Bold’s multi-layered security approach.
Bold’s security model comprises three primary components: the Bold Smart Lock, the Cloud Platform, and the Bold App. Each component is designed with advanced protection measures to safeguard your data and ensure secure access to your Bold Smart Lock.
1. The Bold Smart Lock
Bold’s Smart Lock incorporates robust encryption and security to prevent tampering. The software within the lock is cryptographically signed, meaning it cannot be altered by third parties. Unique, unexposed keys stored within the lock’s memory ensure secure communication with the Bold Cloud Platform. The firmware is designed to avoid any unauthorized access to these keys, keeping them securely within the lock.
2. The Cloud Platform
The Bold Cloud Platform, hosted on Amazon Web Services (AWS) in Ireland (EU), complies with ISO 27001 and other relevant security standards. Only selected Bold employees have access, and the platform is safeguarded by multiple layers of security to protect your data.
Key security features include:
- Data Encryption: All data exchanged between the Bold platform and other components is encrypted using TLS and AES-CCM protocols, preventing interception or tampering during data transmission.
- Controlled Access: Strict access control policies ensure that updates and releases are managed through a multi-stage process involving several team members. This prevents any single individual from having full, unrestricted access.
- Secure Cryptographic Processing: Sensitive cryptographic operations, such as generating unique keys for each lock, are isolated within a secure enclave in the platform. This measure protects against timing and replay attacks by ensuring that all keys and cryptographic tasks are processed securely.
3. The Bold App
We recognise that smartphones can be vulnerable to various security risks. Therefore, the Bold App is designed to operate as a secure intermediary between the Cloud Platform and the Bold Smart Lock. Here’s how:
- Limited Permissions: The Bold App does not store critical security keys or user data locally on the phone. Instead, it serves as a secure pathway for communicating between your lock and the Bold Cloud Platform.
- Access Controls: When using the app to share access or modify settings, these commands are securely transmitted to the platform first. The platform then encrypts and relays them back to the app, which passes them on to the lock.
- App Design: The Bold App mitigates risks from device vulnerabilities, such as inadequate manufacturer updates or malicious third-party apps, by not relying on the security of the device itself.
Additional Data Protection
Bold prioritises data safety and continually assesses its security architecture. We utilise secure cryptographic protocols (TLS, AES-128-CCM) to encrypt all personal data, including any data transfers between the app, platform, and Bold Smart Lock. Additionally, all firmware updates are delivered over secure channels and undergo rigorous testing to meet Bold’s high-security standards.
Bold’s comprehensive security model offers you peace of mind, knowing that your digital and physical security is our priority. We’re committed to protecting both your home and personal data with industry-leading security measures at every level.