Why choose a product with a BSI Kitemark for Smart Residential Locking Devices? 

In a world where digital and physical security meet together, having both these aspects of a security product tested and certified in alignment with relevant industry testing standards is important, especially when protecting your home with your belongings and loved ones. 

The BSI Kitemark for Smart Residential Locking Devices is a mark of trust that assures the quality and security of the locking device. To achieve the BSI Kitemark for Smart Residential Locking Devices, the smart lock, and its user apps must pass all the tests required by BSI certification scheme, not just once but on a continual basis. We also check the manufacture of the devices to assure they are being made consistently, correctly, and to the expected level of quality. 

By choosing a product bearing the BSI Kitemark for Smart Residential Locking Devices, you can rest assured that it has been rigorously tested according to best practices for physical and digital security, setting it apart from the rest. 

This scheme has been developed in collaboration with Secured by Design (SBD)

Secured by Design (SBD) is the official police security initiative that improves the security of buildings and their immediate surroundings to provide safe places to live, work, shop, and visit. 

In 2022, SBD introduced the ‘Secure Connected Device (SCD)’ accreditation scheme in line with government legislation for companies providing Internet of Things (IoT)- connected products. Without the appropriate levels of security, any internet-connected device or app risks providing cyber criminals with the ‘key’ to accessing and stealing personal data. 

BSI is an IoT certification body for the Secure Connected Device program. 

The typical standards the device is tested against include: 

Please note that this is not a comprehensive overview of all the standard and testing requirements. It is intended to highlight key features of the standards, testing, and certification process. 

Cylinders – TS 007 – 2 - Enhanced Security Mechatronic Cylinders and Associated Hardware 

Physical Attack Resistance 

  • Drilling: Must resist drilling with standard and specialized drill bits. Include hardened steel pins or plates.  
  • Picking: Withstand picking with common locksmith tools for defined periods of time. 
  • Bumping: Resist cylinder bumping attempts with anti-bump mechanisms and defined bump key configurations. 
  • Snapping: Endure snapping with a torque of 30 Nm, using break-away sections or reinforced bars. 

Operational Reliability 

  • Cycle Testing: Operate correctly for 100,000 cycles without failure. 
  • Temperature Testing: Function within -20°C to +60°C without performance loss. 
  • Humidity Resistance: Maintain functionality in 95% relative humidity. 

Electronic Security 

  • Encryption: Use best-practice encryption for all communications and data. 
  • Tamper Resistance: Encase electronic components in tamper-evident and tamper-resistant housings. 
  • Access Control: Implement multi-factor authentication and securely store access credentials. 

 

TS 621 - Electronic Door Locking Devices 

Resistance to Electronic Attacks 

  • Penetration Testing: Regularly test against brute force, replay attacks, and unauthorized remote access. 
  • EM Attack Resistance: Include shielding to protect against EMI. 

Mechanical Durability 

  • Load Testing: Withstand a 200 kgf force in various directions. 
  • Environmental Testing: Maintain performance when exposed to dust, water (IP55 or higher), and other environmental factors. 

Power Supply and Battery Life 

  • Battery Testing: Operate for at least 6 months on battery power under normal usage. Include battery life indicators and low-power alerts. 
  • Power Failure Protocols: Maintain security during power failures with backup power options. 

 

Cybersecurity (Residential) 

ETSI EN 303 645 V2.1.1/ ETSI TS 103 701 V1.1.1

Data Protection 

  • Assuring that only the minimal required data is captured and that the users are informed of it. 
  • Enforcing encryption and /or electronic protection for all data stored locally and in transit. 

Vulnerability Management  

  • Regular Updates: Incorporate the means for delivering updates in a timely fashion and clearly inform the users of their availability.  
  • Vulnerability Reporting: Implement a process for vulnerability disclosure and response.  

Secure Communications  

  • Enforce secure encryption.
  • Authentication: Implement robust and secure authentication mechanisms.

Software and Firmware Updates  

  • Secure Update Mechanism: Assure that the software updates' authenticity, integrity, and confidentiality are controlled.
  • Update Policy: Provide and maintain a clear update policy, enabling full transparency for the users. 

 

OWASP ASVS/MASVS Application Standards - Main Areas

ASVS Security Testing Categories (14 Areas)

  • Architecture
  • Authentication
  • Session Management
  • Access Control
  • Input Validation
  • Stored Cryptography 
  • Error Handling and Logging 
  • Data Protection
  • Communication Security
  • Malicious Code
  • Business Logic
  • Files and Resources
  • Web Service
  • Configuration

MASVS security testing categories (8 areas)

  • MASVS-STORAGE: Secure storage of sensitive data on a device (data-at-rest)
  • MASVS-CRYPTO: Cryptographic functionality used to protect sensitive data
  • MASVS-AUTH: Authentication and authorization mechanisms used by the mobile app
  • MASVS-NETWORK: Secure network communication between the mobile app and remote endpoints (data-in-transit)
  • MASVS-PLATFORM: Secure interaction with the underlying mobile platform and other installed apps
  • MASVS-CODE: Security best practices for data processing and keeping the app up to date
  • MASVS-RESILIENCE: Resilience to reverse engineering and tampering attempts
  • MASVS-PRIVACY: Privacy controls to protect user privacy

Authentication and Authorisation

  • Multifactor / Out of Band Authentication supported and enforced.
  • Access Controls: Enable role-based access controls and enforce the principle of least privilege

Data Security

  • Encryption: Enforce robust encryption on the data at rest and in transit.
  • Data Integrity and authenticity: Enforce controls to verify the integrity and authenticity of the transmitted data.

Cryptographic Controls

  • Robust Algorithms: support only proven and robust Encryption algorithms.
  • Key Management: Follow industrial-adopted best practices for Key management during their full lifecycle.

Secure Logs 

  • Event logging: Log all security-related events on a dedicated secure logging mechanism with anti-tampering controls.

What does the BSI Kitemark for Smart Residential Locking Devices mean? 

The BSI kitemark for smart locking devices is designed to help easily identify devices that can be trusted to be safe, secure, and functional.

It supports a business's journey in a digital world and provides homeowners with confidence in IoT-connected devices. BSI has developed Kitemark certification for smart residential locking devices through a robust testing and certification process, saving cost and time for certifying all types of locking devices, mechatronic door locking furniture, and enhanced security cylinders.

The BSI Kitemark proves that a product has been tested for functionality and security. It is not a one-time activity, and continued assurance is provided through annual assessments of the product and the relevant quality management systems for ongoing production. Robust and internationally recognized, the BSI Kitemark can help enhance a manufacturer’s reputation and boost customer confidence. 

Explore the certification here >