Smart lock protocol

Simon Peeters simonpeeters90 at gmail.com
Fri Mar 13 09:20:20 EDT 2015 

Hi,

First off, Thanks for all your ideas!

The only problems with Kerberos are
1) it requires the user to have internet on his phone
2) the phone must contact the server and obtain tickets every time it wants
to lock/unlock the door which adds delay (not sure how much). A solution
would be to have a phone app get a new ticket say every 15 minutes. This
would probably drain battery though.
3) makes the process dependent on a central server meaning if my server
goes down my friends and I can't access our homes. Pretty sure they'd be
pissed off about that =).

I think it would be better to just save all the authorized users on the
lock itself and use public key cryptography. This is safer and offers
better user experience I believe (faster response times). The downside is
indeed that you cannot easily grant temporary access to your home or make
changes to the authorized user list remotely.

Kind regards,
Simon

On Fri, Mar 13, 2015 at 7:10 AM, Rick van Rein <rick at openfortress.nl> wrote:

> Hello again,
>
> I had a few more thoughts on this idea of yours to use Kerberos for
> your door locks:
>
> * When you apply cross-realm tactics (which we are working on for
> Kerberos, http://realm-xover.arpa2.net/kerberos.html ) you have an
> identification of your visitors, even when they are granted access
> in some generic manner, e.g. during an open house event.
>
> * I use a SIP phone as my front door bell; it dials my home number,
> which is also a SIP number and which I can also pickup on other
> locations.  One scenaria that isn’t currently supported is the package
> delivery bloke that I might want to give temporary / guarded access.
>
> * The Kerberos-based access enables you to release tokens that
> are valid only in particular windows.  So your cleaning staff can be
> assigned access for precisely an hour, and your visitors are welcome
> for the two days that they are staying with you.  Moreover, combined
> with the remotely answered door bell, the package delivery bloke
> could be granted 5 minutes worth of access.
>
> * Tickets expire at a set time and date.  It may be possible to integrate
> that with the hardware of the door, and bar the door automatically when
> the time has passed.  This would also be helpful with the 5-minute
> window granted to the package delivery bloke; it would also help to
> avoid that cleaning staff can stay in the house for longer than you
> desire, when you are present.
>
> Let us know how you continue, please!
>
> Cheers,
>  -Rick

More information about the Kerberos mailing list