The security of PHONEKEY BLE Smart Lock

Cloud Service Security Abstraction

  1. Our cloud service center constructed in HiNet Internet Service Provider (Chunhwa Telecom), the server does have strong security.
  2. Except the hardware protection from internet service provider, our PHONEKEY has additional security mechanism.
  3. The users’ id and password have been encrypted.
  4. The share key downloaded from cloud server is a data which was encrypted by algorithm.
  5. If the hacker tries to download the cloud key and entering wrong password for couple times, the share key download process will suspended to avoid brute-force attack.
  6. The downloaded share key will re-process by mobile phone’s app, then the original downloaded data can not forward to others for reuse.

APP Security Abstraction

  1. The development of the app is following the security criterion.
  2. The normal operation does not need internet connection, which can avoid the unlock information expose under the internet. You can check this case.
  3. Only legitimate paired keys can open the lock, the other illegal method must not able to do unlock.
  4. The communication between App and the lock  is encrypted by AES algorithm and TRIVIUM cipher.
  5. The unlock key is random generated, it means each time the unlock key will be different.
  6. When we use our NFC mobile phone to read the RFID guarantee card to reset the password, the authentication code generated from RFID guarantee card is random generated, it means the re-setting authentication code can not be copied.