What the User Sees
As a product owner, your most important asset is the people who use your product -- your customers. The Thingsquare platform is designed to make their experience as smooth as possible.
Before we go into the details of how the system internals work, let's take a look at how a user experiences the system.
The user first unboxes and potentially assembles your product. If your system uses Ethernet for connectivity, the user plugs in the Ethernet cable. If it uses 3G connectivity, a SIM card may need to be inserted. In either case, this step is quick.
The user then installs your app on their smartphone. The app and the unboxing experience is the first impression that your customers will have of your product. Many users will have installed your app before receiving your boxed product, so ideally your app gives a great impression even without the product at hand.
When the user starts the app in the vicinity of your product, the app will detect your product and show this to the user. From now on, the user will be able to interact with your product using the app.
Under the Hood
To make the user experience as smooth as possible, while keeping the system secure, there is a lot going on under the hood.
Devices form a wireless mesh network and connect to the Internet. Devices use their Internet connection to authenticate with the Thingsquare cloud and begin announcing their presence. The smartphone app discovers devices and authenticates with the Thingsquare cloud. Users can login and control devices either locally or remotely. The app can notify the user if something important happens.
When a Thingsquare-based system is installed, the system will automatically configure itself and invite users to use it. The automatic configuration takes 10 to 20 seconds and consists of the devices forming a wireless mesh network and obtaining authentication codes from the Thingsquare server cloud. Once this is complete, users may begin to use the system by discovering, identifying, and registering the devices for remote access.
Formation of the Wireless Mesh
The first thing that happens is that the devices automatically create a wireless mesh network between themselves. A mesh network is a network that builds connections between the nodes in the network, so that if one connection goes down, another connection is ready to take over.
The purpose of the mesh network is to provide a stable Internet connection for all the devices, even if the Internet connection point is out of reach for some of the devices. The mesh will automatically transport the data to the nearest Internet connection point.
It takes only a few seconds for the mesh to automatically form itself. When the mesh is more or less complete, the devices start to connect to the Internet. One of the devices has an Internet connection, through Ethernet or WiFi, and this device will forward data on behalf of all the others.
Obtaining Authentication Codes
Once the devices have formed their wireless mesh, they each connect to the Thingsquare cloud server to obtain unique authentication codes. Those codes are to be announced to smartphones in their vicinity.
Connecting to the cloud server and getting authentication codes takes a few seconds. The Thingsquare cloud is a collection of servers placed on several locations around the world. Different products use a different set of servers. Products that are deployed only in specific geographic regions may have only a few cloud servers enabled. The devices connect to the closest server they can find.
The connection to the Thingsquare cloud is secured by SSL (Secure Socket Layer – also known as Transport Layer Security, or TLS) encryption. This is the same security mechanism used by bank transactions and other sensitive data transport on the Internet. This is done to ensure that all data exchanged between the device and the cloud is kept secure.
The first time a device connects to the Thingsquare cloud, it receives a private identification key. The private identification key is stored inside the device and is never transmitted anywhere. It is used to uniquely identify the device in all subsequent communication.
Announcing Presence with Bluetooth Beacons or WiFi
When a device has received an authentication code from the Thingsquare servers, it will begin to announce its presence. The device does this by sending out the authentication code it received from the server. Depending on the device type, it will send out the authentication code using Bluetooth or WiFi. The choice depends on the product: some products wish to be discoverable only by users that are within a few meters of the device – those would use Bluetooth – others are to be known to anyone on the local WiFi.
Nearby smartphones detect the presence of a device by listening for announcements that contain a valid authentication code from the Thingsquare server.
When a smartphone app has detected a device, it contacts Thingsquare cloud to ask for information about the device. The app uses the authentication code it heard over Bluetooth or WiFi. Since the Thingsquare cloud knows to what device it handed out this particular authentication code, it knows exactly what device that this announcement identifier belongs to. The server also knows how much information it may reveal about the device.
Different products disclose different amounts of information about each device, and the Thingsquare cloud is configured to disclose information about the device, depending on what type of product the device belongs to. The decision is made by the product owner.
Because several devices may be in close proximity to each other, it may not be clear to the user what device the app shows. Lighting installations, for example, typically has multiple lights close to each other. The system therefore provides a mechanism for visually determining the identity of a device. In a lighting system, identification is normally done by blinking the light. A user can tap a button on the app to cause the corresponding light to blink, and the user can thereby know what light that was identified by the app.
If a user has discovered and identified a device, the user may register the device for remote control. This is again governed by how the product is configured. Some users may have the right to control a device from remote, such as service personnel, whereas others may only be allowed to control it locally.
Registering the device is done by contacting the Thingsquare server cloud. If the user has the right to register the device, the server cloud will make the connection between the user and the device. It is now possible to read and write data from and to the device remotely, through the server cloud.
When the System is Up and Running
Once the system has been set up, self-configured, and installed, the system can be used. Apps can read and write data from and to the devices. Devices can read and write data from and to the apps.
The system provides two ways to access the devices: local access and full access.
Smartphones that are on the same local area network as the mesh connection point can communicate with nodes in the mesh if they have received an authentication code. This communication is done by sending UDP packets from the smartphone onto the mesh and to the device that should be controlled.
All local access communication is protected with AES 128 encryption.
Local access does not provide all mechanisms that full access does and is primarily used as a fallback if the Internet connection is down so full access mode is unavailable.
Full access is the primary method by which a smartphone app and a device communicates. With full access, all data exchanged between the smartphone app and the device is handled through the cloud backend. Full access is possible both if the smartphone is on the same local area network as the device mesh and if they are away from each other.
With full access, all communication is protected with SSL/TLS encryption, all the way from the device to the cloud and from the cloud to the app.
Tying it Together
The Thingsquare system is designed to give the user a smooth and pleasant experience. In fact, the user shouldn't need to experience the Thingsquare system at all -- it just works in the background, providing secure connectivity to your product.