An inconspicuous example IoT enabled household devices. The smoke alarm.

These things run on batteries and those batteries run out. A little ahead of time they give of an annoying beep to inform you of this. To test them you press a button, to get a beep. So manual acts are required in the field of smoke alarms. It is no secret that this is widely neglected. A great proportion of smoke alarms are sitting without a battery when late night beeping commenced and a fresh battery was not at hand. Some people replace the batteries at the same time every year and so waste both their time and their money.

There are third parties who have an interest in whether or not the smoke alarm in a household are operational. In a multi-family structure the other householders clearly do. The local fire department certainly. Smoke alarms give them an early warning that something might be amiss without necessarily amounting to a full scale alarm. Data analysis over time and many devices will give them data to help identity both false positives and false negatives. Insurance companies most definitely would like to know about smoke alarms. Their policies might be made contingent on alarms being in place and operational. With the money saved split between the parties.

The field of smoke alarms is primed and ready for improvement. Enter the internet of things.

Clearly this tiny device will never have anything other than a limited software stack. Running an LDAP client to authenticate users against a directory server is too far fetched. Yet if the fire department is to be able to probe a whole ecology of WI-FI connected smoke alarms those devices must have a way to verify that the incoming request is authorized. Ideally something stand alone. RESTful; A one-shot request; Stateless. All are desirable qualities.

PAML tokens have the authorization qualities we’re looking for. The user (fire department) establishes an SSL session with the device and the PAML token is thereby established as belonging to the user as well as having been issued by the owner of the device. Using a PAML token implies a both client and server authentication through the cryptographic handshakes that take place, but without having to maintain a list of permitted Certificate Authorities on the device. A very significant practical advantage.