Home automation Internet of Things app. Remote control of a thermostat. These design notes represent a way to implement a secure IoT application.
- Device provisioning
- Device software update
- Turn on/off thermostat
- Online Status
- Historical Analytics
- Set thermostat temperature
- Remember last state after reboot
- End-user controllable with mobile app
- Custom actions to enable chain of events based on household rule settings.
- Smart speaker integrations with Amazon Echo, Google Home and Apple HomeKit.
- Vendor IoT fleet global administration
- Vendor global view - see all online devices
- Vendor product expandability while devices are online
- Mobile App ( pair/add device )
- Thermostat firmware
- Server APIs
- Data Streaming Provider PubNub
- AI/ML Data Processing Stream onAfter Functions
- Cryptographic signature
- Public/Private encryption
- PubNub Access Manager
- User Authentication
- User connects to local device private WiFi for setup.
- Setup requests household WiFi access credentials.
- User must pair the device with mobile app from the same WiFi network.
- IoT Device and mobile app joins household WiFi network.
- Mobile app remembers IoT Device ID while the device provisions.
- The mobile app and thermostat are now linked and provisioned.
- Mobile app sends signals to control IoT device.
- Mobile app retrieves status change records.
- Mobile app can ping the devices to test uplink.
- Functions - REST Endpoint - Mobile app authenticate
- Functions - REST Endpoint - Device provision - list of channels, and more
- Functions - REST Endpoint - Send signed/encrypted control signals to devices
- Functions - onAfterPublish - AI/ML tracking anomaly detection
- Functions - onBeforePublish - Security signatures and hey asymmetric public key encryption
- Presence - Track online status of devices
- Subscribe - Receive events
- Publish - send signals to thermostat and mobile app
- Grant Token - Add permission to Device/Mobile App to send and receive events
- Objects V2 - Users and Device Registry Management
These channels are used for sending/receiving events.
Devices will subscribe to .*
channels to receive events.
devices.deviceUniqueID
- device presence trackingdevices.deviceUniqueID.*
- device receives eventshousehold.homeUniqueID.*
- broadcast events within a homebrodcast.*
- admin can broadcast signals on device globally
devices.deviceUniqueID-pnpres
- device online status ( app subscribes to check device online status )
Devices and servers will publish to these specific channels.
devices.deviceUniqueID.off
- turn off HVACdevices.deviceUniqueID.on
- turn on HVACdevices.deviceUniqueID.temp
- set thermostat temperature (overrides schedule for a time)devices.deviceUniqueID.schedule
- set schedule and temperaturedevices.deviceUniqueID.reboot
- issue reboot command to the devicedevices.deviceUniqueID.ping
- ping device channel, causing the LED to blink
devices.deviceUniqueID.insights
- AI/ML insights channeldevices.deviceUniqueID.anomaly
- AI/ML anomaly notification
sensors.deviceUniqueID.thermometer
- device emits temperature readings and HVAC efficiencysensors.deviceUniqueID.stats
- device emits periodic stats to this channel ( used for AI/ML Function )sensors.deviceUniqueID.log
- device emits logs on this channel ( accessible for debugging and mobile app )
Vendors may trigger a command on all devices, globally.
brodcast.notification
- displays a message on the mobile app and the IoT Thermostat UIbrodcast.softwareUpdate
- issue software upgrade command to devicebrodcast.reboot
- issue reboot command to all devicesbrodcast.ping
- illuminate the LED on all devices globally, as well as log todevices.deviceUniqueID.log
brodcast.saveThePlanet
- reduces HVAC power consumption world wide
We set the presence ACL to only track presence on devices.deviceUniqueID
channels.
- Track device population segments of devices online.
- Debugging of IoT device and mobile applications.
- Analyze geographic distribution and device longevity.
- Analyze end-user activity.
The two entities are users
and devices
.
name
- Name of the householdpassSignature
- access via password authentication stored as a hashdevicesIdsOwned
- list of owned and provisioned device IDs
deviceName
- Name of the device in the householddeviceUniqueID
- Address of the devicedeviceSecretKey
- Signature verificationdeviceGroupSalt
- Signature verification, appended to signature string and signed bydeviceSecretKey
.devicePublicKey
- Encrypt messagedevicePrivateKey
- Decrypt message
See network.js source.
APIs to complete a task or command. Running via PubNub Functions.
pubnub.subscribe()
pubnub.publish()