Smart devices can control and monitor your home, so they have to be secure. But they're often not and we've all heard stories of hackers hijacking smart systems and cameras. That's why technology such as Secure Vault makes Z-Wave the better choice for a secure smart home.

Secure Vault

Secure Vault: what you need to know

Engineered to protect connected devices, Secure Vault is a suite of state-of-the-art security features designed to keep your smart home secure. Able to be integrated directly into Z-Wave 800 series, along with other IoT-focusssed communication protocols, Smart Bault helps guard against remote software hacks and local hardware hacks.

Works alongside S2

Z-Wave's leading security standard, Security 2 (S2), works side-by-side with Secure Vault meaning that 800 series Z-Wave devices have up to 14 separate security technologies built right in.

Independently certified

Don't just take our word for it - Secure Vault is independently certified by third-party labs to the highest level, level 3, of the Platform Security Architecture (PSA).

Secure key management

The security keys used by devices are generated on-boot in Secure Vault. They're also stored in a secure envlace preventing hackers from accessing them or using them for hacks.

Firmware protection

It's common for hackers to roll-back firmware to older versions in order to exploit security vulnerabilities. Secure Vault can prevent this, enforcing firmware upgrades on devices but never downgrades.


800 series Z-Wave devices feature anti-tamper technology in chip, preventing physical attempts at attacking a system including voltage glitching, magnetic interference and forced temperature adjustment.

Secure debugs

Debug ports are useful for developing and supporting devices. On 800 series Z-Wave devices, Secure Vault protects the debug port from third-party access by securing it with a unique unlock token.

No man in the middle

Hacks often happen by infiltrating communication between devices and their hub. Secure Vault limits that possibility by encrypting communication keys using the Diffie-Hellman algorithm and generating new keys on a per session, per device basis.

No malicious boot

To prevent boot loading code injections, Secure Vault enhanced products feature Secure Boot with a dual core architecture allowing the loading of application code only once it has been verified and secured.

True random numbers

Random numbers are the basis of crytographic security yet seldom are they truly random. With Secure Vault they are with each generated as high entropy data that meets NIST SP 800-90A/B/C and AIS-31 standards.

DPA countermeasures

Differential power analysis (DPA) allows the use of power monitoring hardware to overcome security measures. Secure Vault prevents this by utilising randomised, timed computations and randomised data masking.