A little while ago I was interviewed on the radio here in Australia about ways in which people are using their phones that the tech pundits never anticipated. I spoke about the phone increasingly becoming an intersection point for the real and virtual worlds; a kind of remote control for more and more things in your life.
I explained how at our house we have come to be using our mobile phones to let ourselves into the house, something which I set up as a kind of joke (“Siri, let me in”, “I’m sorry, I cant do that Dave”) but has become so useful we no longer bother fishing the keys out when we get home.
We have accomplished this to date fairly simply by combining some off the shelf home automation hardware with a little web scripting know-how. Our phones have a shortcut on the home screen, which opens up a web page that’s only available on our local WiFi network. Among controls for lights and appliances, this page contains a button to unlock the door. Pressing the button sends the command back to the computer running the PHP script which in turns sends the command through the x10 home automation controller to an x10 unit wired to the existing remote door-release circuit, unlatching the door for 3 seconds before it again locks.
About as simple as could be. Or could it be simpler…?
I very recently bought a Samsung Galaxy S3 which has inbuilt support for something called NFC, and I have been thinking about some of the applications we can expect to see from NFC technology in the coming years. NFC (Near Field Communication) is a new technology that uses low-power radio to pass information across short distances, a bit like the RFID technology that has been around for years (think holding your building access card or fob against a panel to open a door) but with the ability to pass more complex information with greater security. Some of the applications we are likely to see coming with NFC include tapping your phone at a grocery item to pick up product information, tapping another phone to pass over a picture, tapping a movie poster to get session times (yay, no more bloody QR codes), tapping at the register to buy a can of drink….or tapping your front door to open it.
To provide secure access through a door you would usually require two things: a lock and a key. With RFID the lock is a reader mounted near the door and the key is the RFID tag or card. The RFID tag contains an antenna and a small amount of storage. When brought close to the sensor the RFID tag is powered up via induction and transmits back to the sensor the contents of it’s storage – usually an encrypted password that the sensor system has listed as allowed access. It’s a lot like the traditional lock and key, however unlike a normal key the lock doesn’t need to be replaced when a key is lost; the sensor system can just be updated to prevent that tag from having access in the future. And just like a physical key, if you don’t have it on you when you want to get in you’re stuck.
An NFC system presents an opportunity for a solution where both the lock and key are ‘smart’. Like the RFID system the reader at the door can check to see if a specific tag has access or not. However the extra smart bit is the NFC enabled mobile phone, which can contain an app that stores the relevant code encrypted on the SIM card. When the mobile is tapped at the reader the mobile NFC passes over the code stored on the SIM and the reader confirms access. If the mobile phone is lost the code can be remotely wiped from the phone. Similarly to provide a new person access is a simple as remotely providing their mobile with an access code securely over the internet.
As a first step I have taken a simple approach that builds on the current system. I’ve encoded an NFC sticker with the URL for the local webpage that sends the command to open the door. When I tap my Samsung Galaxy S3 to the tag the mobile opens the URL, unlocking the door. One of the implications of this system is that any NFC enabled phone could tap the tag to be pushed the same URL, though this is not really an issue since the page is only accessible on my local WiFi network. While not an ideal solution it does provide me with the tap-to-enter experience now while I work on the more challenging solution using an NFC reader at the door.
Some resources for trying this at home:
I had been considering this project for a while: the ability to send a link to someone they can use on their smartphone to open our front door. Useful for deliveries or when friends or family come over while you are not home. For example I recently had a friend come and stay while we were away for the weekend, however getting a key to him was going to be a challenge as he lived interstate. In the end I left a key in the mailbox which is a terribly inelegant solution and not especially secure.
So I have now developed a script that allows me to send an SMS with a web link that when clicked unlocks the front door for a couple of seconds.
Obviously when designing this I had to think carefully about how it would be secured. I wanted to ensure it was well protected enough that the effort required to hack it was much greater than the effort required to just break in.
The solution builds on my existing x10 home automation which already has the ability to open the door via a set of controls on iPhone, which is already secured such that it can only be accessed while on the local wifi network or via a pin code to access the mobile web page. It works so well we now typically use our iPhones to open the door when we get home almost never bothering to fish out our keys.
When the destination mobile number is entered in the control page the php script sends an SMS (using directsms.com.au API) with a link. The link includes a randomly generated alphanumeric key which has already been stored on the database, along with the timestamp of when it was originally sent and when it was then used. The link has to be used within one hour or it will not work. After the first use it will continue to work to open the door for two minutes, after which it will no longer work.