Breakthrough New Security Model For Internet of Things Data

Over the past few weeks, we have cleaned up and re-named what we were previous calling "Advanced API Keys" into a more formal offering we are now calling "Secure Sharing." Our impetus here was that we were selling short what is probably one of the most innovative and powerful features of our platform. Secure Sharing is not just an API feature but actually a completely new way of thinking about security in a world where machines are interacting with each other and collaborating in real-time.

Pachube’s Secure Sharing completely upends how API-based authentication is managed. Instead of sharing one API key with third parties, users (or machines) may now issue as many Secure Sharing Keys as they wish, each of which can then access specific sets of data, contribute to specific datastreams, and even issue new Secure Sharing Keys. Settings for each Secure Sharing Key control:

1. Access to resources (Individual or groups of datastreams, entire user accounts, API settings)
2. What can be done with those resources (adding and retrieving data, creating and deleting resources)
3. Where access can be made from (specific websites or IP addresses)
4. How long each Secure Sharing Key is valid for
5. What resolution of data history can be viewed

Pachube’s Secure Sharing frees developers working with web-based access to networked devices and sensors from having to manage security themselves. On other security models currently in use, API keys are sensitive to exploitation and need to be protected. Developers are forced to mask API keys through elaborate proxies, while API keys that are hardcoded into hardware are vulnerable to network sniffing. Furthermore, as the Internet of Things explodes to billions of devices, resources dedicated to authentication will need to scale as well, taxing IT systems and eating up profit. Pachube’s Secure Sharing model allows developers to share API keys freely, turning what was previously a security concern into a driver for cross-industry and cross-technology collaboration.

Secure Sharing used along with Pachube’s real-time data management infrastructure allow developers to seamlessly and securely provide the following functionality:

• Securely embed real-time data from networked sensors and devices in web pages: By utilizing a Secure Sharing Key with read-only access from a specific website, developers can publicly display real-time data through widgets with zero server overhead.

• Devices can automatically share data for fixed amounts of time: By providing devices with the ability to issue their own Secure Sharing Keys, they can issue additional Secure Sharing Keys for use to third-parties with a specified time limitations. Machines can share real-time data directly with each other.

• Third-parties can update private datastreams: By issuing Secure Sharing Keys to several completely unrelated third-parties (even in different industries), those third-parties could all update a single data stream while only being able to access their own data (energy usage of houses in a neighborhood or the location of secure assets in transport).

We are really excited about this new offering and would welcome feedback. Our hope is that this is an enabler for innovative new applications, so if you are planning to do something awesome with Secure Sharing and Pachube, let me know (edborden@connectedenvironments.com)!

-@edborden