Apple-Supported Aliro 1.0 Smart Lock Standard Officially Released

[MacRumors]

The Connectivity Standards Alliance, which includes Apple, today released the Aliro 1.0 specification. Aliro is a new standard aimed at improving the way that smart door locks work with smartphones and wearables.

Aliro supports interoperability between mobile devices, wearables, and access control readers, so smart locks can work with any smartphone or wearable device without the need for a dedicated app. It is aimed at improving smart locks for the home, but also for corporate offices, universities, and hotels.

Apple, Google, and Samsung support Aliro, and Aliro-enabled locks will be able to be added to wallet apps on iPhone and Android devices. Major smart home companies that produce smart locks have also signed on to support Aliro. The Alliance says that Apple, Allegion, Aqara, Google, HID, Kastle, Kwikset, Last Lock, Nordic Semiconductor, Nuki Home Solutions, NXP Semiconductors, Qorvo, Samsung, and STMicroelectronics will be among the first to achieve Aliro 1.0 certification.

With Aliro, more smart locks should support Apple Home Key for hands-free unlocking with NFC and UWB.

The Aliro 1.0 specification includes a framework for using asymmetric cryptography for secure interactions between user devices and readers, without sacrificing user privacy. It supports multiple communication methods, including NFC, Bluetooth LE, and ultra wideband (UWB).

Aliro will be updated over time to meet new market and ecosystem requirements. Features like secure key sharing will come in the future.

Article Link: Apple-Supported Aliro 1.0 Smart Lock Standard Officially Released

 

[Mac Fly (film)]

Next, one brand for proximity-based sharing—consolidating platform-specific solutions like AirDrop and Quick Share into a universal standard. A unified in-person cross-platform sharing experience requiring as few taps as possible, dynamically prioritizing a tap-to-share list on both devices for on-screen awareness and sending cash.

 

[kotaKat]

Which standards does my lock need again? Wi-Fi? Zigbee? Matter? Z-Wave? Thread? NFC? UWB? BT LE? BBQ? BBBQ? (The extra B stands for BYOBB.)

 

[turbineseaplane]

Best wishes to all who install this stuff.

Given the mish mash of support on all my other smart stuff over the years, I'm not at all interested in anything like this due to support concerns over the long term.

 

[Jamie0003]

Umm…why isn’t this part of matter? You know, the smart home standard that everything else already supports?

 

[Mac Fly (film)]

$20 to $50. Push buttons. We have ours ten years on our door. The standard it uses it called physics.

 

[Hammerd]

$20 to $50. Push buttons. We have ours ten years on our door. The standard it uses it called physics.

View attachment 2608220

heaven forbid that’s hideous

 

[Keymaster]

Umm…why isn’t this part of matter? You know, the smart home standard that everything else already supports?

Matter is more of a transport standard, not an interface for control of items. Think of it as a parallel wifi network (that's how I do anyways) that connects them together. This is about having a uniform control system that's easier for everyone to implement, so that all the locks can be controlled from any phone app that implements the standard. It's very useful, especially for Apple as several locks don't support HomeKit right now but have their own setup...we'd get access to all of those locks in the Home app (where right now they may use their own app or maybe even not have one for the iPhone).

We just started adding electronic locks to our home, and it's a bit iffy finding ones that work well and take advantage of what HomeKit can supply. I didn't get ones that allow the door to unlock just by walking up to it, those were just coming out, but we can tap on the locks to unlock which is pretty nice. There are a couple I think I may have gone for but they didn't support HomeKit at all so they weren't an option...in the future Aliro should make that go away for companies that join it (which doesn't include Schlage or Yale so far, they don't support HomeKit well either).

 

[CarAnalogy]

Which standards does my lock need again? Wi-Fi? Zigbee? Matter? Z-Wave? Thread? NFC? UWB? BT LE? BBQ? BBBQ? (The extra B stands for BYOBB.)

View attachment 2608218

Xkcd reference and a Simpsons reference in one post. Nicely done.

