Remote Connect Authentication

Tablo doesn’t necessarily have to use a userid\password mechanism for authenticating remote connect\pairing. Google is experimenting with an alternate method that does not require passwords:

Google confirmed this morning it’s now testing a new way to sign into your Google account without having to type in a password. Instead, those who have been invited to try this new method of logging in authenticate by responding to a notification sent to their smartphone. The idea is similar to Yahoo’s recently launched “Account Key,” which also offers a password-free means of signing in involving a push notification sent to your phone that then opens an app where you approve the log-in. Passwords are often the weakest parts when it comes to securing users’ accounts.

yes… this is a different kind of pairing technique in that the device get a message, produces a code and you enter the code into a webpage to authorize access… it’s a pretty nice way of doing things since it can be done remotely (probably).

It can also be done without code authentication:

“You only have to enter your email address when you’re signing into your Google account. Afterward, a notification will appear on your phone asking you if you’re trying to sign in from another device. Approve the login by tapping ‘yes’ and you’re in.”

The cellphone becomes the “intermediate” authenticating device. Which means the initial pairing can be between Tablo, player device and cellphone. Since the cellphone is the mobile device (traveling with a user) it can act as the location independant intermediary between two static (location dependant) devices (Tablo & player).

1 Like

Good for pairing the phone… the code method allows any device… otherwise you have this weird cellphone to device pairing which isn’t going to work for all devices.

Authentication has to do with how some thing and/or person obtains access to an object (device). Just what level of security authentication is need to ensure no malicious access of the tablo server. And actually since the tablo server is connect to the LAN just what prevents the tablo server from malicious access of other objects on the LAN.

The original post is not about access to the Tablo but about authenticating the relationship between a remote object (media player at location X) and the Tablo at location Y when both are at different locations and need to be re-paired without using a password. Google’s approach and technique is described above.

In security models and theory, both objects and relationships between objects can be authenticated. Remote connection and re-pairing objects is about object relationships transcending static locations.

1 Like

It’s call authentication because there in lies a trusted relationship between two or more objects. Thus if the type of authentication is weak even a script kiddie can gain access.