Security Design iBaby Monitors

Security Design iBaby Monitors

How iBaby Keeps you and Your Family Safe

iBaby‘s top endeavor is to make the best baby video monitor in the world. And with smart features and highest security technology available, iBaby has become one of the top leading competitors in the industry.

All iBaby monitors fully support internet remote access where parents can view and talk to their baby or family members from anywhere in the world. As a smart digital product, having top security solutions is an essential requirement, so iBaby has designed the security model as follows.

The first step of security begins with access between the customer and their iBaby monitor. This includes the App, Monitor, Amazon AWS Cloud Service and P2P Server. This step of security begins by the owner using an authorized username and password. In return, to keep the level of security, the customer must keep their username and password secure and not share it with others.

The internal communication of iBaby Products include the iBaby Care App, the monitor, Amazon AWSl, cloud service and a P2P Server. This means the internal communication begins encryption by following the different technology shown in the image below.

Designed to function with an in-home Wi-Fi, your iBaby can become at risk of hackers or viruses without the appropriate encryption or the inappropriate sharing of your password.

Customer Interact with App

When first setting up your iBaby monitor, you must download the iBaby Care App from the Apple App Store or Google Play Store. Once downloaded, users must create a username and password to log in (you will use the username and password in the future to log in and use the App). After creating the account, you can install the monitor following the on-screen instructions. Once the installation step is complete, the monitor will identify you as the account owner with full control. This control gives the owner the ability to give family members access to view or manipulate the monitor. It also allows you to revoke all access. Because of this, the user has to understand the risk associated with sharing the monitor with relatives or friends.

App talk to Cloud Services

The App and the Cloud exchange two types of data. One is the user profile data (includes username, password, monitor information, monitor alert files information, music list etc.). The other is user data (includes video and audio files recorded by sound and motion alerts from the monitor, and music files).

For profile data exchange, iBaby Cloud uses Web APIs provided by HTTP. This means that all data requests and responses become encrypted with an iBaby private password and a token by AES. Tokens are different for each requestor and initiates destruction after the API request is completed. This means that only the requestor knows their token, and no one else can decrypt the data content.

For user data file exchange, iBaby Cloud provides Amazon S3 to store file requests. iBaby Cloud encrypts the path at random and responds to the App via iBaby Web API request. All data file request go through HTTPS, meaning others will not be able to see the real path of the files and will not be able to capture the file content.

How iBaby Monitors talk to the Cloud Service

There’s not a lot of data that’s exchanged between iBaby monitors and the Cloud. iBaby monitors synchronize the hardware information so that the app uploads pictures or videos when sound or motion triggers the sensors. Please note that video and pictures are only uploaded when the owner allows it to.

iBaby Monitors keep a user log of the visitors who view and access the monitor. This information is also uploaded to the cloud.

The communication between the monitor and the cloud services become encrypted with private passwords provided by AES. Enhancement of all encryption and log functions will occur for new

App talks to Monitor directly

There is a P2P tunnel between the App and the monitor. The tunnel, provided by TUTK, is a public P2P company that offers encryption with a security guarantee.

During the monitor’s installation, the App asks for UID, username, and password from the web API (all responses become encrypted). This information then generates at random, and after installation, the authentication information is stored in the monitor and the app. iBaby must provide this information for monitor access via TUTK P2P tunnel.

App talks to Monitor through the relay server:

When the network connection is poor, the App cannot talk to the monitor directly. It will then need to relay the server to proxy the data traffic. The relay server, owned by iBaby, uses the same security process (P2P tunnel + UID + username + password) between the app, and the monitor.

Server Services Protection

iBaby uses Amazon’s AWS highest user data security. Amazon AWS can provide high availability server services and monitor systems. iBaby follows all of Amazon’s recommendations for server and permission setup.

The P2P relay server only transfers video and audio data when the App can’t talk to the monitor directly. All data transfer and firewalls become encrypted by TUTK technology.

Data storage in Cloud

All sensitive data on the cloud becomes encrypted and stored in the database(RDS). RDS, a service provided by Amazon AWS, allows a specified host to access its data. For iBaby, it only allows access from an iBaby host inside the AWS private LAN(zone). Any unauthorized users cannot get real data without the iBaby WebAPI, even if they can get a whole database.