 

[longofest]

Umm…why isn’t this part of matter? You know, the smart home standard that everything else already supports?

Because this is a completely different use case than what matter sets out to do. Matter is focused nearly completely on the smart home and enabling the connectivity of all of those devices to a smart home manager or automation platform, such as homekit, smart things, etc.

Aliro is the connection between mobile wallets and smart locks, and while it does cover the home market that matter serves, it also covers a lot of other markets beyond what matter does including multifamily, commercial real estate, enterprise and institutional uses, etc.

The problem Aliro solves is that lock or reader manufacturers were using either MiFare DesFire, HID Seos, or LEGIC. All of those have something in common: they solely use symmetric cryptography to secure them. In practice that meant if I provisioned a wallet pass for one manufacturer, it would only work with that vendors locks because vendors do not share their secret keys with each other. If I have both HID and Schlage on my property, I have to have people get two wallet passes to open the various doors, which is stupid.

Aliro lets you have one pass and open all the locks and readers you are authorized for with that one wallet credential as long as the vendor supports the aliro standard because it uses asymmetric cryptography to perform key exchanges.

Aliro standardized the wallet to lock/reader interface for pretty much any market you can imagine that has those devices. Matter standardizes the home smart lock to home automation platform.

Hope that helps.

Reference: I am a member of the CSA and have contributed to Aliro.

 

[longofest]

Matter is more of a transport standard, not an interface for control of items. Think of it as a parallel wifi network (that's how I do anyways) that connects them together. This is about having a uniform control system that's easier for everyone to implement, so that all the locks can be controlled from any phone app that implements the standard. It's very useful, especially for Apple as several locks don't support HomeKit right now but have their own setup...we'd get access to all of those locks in the Home app (where right now they may use their own app or maybe even not have one for the iPhone).

We just started adding electronic locks to our home, and it's a bit iffy finding ones that work well and take advantage of what HomeKit can supply. I didn't get ones that allow the door to unlock just by walking up to it, those were just coming out, but we can tap on the locks to unlock which is pretty nice. There are a couple I think I may have gone for but they didn't support HomeKit at all so they weren't an option...in the future Aliro should make that go away for companies that join it (which doesn't include Schlage or Yale so far, they don't support HomeKit well either).

Schlage and Yale are brands of Allegion and Assa Abloy respectively, and both part of the CSA and have been active participants in Aliro development.

 

[ignatius345]

Maybe I’m not checking into the right tier or chain of hotels, but I’d love to get a room key on my phone instead of those janky cards I always have to keep track of.

 

[ignatius345]

heaven forbid that’s hideous

And yet it works. Used one of these at a resort condo a while back. It was great and friction-free. No “I left my phone at the pool so I couldn’t get in” horse****, no kids “needing” a phone to get into the place. Remember a short sequence of digits and you’re good. Sorry it doesn’t meet your aesthetic standards 🤣

 

[noodledog]

Maybe I’m not checking into the right tier or chain of hotels, but I’d love to get a room key on my phone instead of those janky cards I always have to keep track of.

Perhaps not. I’ve been using phone-based soft keys at Hilton (family, including bottom tier Hampton) for many years. 5 maybe? More? I can’t remember it’s been so long.

 

[theinstructor]

LOL wait, another “standard” you say?

 

[theinstructor]

Best wishes to all who install this stuff.

Given the mish mash of support on all my other smart stuff over the years, I'm not at all interested in anything like this due to support concerns over the long term.

Yale locks aka Nest, stopped supporting one of my $200 “smart locks” a few years ago. How smart of me to fall for that.

 

[svish]

Good to know about this. Think new smart locks supporting this standard should definitely launch latest by next CES.

 

[macintologist]

I just prefer using Apple home key. The Schlage encode plus is brilliant

 

[jonnysods]

$20 to $50. Push buttons. We have ours ten years on our door. The standard it uses it called physics.

View attachment 2608220

Does it need firmware updates or will the vendor drop software support in a few years?

