Under the hood

Looking inside the box we find a couple of interesting features. While designing and manufacturing the product we focused on simple user operation, distinct security and durability. Materials and production technologies used were selected to ensure long lifespan and reliability.

The basic working range of BLE is 30m. With the help of a standard UFL or RP-SMA antenna this range can be extended to 100m.

The heart of the device is an ARM Cortex microcontroller capable of delivering strict security requirements. Its memory is scaled to store several thousand users and ten thousand log items. In order to provide time-limit based keys the controller is powered by an uninterruptable power supply. It is controllable through WiFi and the Internet with an optional accessory which makes it outstanding in its category.

 

 

ulockme PCB

Security

Our product combines multilevel security solutions to best serve clients at home or in the office, thus making sure that only persons with proper authorization are able to use ulockme protected entrances.

Data stored on a device, wireless communication and all layers of software operation are protected by outstanding security solutions. We think different than most of the intelligent lock manufacturers and do not rely on built in BLE security. We do not use cloud based identification methods, instead we integrate every message into an ECDSA + ECDH + AES encrypted capsule. This method is widely used in many countries for encryption purposes in the banking sector or for personal identification (ID cards).

 

Why are we using this?

One can find numerous  articles on public and professional forums dealing with security issues of Bluetooth locks. The most common problem is that these devices use built in AES encryption for wireless communication, which is a standard method in BLE 4 technology.

It is a well-known issue that the applied key-exchange protocol is vulnerable to data theft tricks and it is fairly easy to open the encryption even on a simple computer.

Another common method is using cloud-based user recognition, which poses risks in many ways. In case of locks that perform user verification on every entry a momentary lack of internet connection could leave the person stranded outside the door. In some cases internet user verification relies on the last detected status of a person, so someone previously blocked may have the chance of entering by turning off internet access on his handheld device.

ECC encryption applied by us is also used on German biometric passports since 2005, and on German electronic ID cards since 2010. Austria started using ECC for digital signature identification in the banking and social security sectors (“e-card”). Similar to these methods we prefer using ECDSA digital signature and ECDH key-exchange protocols to maximize safety for our costumers.

Elliptic Curve Cryptography – ECC

The first element of our security procedure is identification that is prompted by the so-called Elliptic Curve Digital Signature Algorithm (ECDSA). This enables devices to safely identify each other. Each controller bears a unique signature that can easily be verified on first connection of the user.

The second safety measurement is a unique AES encryption key exchanged each time a connection is made. AES is complemented with Elliptic Curve Diffie Helman (ECDH), which is a safe public asymmetric key-exchange procedure.

 

 

Connecting and installation

There are two relays and two transistor switch outputs on our product. You are able to operate 4 different locks, switches, gates, lights, ventilators, etc. with it.