I had been considering this project for a while: the ability to send a link to someone they can use on their smartphone to open our front door. Useful for deliveries or when friends or family come over while you are not home. For example I recently had a friend come and stay while we were away for the weekend, however getting a key to him was going to be a challenge as he lived interstate. In the end I left a key in the mailbox which is a terribly inelegant solution and not especially secure.
So I have now developed a script that allows me to send an SMS with a web link that when clicked unlocks the front door for a couple of seconds.
Obviously when designing this I had to think carefully about how it would be secured. I wanted to ensure it was well protected enough that the effort required to hack it was much greater than the effort required to just break in.
The solution builds on my existing x10 home automation which already has the ability to open the door via a set of controls on iPhone, which is already secured such that it can only be accessed while on the local wifi network or via a pin code to access the mobile web page. It works so well we now typically use our iPhones to open the door when we get home almost never bothering to fish out our keys.
When the destination mobile number is entered in the control page the php script sends an SMS (using directsms.com.au API) with a link. The link includes a randomly generated alphanumeric key which has already been stored on the database, along with the timestamp of when it was originally sent and when it was then used. The link has to be used within one hour or it will not work. After the first use it will continue to work to open the door for two minutes, after which it will no longer work.
I’ve also implemented IP tracking to capture who has used the link but also to check for maliscious use (ie brute force attempts to guess the key), blocking access in the case of supicious behaviour.