How Aqara Keeps Your Matter Devices Safe
How Aqara Keeps Your Matter Devices Safe
1. Independent and Trusted Root Certificate Authority (PAA)
Aqara is one of only 13 globally recognized Non-VID-Scoped Product Attestation Authorities (PAAs) officially authorized by the Connectivity Standards Alliance (CSA). In 2023, Aqara successfully passed CSA’s stringent security audit on PKI certificate policies.
As a core participant in the Matter security architecture, Aqara maintains a full certificate issuance chain — from the Root Certificate (PAA) and Intermediate Certificate (PAI) to the Device Attestation Certificate (DAC) — and is authorized to issue Matter-compliant certificates for both Aqara and third-party devices. All certificate operations are executed within a hardware security module (HSM) that has passed external audit, ensuring private keys are stored and used exclusively within the local, tamper-resistant hardware — never exported, never copied, and never remotely accessible — thereby guaranteeing the integrity and auditability of the identity infrastructure at its core.
Additionally, Aqara has deployed a Distributed Compliance Ledger (DCL) server to securely store and synchronize certification declarations (CDs) and certificate chain data for both Aqara and third-party vendors. This infrastructure enables robust compliance verification and traceable device identity within the Matter ecosystem.
2. Unique Device Identity with Built-in DAC Certificates
Each Aqara Matter device is provisioned at the factory with a unique Device Attestation Certificate (DAC) issued and signed by Aqara. This certificate is a prerequisite for the device to join any Matter network.
– The DAC private key is generated in a controlled environment and securely written into the device.
– It is stored exclusively within a tamper-resistant Secure Element (SE), offering physical protections such as anti-extraction and anti-cloning, with no export capability.
– During onboarding, the device is authenticated via its DAC and associated signature chain, ensuring authenticity and traceable origin.
– All Aqara Matter products have been functionally and security tested by CSA-authorized laboratories (e.g., UL Solutions, TÜV Rheinland), and are officially Matter-certified.
3. End-to-End Encrypted Communication
Matter natively supports end-to-end encrypted communication based on public-key cryptography. All Aqara Matter devices strictly follow these security principles:
– Use of industry-standard, proven cryptographic algorithms (e.g., Curve25519, AES-CCM).
– Mandatory mutual authentication before any device-to-device communication occurs, effectively blocking unauthorized devices.
– Even in local, offline environments, all communication is encrypted using Matter security protocols to safeguard home network privacy and data integrity.
4. Hardware-Software Synergy for a Trusted Security Loop
Aqara tightly integrates identity authentication and data protection mechanisms across its hardware, firmware, gateway, app, and cloud layers to form a secure, end-to-end ecosystem:
– Aqara hubs support offline operation and local automation, enabling device coordination without relying on the internet or third-party platforms.
– All automation, data synchronization, and control logic are executed within Aqara’s own ecosystem, ensuring security boundaries are clearly defined and fully under control.
– User control remains local and independent from external platforms.
Aqara’s cloud services have obtained multiple global security and compliance certifications, including:
– ISO/IEC 27001 (Information Security Management System),
– SOC 2 Type II (based on AWS cloud architecture).
These certifications cover areas such as data protection, access control, audit trail, and infrastructure resilience, affirming Aqara’s cloud capabilities in safeguarding user data and device connectivity.
5. Global Compliance and Data Privacy Commitment
Aqara is committed to full compliance with global data privacy and cybersecurity regulations. This includes the Personal Information Protection Law (PIPL) and Data Security Law in China, the General Data Protection Regulation (GDPR) in the European Union, and the California Consumer Privacy Act (CCPA) in the United States.
Compliance principles are embedded into Aqara’s corporate governance and technical architecture from the start. Every product and service is designed according to “Privacy by Design” and “Security by Default” principles, ensuring strong protection throughout the entire product lifecycle.
6. Open and Trusted: Building a Global Matter Ecosystem
As an active contributor to the CSA and the development of the Matter standard, Aqara works alongside more than 500 global companies to drive interoperable, secure smart home technologies.
– Aqara devices are built on the secure, transparent, and open-source Matter protocol stack.
– They are compatible with leading platforms including Apple, Google, Amazon, and Samsung — ensuring secure, consistent interoperability.
– Matter’s open PKI architecture and encryption standards eliminate platform lock-in and data silos, giving users freedom of choice and control over their devices.
Aqara fully embraces Matter’s principles while reinforcing them with its own secure, verifiable, and compliant infrastructure. No matter where you are in the world, Aqara ensures device authenticity, secure communications, and data privacy — providing a reliable foundation of trust for both users and ecosystem partners.
