Publishing secret events on a Particle account?

We’re looking in to using published events for transmitting collected sensor data securely to the cloud and I ran into an interesting condition that I wanted to get some feedback on.

So we have a product that is deployed to X number of customers using Photons. Each customer Photon is tied to a central Particle account so we can push firmware updates automatically and diagnose problems without requiring customer interaction.

Consider this situation:

The Photon for customer 1 publishes a hypothetical event saying “The launch code is 6162”. This event is received by the cloud and processed accordingly.

The Photon for customer 2 has been taken apart and tinkered with by a trouble-maker (referring to no user in specific of course) and is now running custom firmware provided by the user that receives the published events described above and prints them out to diagnostic serial. This Photon is still owned the same main account as Photon 1 since only the firmware was changed.

Now whenever Photon #1 (or ANY of our customer Photons for that matter) publishes “The launch code is 6162” this data is also received in clear-text by our nefarious customer #2. Obviously this presents an imminent security risk.

My question: Is there any way to securely (and secretively) publish a value to the cloud (presumably via Particle.publish) that goes from a Photon to the cloud (that could be received by the cli software for example) but /not/ to all the other Photons connected to the account? Basically an event that could only be subscribed to by the cloud API using authenticated logins?

Encrypting the data before publishing it seems to be a significant waste of resources since the whole point of using the cloud publish framework is that it already includes encryption (not to mention it makes it very difficult to include anything useful in the 255 character limit for each published event).

I realize we can use remote function and remote variable calls to accomplish fairly similar tasks, but this approach is less ideal for a couple reasons (key ones being added complexity on the server-side and the possibility of accidental remote function calls–plus increased bandwidth which will be a concern for Electron based products).

What are peoples thoughts on this? I understand this is a bit of an uncommon use case since most people will have their own Particle accounts but we don’t want our customers to have to create separate Particle accounts to use our equipment (the less they have to set up the better).

I will admit I am not making use of the Organizations dashboard system that Particle supplies so I apologize if that addresses this concern.

1 Like

Hi @solarplug,

Good question! Private events for products are scoped to the product creator (your organization), and the account holder. It is not possible for a customer to modify a device firmware to see private events for other devices in your organization if they’re flagged as private.

Adding a secondary layer of encryption isn’t that wasteful if you need your data to be encrypted at rest if your organization is storing those events. A function call could easily set a device specific encryption secret, and use something like AES to encrypt the event contents before publishing.

Have you tried publishing the events privately?


Hi @Dave,

Thanks for the reply–we will look in to either using the Organization feature as you described or encrypting the events that get published.


1 Like