configuration BLE Service Specification
• Nordic UART BLE Service (NUS)
NUS is essentially a UART over BLE, allowing AT commands to be used with the device. NUS is disabled by default
and must be enabled by a user via the BLE configuration service.
NUS, just like a physical UART, will simply pass incoming commands to the AT handler. The AT handler will check
with the security module to see if NUS has permissions to execute any auth command.
• Physical UART
The Physical UART handler passes commands and responses directly to the AT command handler. Similar to NUS,
the security module can determine the incoming source of the command from the executing thread context.
7. APPLICATION PROGRAMMING INTERFACE (API)