TexMike Posted June 29, 2020 Posted June 29, 2020 Installed MIMOlite on garage door opener a few days ago and it's working fine. I have a teenager who rides his bike a lot and I would like for him to be able to open/close the garage door from his phone, optimally only that. It's not that I don't trust him, it's just that good security practice dictates that a user should only have access to what they need and no more. I could set up a couple of bookmarked REST commands to run programs and that would work, but the portal credentials would need to be embedded in the URL's and I don't like that. I will be using programs because I also want to check to make sure he is in the home geofence for opening as another precaution and check the current status of the garage door i.e., skip open/close if it's already in the desired state. I also thought about using IFTTT as a way to sort of obfuscate the access, but it adds another layer and potential delay. Any ideas on the most secure way to accomplish this functionality?
Teken Posted June 29, 2020 Posted June 29, 2020 25 minutes ago, TexMike said: Installed MIMOlite on garage door opener a few days ago and it's working fine. I have a teenager who rides his bike a lot and I would like for him to be able to open/close the garage door from his phone, optimally only that. It's not that I don't trust him, it's just that good security practice dictates that a user should only have access to what they need and no more. I could set up a couple of bookmarked REST commands to run programs and that would work, but the portal credentials would need to be embedded in the URL's and I don't like that. I will be using programs because I also want to check to make sure he is in the home geofence for opening as another precaution and check the current status of the garage door i.e., skip open/close if it's already in the desired state. I also thought about using IFTTT as a way to sort of obfuscate the access, but it adds another layer and potential delay. Any ideas on the most secure way to accomplish this functionality? Ideally, your son should be opening and closing the GDO via the built in exterior remote keypad. The next extra layer would be to have him carry a iBeacon on his key ring along with the cell phone. Incorporating the other elements you noted like geo location and these two physical access keys than the door could be opened. I'm probably the last person to ask because I don't feel Home Automation has a place with respect to true security of the largest door to your home. Insteon is integrated solely for awareness (Read Only) so the ISY Series Controller can offer myself and the family those creature comforts of turning on, off, lights and infrastructure resources. It has no access to open / close the door which is handled by my security alarm system which even then is restricted to time & schedule. And that is simply addressing the electrical aspect never mind the physical which is managed three locking solenoids and with a measure of force protection while away huge bollards to guard against a physical impact to the door. 1
TexMike Posted June 29, 2020 Author Posted June 29, 2020 All good points, however I don't have an external keypad because I intended to install the Z-Wave module and considered it redundant. It also seems a risk that someone could see him enter the code. I did forget to mention limiting the schedule. So let's say I'm comfortable if it's within the allowed schedule, he's in the geofence and has his phone. How can I set up his phone to allow the opening w/o the portal credentials in clear text?
jfai Posted June 29, 2020 Posted June 29, 2020 How about giving him a keychain remote for the GDO? Of course, if he loses his keychain, you have to worry about more than just your garage door...
TexMike Posted June 29, 2020 Author Posted June 29, 2020 Issues with losing, no scheduling and remembering to take it make me steer away from that. You know teenagers, they always have their phone. Plus I can turn off the capability any time I want. I have the solution I want, except for the problem of how to set it up on his phone without exposing the portal credentials.
jfai Posted June 29, 2020 Posted June 29, 2020 It's a large, heavy door. You need to worry about liability for personal injury. Whatever you do, your son needs to have direct line of sight of the garage door while operating it and that's hard to enforce with just geofencing. I think, you'll find that it's going to be a compromise kind of solution...
simplextech Posted June 29, 2020 Posted June 29, 2020 6 minutes ago, TexMike said: Issues with losing, no scheduling and remembering to take it make me steer away from that. You know teenagers, they always have their phone. Plus I can turn off the capability any time I want. I have the solution I want, except for the problem of how to set it up on his phone without exposing the portal credentials. Setup the older Occupancy nodeserver in the portal. Go to Connectivity IFTTT setup to generate a token URL for that purpose Use the phone to send a HTTP GET to that URL associated with that "Geofence" user Setup program to do what you want when that "user" becomes present or away This way your portal credentials are not exposed and the access is limited to a single function of marking the person home/away.
TexMike Posted June 29, 2020 Author Posted June 29, 2020 6 minutes ago, simplextech said: Setup the older Occupancy nodeserver in the portal. Go to Connectivity IFTTT setup to generate a token URL for that purpose Use the phone to send a HTTP GET to that URL associated with that "Geofence" user Setup program to do what you want when that "user" becomes present or away This way your portal credentials are not exposed and the access is limited to a single function of marking the person home/away. Bingo, that's the out of the box solution I was looking for. I already use the occupancy nodeserver via Locative on his phone, but I think I can set up another fake one for this purpose. Thanks! @jfai Yes, line of sight is preferred, but the GDO still has all the safety features, optical sensor and force reversal. 1
TexMike Posted June 30, 2020 Author Posted June 30, 2020 Great solution suggested by @simplextech, but as usual a few kinks along the way. I thought of the use case where multiple open or close would be needed in a row, perhaps even days apart. If open was used last, then the program won't trigger open again. I decided to use separate fake geofences for open and close and reset after use. Turns out the old occupancy nodes cannot be controlled from the ISY, I could have used a network resource to do it, but didn't want to do that if it could be done locally. Found out the Occupancy 2.0 nodes can be controlled locally with ISY, so ended up setting up the fake geofences there and all is working as desired. Open program is below and close is similar, just less restrictions. GD Open Henry - [ID 00A4][Parent 0037] If 'GD Open / Henry' Occupied is True (fake geofence set true from phone) And 'GD Sensor' Status is Off (GD is closed) And 'Home / Henry' Occupied is True (real geofence) And From 6:00:00AM To 11:00:00PM (same day) Then Set 'GDO MIMO' On Wait 10 seconds Set 'GD Open / Henry' Off Else - No Actions - (To add one, press 'Action') 1
Recommended Posts