Understanding BlueID’s security: why are we able to promise the utmost security

18. June 2021

When it comes to smart products, much is promised regarding security. As a customer, you have probably come across some terms and impact sentences and wondered “what does that even mean?”. Or better yet, you have wondered “what does that actually mean for me?”. That should not be the case with our smart locks: in our mission to simplify the whole process of choosing and implementing mobile access control for professional buildings, we have come up with main facts about BlueID’s security to help you understand why we are able to promise – and deliver – the utmost hardware and software security for you and your users.

We offer smart locks for professional buildings. So in order to fully explain our security standards, we will divide the term “smart locks” into two parts: software (“smart”) and hardware (“locks”).

Software Security: the “smart” side

Since the beginning of BlueID, we have been trusted by companies with the highest security standards such as Audi and Volkswagen. The reason is simple: we have built a secure system from scratch on, based on different pillars.

BlueID Trusted Service: it is the core part of BlueID, where the keys are created and sent to mobile devices.
Public Key Infrastructure: commonly known as PKI, this is the security framework we use to encrypt the information sent from and to the BlueID Trusted Service.
Cloud: where the BlueID Trusted Service is hosted. We have officially migrated to AWS, the largest cloud provider in the world, in 2018. Read more about it here.

We have been in the market for longer than a decade and we have not had a single security breach. One example of the robustness of our BlueID System, was a Bluetooth security breach couple years ago, which we talked about in this blog post. While much of our competition was exposed and had to rethink and change their processes, we at BlueID remained firm in our security expertise. As we do not rely on the certificates of the technologies we use (BLE and NFC), but rather add our own extra “BlueID security layer”, we knew the breach would have no impact on our users.

For an even deeper explanation of our BlueID System, feel free to visit our Documentation.

Hardware Security: the “locks” side

One of our biggest advantages is the variety of locks we offer, which cover all installation scenarios of a professional building. To provide locks that match the robustness of our software, all our partners have been chosen carefully.

In our Hardware Catalogue you can find all our lock partners, their history, and the hardware in which we have integrated BlueID. From cylinders with all safety-relevant components such as gears and motor protected in the cylinder core, to safety relay modules that can be additionally connected to wall readers but installed in separated secure areas, BlueID-enabled locks are solid and offer the physical safety you need to keep your office secure.

In the words of our CEO, Philipp P. Spangenberg:

Security matters for us. Therefore, we based our BlueID System on Certificates and on a PKI (Public-Private-Key-Infrastructure). This terms might not mean a lot to everyone, so to put it into perspective: you might have heard about “certificates” when you do online banking or visit secured websites; Basically, the security of these sensitive pages are based on the same fundamentals as our BlueID Security.
And to make sure that not only our architecture is secure, but also our implementation, we validate the whole process. We perform and pass security audits regularly, such as the penetration test and audit of the VDE. These audits are done by external specialists, who live and breath security, and know common security leaks and the latest flaws by heart.

To sum up BlueID’s security

BlueID’s smart locks promise and deliver the utmost security and safety for you and your users by:

using PKI and Certificates in the software side, and
using the best-in-class lock providers, with Made in Germany quality in the hardware side.

To concretize our comprise with security, we are also part of the the Sicherheitsnetzwerk München, a group of companies and reserach institutions in the greater Munich area, with the aim to “increase awareness and competence on the subject of IT security, to promote the protection of companies and the public from cyber risks and to make a concrete contribution to promoting innovation and excellence in the field of IT security”.