We’re looking in to using published events for transmitting collected sensor data securely to the cloud and I ran into an interesting condition that I wanted to get some feedback on.
So we have a product that is deployed to X number of customers using Photons. Each customer Photon is tied to a central Particle account so we can push firmware updates automatically and diagnose problems without requiring customer interaction.
Consider this situation:
The Photon for customer 1 publishes a hypothetical event saying “The launch code is 6162”. This event is received by the cloud and processed accordingly.
The Photon for customer 2 has been taken apart and tinkered with by a trouble-maker (referring to no user in specific of course) and is now running custom firmware provided by the user that receives the published events described above and prints them out to diagnostic serial. This Photon is still owned the same main account as Photon 1 since only the firmware was changed.
Now whenever Photon #1 (or ANY of our customer Photons for that matter) publishes “The launch code is 6162” this data is also received in clear-text by our nefarious customer #2. Obviously this presents an imminent security risk.
My question: Is there any way to securely (and secretively) publish a value to the cloud (presumably via Particle.publish) that goes from a Photon to the cloud (that could be received by the cli software for example) but /not/ to all the other Photons connected to the account? Basically an event that could only be subscribed to by the cloud API using authenticated logins?
Encrypting the data before publishing it seems to be a significant waste of resources since the whole point of using the cloud publish framework is that it already includes encryption (not to mention it makes it very difficult to include anything useful in the 255 character limit for each published event).
I realize we can use remote function and remote variable calls to accomplish fairly similar tasks, but this approach is less ideal for a couple reasons (key ones being added complexity on the server-side and the possibility of accidental remote function calls–plus increased bandwidth which will be a concern for Electron based products).
What are peoples thoughts on this? I understand this is a bit of an uncommon use case since most people will have their own Particle accounts but we don’t want our customers to have to create separate Particle accounts to use our equipment (the less they have to set up the better).
I will admit I am not making use of the Organizations dashboard system that Particle supplies so I apologize if that addresses this concern.