Skip to main content

Protection & Safety: Our Three-Layer Shield

At Hestia Labs, your safety isn't an "extra feature"—it's the foundation of everything we build. We use a three-layer shield to keep your home or office secure from intruders.

Layer 1: Identity & Permission

Before any command is even looked at, we check who sent it.

  • Bank-Grade Keys: We use advanced digital keys (JWTs) to prove your identity.
  • The "Smart Shield" (Safety Gateway): Even if you have a valid key, this shield checks if you are allowed to perform that specific action on that specific device.

Layer 2: The Digital Wax Seal

We use a Secret Signature (HMAC-SHA256) on every message.

  • Every device has its own unique "secret handshake" with our cloud.
  • When we send a command, we mix the command details with this secret to create a unique signature.
  • If an intruder tries to change "Turn On" to "Unlock Door," the signature won't match anymore, and the device will ignore it.

Layer 3: Anti-Replay & Quarantine

Even if an intruder copies a valid command and tries to send it again later, we have protections:

  • Never Twice (Nonces): Every command has a "use once" token. Once used, it's discarded forever.
  • Keeping Count (Sequences): Commands must arrive in the correct order. If an old command arrives out of nowhere, it's rejected.
  • The Isolation Ward (Quarantine): If a device starts acting strangely (sending too many messages or failing security checks), our system automatically puts it in "Quarantine." It stays disconnected until a human can check it.

Emergency Mode: Fail-Safe

If our central security system ever has trouble connecting to its database, it defaults to Maximum Safety.

  • In "Strict Mode," the system will stop all commands rather than risk letting an unverified one through.
  • It’s like a bank vault that locks shut if the power goes out.

Why You Can Sleep Easy

  • We Don't Store Your Password: We use secure tokens that can be revoked at any time.
  • Your Data is Yours: Our "Multi-Tenant" design ensures your home's digital "room" is completely walled off from everyone else.
  • Regular Checkups: We constantly run automated "Safety Investigations" to find and fix potential issues before they can be exploited.