Authorization model for home automation

Smartphones promise to play an important role in the management and control of Home Automation (HA) solutions. When things and devices have either no or a constrained user interface (UI), the phone’s display becomes more and more relevant to managing devices. Additionally, new capabilities for biometric authentication to the phone such as Apple’s Touch ID will help secure these management features.

Apple’s recent announcement of their HA framework HomeKit in iOS 8 positions the user’s iPhone or iPad as the control point for the home’s devices (at least those that are HomeKit compatible). Using an iPhone to manage and control devices to some extent mitigates the current lack of interoperability between different HA platforms – who needs a standard when Apple can define their own protocol and expect hardware manufacturers to adhere to it (de jure versus de facto).

For consumers, seeing the “iPhone compatible’ logo on the smart lock they are considering purchasing will likely assuage any fears of setup and configuration and so HomeKit may well kick start the HA space for the mass market.

Apple has yet to release the full details of HomeKit, but the expectation is that the iPhone will communicate to the devices using BLE (peer-to-peer) or Wi-Fi (if on same network). The assumption that the phone is actually in the household highlights a fundamental challenge with the idea of using a phone as the controller – what do the devices do when the controller is not inside the house to direct them? Sit around twiddling their rhetorical thumbs waiting patiently?

Related, in its press for HomeKit, Apple uses the example of being able to tell Siri to “turn on the lights in the living room.’ Contrast this with the house and its devices working out when to turn on/off the living room lights – either through Nest style learning or explicit rules defined by the homeowner. (To be fair the HomeKit documentation does refer to triggers, these may well be a hook that would enable a “if event [X] then action [Y]’ sort of logic.)

Taken together, HomeKit’s seeming presumption of 1) “user in the house’ and 2) “user initiates actions’ creates a relatively “manual’ HA model – and enabling a set of use cases that might collectively be characterized as “I’m too lazy to get off the couch.’

The full value of HA will never be realized if the expectation is that we the user, must be directly involved in every interaction our things (our thermostats, our toasters, our TVs) perform. HA is more than a “universal remote’. Our things must be able to act on our behalf, whether or not we actively initiate the operation or even are physically present in the house. And of course, critically, “on our behalf’ implies that we stay in control throughout the various stages of the thing’s lifecycle – initial setup, ongoing operation, and eventual powering down and recycling.

This requirement, that computing devices be authorized and empowered to act on behalf of specific human users in ways that are consistent with the user’s wishes is not new – a relatively recent manifestation is how one online provider is able to query and manipulate our data maintained by some other online provider. For instance, a financial aggregator pulling my banking and investment information together for analysis, or a homeowner sharing their hydro consumption data with a third-party for tips on how to save.

On the web, these sites communicate over HTTP APIs, and OAuth and OpenID Connect are two security protocols that have emerged in the last few years to allow these API calls to be authenticated. Critically, both protocols explicitly allow for a user’s consent to certain operations be captured and logically associated with the security tokens clients present on their API calls. Importantly, these protocols allow a user to define rules like “This web site can access my bank account balances, but not my transaction info.’ A similar authorization model, user experience, and security mechanism will be required for a fully automated HA – one where my household devices can interact with each other (and appropriate cloud services) without my explicit initiation (but with my authorization).

Let’s say I want to enable my new smart thermostat, when it senses the temperature in the house rising, to indicate to the window shutters on the southern side of the house to lower (presuming the two manufacturers have agreed to both implement some application-level protocol). How do I indicate to the windows that the thermostat is authorized to send “lowerShutter’ and “raiseShutter’ commands (but the washing machine isn’t)? How do I monitor and track these sorts of interactions over time? How do I revoke the permissions when I trade the thermostat in for a square model?

The smartphone (whether from Apple or otherwise) will likely play a role in the above. After installing the thermostat on the wall, perhaps I tap the phone and through NFC a Wi-Fi access point and credentials are provisioned. Over Wi-Fi (or BLE) the thermostat indicates to some “HomeManager’ app on my phone its capabilities (i.e. I can control the shutters you have) and requests my consent for the corresponding operations. When I give that consent, an OAuth access token is provisioned from the phone to the thermostat. When subsequently presented on a lowerShutter command sent to the windows, the token can be validated as coming from the HomeManager, the permissions checked, and the shutters lowered accordingly. Protect the HomeManager app with a strong authentication solution like iPhone Touch ID or Samsung’s fingerprint sensor and you have a secure and privacy-respecting model.

Will it happen exactly like the above? Doubtful. There will likely be some other boxes involved within the household – the Wi-Fi router as an example seems a logical place to put some of the HomeManager logic. Likely some cloud services in the mix as well. But I contend a flexible and scaleable HA model demands this sort of authorization model – at least in the broad strokes. And the industry protocols developed over the past few years to enable the same on the Internet will apply to the Internet of Things.