How HomeKit's software authentication works

HomePod and iPhone
HomePod and iPhone (Image credit: iMore)

iOS 11.3 is here and it features a whole host of fun new features, including new Animoji, ARKit 1.5, iPhone battery health settings, health records, and so much more. One of the features that didn't make the bulleted list of most important new features is a little thing called software authentication for HomeKit-enabled accessories. And I'd argue it's one of the most exciting things shipping in iOS 11.3. Why? Because it means we could see several new HomeKit-enabled accessories hitting the market.

Here's why.

Understanding HomeKit requirements

As of WWDC 2017, hobbyists and "makers" have been able to create HomeKit-enabled accessories for non-commercial purposes. Because they're meant to be used in personal HomeKit setups, these accessories don't have to adhere to the same stringent rules and regulations required of commercial accessories.

Commercial accessories (those that will be sold to consumers) have to obtain Wi-Fi Alliance or Bluetooth SIG certification and complete Apple's HomeKit certification under the MFi Program in order to use the "Works with Apple HomeKit" badge and work unabated with HomeKit. Non-commercial accessories without certification throw up a warning dialog when you pair them with your HomeKit home.

Up to this point, commercial accessories were also required to incorporate Apple's hardware-based Authentication Coprocessor in order to obtain HomeKit certification. The coprocessor handled Apple's strict rules for encryption and security for HomeKit-enabled accessories. Apple takes HomeKit security seriously — the company says all HomeKit sessions are end-to-end encrypted and mutually authenticated (authenticated by all parties). Each communication session also includes something called "perfect forward secrecy," meaning that encryption keys aren't reused — a new key is generated for every session.

These strict rules meant most companies had to build accessories specifically with Apple's HomeKit requirements in mind. It was a beneficial rule for consumers in terms of privacy and security, but it also meant — at least at the beginning — fewer available HomeKit-enabled accessories. Companies who already had smart home products on the market would need to rethink their products if they wanted to offer HomeKit-enabled accessories. That changes as of iOS 11.3.

Software authentication

Software authentication is likely to be a boon for those smart home manufacturers who already have products on the market. Instead of designing and manufacturing (or buying) new Apple-approved hardware for their smart home products, companies can opt for software-based authentication. If there's a smart camera, doorbell, light, garage door opener, or any other smart home product that you wish worked with Apple HomeKit, this new option means it's all the more likely to become a reality.

It's important to note that while software-based authentication will be a good thing for established players and companies with products already on the market, it's unlikely all HomeKit accessory manufacturers will use the new option. There are already loads of companies creating HomeKit-enabled products that include the Apple Authentication Coprocessor. What's more, there are also companies that make hardware modules with everything built in. Companies can buy the module, customize it to fit their product, and create an accessory that's ready to pass MFi certification.

Privacy and security

You may wonder if software-based authentication is any less secure than the hardware-based method. Here's the thing: The security processes (end-to-end encryption, mutual authentication, and perfect forward secrecy) are still the same. It's a hefty amount of encryption and security for small, low-power devices and that's one of the reasons it was best achieved through hardware. If device manufacturers want to update their products to achieve this level of security and encryption without Apple's Authentication Coprocessor, they'll be able to. Others may just want to let the Apple Authentication Coprocessor handle the work.

After digging through Apple's heaps of documentation related to HomeKit, the HomeKit Accessory Protocol, and HomeKit authentication, I would definitely opt for the hardware.

What this means for you

It's easy to see why software-based authentication didn't get a bullet point in the release notes for iOS 11.3. It's difficult to communicate just how AWESOME it is. What it boils down to is this: Smart home manufacturers have new options for adding HomeKit support to their devices. That means we could soon see firmware updates that add Siri and Home app control to those pesky non-HomeKit-enabled products we've got in our houses. Fingers crossed!

If you've got any questions about software-based authentication, HomeKit-enabled accessories, or connected tech in general, be sure to leave 'em in the comments or gimme a shout over on Twitter!

Mikah Sargent

Mikah Sargent is Senior Editor at Mobile Nations. When he's not bothering his chihuahuas, Mikah spends entirely too much time and money on HomeKit products. You can follow him on Twitter at @mikahsargent if you're so inclined.