 

[Mac Fly (film)]

Does it need firmware updates or will the vendor drop software support in a few years?

Still runs handOS version 1.0
In my case right-handOS 😂

 

[Mac Fly (film)]

heaven forbid that’s hideous

Somehow, we survive.

And when I say it's there ten years, I actually mean about 15. Still running no-softwareOS.

 

[longofest]

I just prefer using Apple home key. The Schlage encode plus is brilliant

Hat tip... Aliro is more or less an extension of home key to the rest of the market. Aliro has some enhancements, but if you have used home key, you more or less have been using Aliro.

Good to know about this. Think new smart locks supporting this standard should definitely launch latest by next CES.

A number of smart locks already dropped during this year's CES, with some of them offering the UWB functionality so that its a completely hands-free experience.

Yale locks aka Nest, stopped supporting one of my $200 “smart locks” a few years ago. How smart of me to fall for that.

One of the facts of life of connected devices is that, in order to maintain security, they will eventually need to be dropped from the connectivity support.

Right now, Aliro uses best in class Elliptic Curve (ECC) algorithms which have the kind of hardware acceleration for embedded devices that allow it to be used for these use cases. Within ~10 years or so, Quantum supremacy will occur and the ECC in use will be vulnerable. At first the quantum computers are only going to be accessible to nation states and those with vast quantities of money, so individual doors really aren't much of an issue unless you are a government - but within another 5-10 years it will be a concern. That's why groups like the CSA are already looking into how to become quantum-safe in the future. Quantum safety can't be delivered now because the asymmetric algorithms are just being settled on and embedded hardware support is a ways off. But in a 10-15 years, yes, the connected locks you get today will likely need to be removed from support.

If you get a connected lock with a keypad that can be programmed locally with the keypad, then the keypad will continue to work. But connected stuff will eventually need to be turned off because in a connected world, the secure things of today may not remain secure for forever.

 

[ignatius345]

Perhaps not. I’ve been using phone-based soft keys at Hilton (family, including bottom tier Hampton) for many years. 5 maybe? More? I can’t remember it’s been so long.

I stayed at a Hilton (a pretty nice one) just a couple months ago and sadly no phone key. Ah well. I guess it varies by location.

 

[Jamie0003]

Because this is a completely different use case than what matter sets out to do. Matter is focused nearly completely on the smart home and enabling the connectivity of all of those devices to a smart home manager or automation platform, such as homekit, smart things, etc.

Aliro is the connection between mobile wallets and smart locks, and while it does cover the home market that matter serves, it also covers a lot of other markets beyond what matter does including multifamily, commercial real estate, enterprise and institutional uses, etc.

The problem Aliro solves is that lock or reader manufacturers were using either MiFare DesFire, HID Seos, or LEGIC. All of those have something in common: they solely use symmetric cryptography to secure them. In practice that meant if I provisioned a wallet pass for one manufacturer, it would only work with that vendors locks because vendors do not share their secret keys with each other. If I have both HID and Schlage on my property, I have to have people get two wallet passes to open the various doors, which is stupid.

Aliro lets you have one pass and open all the locks and readers you are authorized for with that one wallet credential as long as the vendor supports the aliro standard because it uses asymmetric cryptography to perform key exchanges.

Aliro standardized the wallet to lock/reader interface for pretty much any market you can imagine that has those devices. Matter standardizes the home smart lock to home automation platform.

Hope that helps.

Reference: I am a member of the CSA and have contributed to Aliro.

So to clarify, Aliro can work under matter?

 

[ErikOnTech]

Still wouldn't use it.

No matter how good the standard is, implementations from IoT companies are going to be Swiss cheese nightmares with more security holes than working functions.

Once people figure this out, you might as well replace your lock with a sign that politely asks intruders to knock first before entering (they won't).

Strong, standardized reference implementations (for at least the communication layers) are the most valuable thing that a company like Apple or Google could provide.

EDIT: chip vendors like ST Micro, Nordic, and Qorvo have created reference implementations, but I have strong doubts about the quality.