But according to 9to5Mac, there’s also a software certification for those without hardware certification:
"Software authentication & Self-certification
Also new for HomeKit in iOS is software authentication. This is a big deal for older accessories that are already shipping, allowing them to add support for the platform through software without the need for including a hardware authentication chip that Apple previously required."
This could apply to SmartThings, which doesn’t have a hardware chip. This is also different from the self-certification previously mentioned.
Yeah, this is a big deal. Apple is basically going the Amazon route of telling users that they are doing something that has potential security implications and leaving it at that.
How will the accessory that I create using this specification be different from a commercial HomeKit accessory?
An accessory that is created using this specification will not incorporate the Apple Authentication Coprocessor, will not be required to adhere to the Bluetooth core specification or obtain Wi-Fi Alliance certification, and will not complete HomeKit certification under the MFi Program. At a user level, differences will include the process for on-boarding an IP-based accessory to the network, and a warning dialog in iOS that the user must acknowledge before continuing.
.
Why does my accessory trigger a warning dialog on the iOS device?
Accessories that do not incorporate the Apple Authentication Coprocessor will trigger a warning dialog in iOS indicating that the accessory is not certified to work with HomeKit. The user can acknowledge the warning in iOS in order to continue using the accessory.
This is a fairly stunning admission that the fully walled garden cannot meet market demand for variety of devices.
No, that’s not the way it’s going to work. It’s not an open API. Instead, Apple is going to provide a way to use software to verify the accessory’s identity to HomeKit. But the device will have to be on the same LAN, it’s not IP addressable externally. It appears they’ve made the decision that being on the same Wi-Fi can count as a factor of authentication as long as the end user is being warned that it’s not a HomeKit-certified device.
I have a homebridge implementation already, and it keeps losing connection on my devices that I take out of the home (I have a home hub iPad too).
Hopefully this is also an opportunity for the Homebridge team to improve their software, but from a complexity standpoint, it would be better to reduce the number of points of failure
Not gonna happen. Not officially, at least. Because HAP would have to be implemented entirely in the hub firmware, which is not possible within constrains of SmartThings cloud-based architecture.
HAP specification explicitly requires that secret keys are generated on the accessory and must not leave the accessory when they are used. Keys must not be accessible in any way outside the device. This pretty much rules out cloud-based HAP implementation, e.g. in a smart app.
A few more details on the new software authentication. This will not be available until iOS 11 is released. And the pathway open for individual use is not the same way as the pathway open for commercial products. But, yeah, there may eventually be away for smartthings to integrate officially without requiring the hardware chip.
Officially? No chance. There’s no way SmartThings will ever get certified unless Apple removes the requirement of the local keys storage or SmartThings drastically changes their hub architecture. Either one is highly unlikely. ST hub does not even support Bonjour, which is a requirement for any HomeKit accessory.
I found this paragraph from the Verge article most interesting:
Apple is also making one other big change to simplify development: it’s no longer requiring that every HomeKit device contain a specific security chip. Instead, it’ll allow companies to authenticate their devices entirely using software. Smart home devices out on that market that don’t already support HomeKit will even be able to use this method to add HomeKit support after iOS 11 launches this fall.
That should make life easier for HomeKit device manufacturers in general. HomeKit is mostly unique among smart home systems by requiring all devices to contain a specific chip, complicating hardware development. By allowing manufacturers to do it all through software, HomeKit should now be much easier to implement alongside compatibility with services like Alexa, SmartThings, and Wink.
Apple has clarified that the software authentication method will not include any sort of licensing fees.