The IT Law Wiki


A home area network (HAN) is

[a] communication network within the home of a residential electricity customer that allows transfer of information between electronic devices, including, but not limited to, in-home displays, computers, energy management devices, direct load control devices, distributed energy resources, and smart meters. Home area networks can be wired or wireless.[1]

How it works[]

To create a home area network, devices must, at a minimum, scan for networks to join, request admission, and exchange device parameters. This initial process is called "commissioning" and allows devices to exchange a limited amount of information (including, but not limited to, network keys, device type, device ID, and initial path) and to receive public broadcast information. This process is initiated by the "installer" powering-on the device and following the manufacturer’s instruction. Once a HAN device has completed the commissioning process, it may go through an additional process called "registration."

The "registration process" is a further step involving "mutual authentication" and authorizing a commissioned HAN device to exchange secure information with other registered devices and with a smart energy industrial provider. Registration creates a trust relationship between the HAN device and the smart energy industrial provider and governs the rights granted to the HAN device. This process is more complex than commissioning and requires coordination between the installer and the service provider. In some jurisdictions, commissioning and registration are combined into one process called "provisioning."

The final process is "enrollment." This process is applicable only when the consumer wants to sign up their HAN device for a specific service provider program, such as a demand-response, PEV special rate, or a prepay program. In this process, the consumer selects a service provider program and grants the service provider certain rights to communicate with or control their HAN device. A HAN device must be commissioned and registered prior to initiating the enrollment process. This process requires coordination between the consumer and the service provider.

Each of these processes is discrete but may be combined by a service provider in order to provide a seamless consumer experience.

For most in-home applications, communication needs are modest. The amount of data being transferred at any one moment will likely consist only of the instantaneous electricity use of each device, measured in watts, and thus the bandwidth needs to accomplish this will likely fall between 10 and 100 kbps per node/device. Because in-home applications are primarily intended to inform consumers of their energy use, such applications are not likely to be considered “mission critical,” and the required level of reliability may fall into the 99-99.99% range, with the possible exception of demand response and distributed generation.

Privacy issues[]

At each step in this process, the consumer, utility, and third-party provider must ensure that data flows have been identified and classified, and that privacy issues are addressed throughout, from initial commissioning up through service-provider-delivered service. Since each step in the process, including commissioning, registration, and enrollment, may contain personal information, sufficient privacy protections should be in place to minimize the potential for a privacy breach.

Privacy issues that should be addressed related to the registration of these devices with third parties include:

  • Determining the types of information that is involved with these registration situations;
  • Controlling the connections which transmit the data to the third-party, such as wireless transmissions from home area networks; and
  • Determining how the registration information is used, where it is stored, and with whom it is shared.


  1., Glossary (full-text).