Skip to content

Authenticated ground-sensor capture

miombo_sensor · v1.0.0

Authenticates registered field-device observations, prevents replay and signs each accepted reading as baseline evidence.

Inputs

  • registered, active device identity bound to an asset and tenant;
  • raw telemetry payload with capture time and typed observations;
  • X-Sensor-Signature HMAC-SHA256 header calculated with the device secret;
  • observation kind, value, unit and quality flag.

Controls

The service verifies the HMAC over the exact request body, rejects unknown or decommissioned devices, rejects duplicate device/timestamp submissions and enforces the configured backfill window. Each accepted observation receives its own signed manifest before persistence.

Outputs

  • accepted observation identifiers;
  • asset- and tenant-scoped baseline observations;
  • device, capture time, unit, quality and method identity in the signed body;
  • aggregate recomputation for affected streams and windows.

Limitations

Cryptographic authentication establishes the submitting device secret, not the physical accuracy, calibration or placement of the sensor. Quality flags, calibration records, maintenance controls and field validation remain necessary for assurance.

Versioned methodology documentation for Miombo Nature Risk Intelligence.