top of page
black_Background.jpg

CUVEX DEVICES

SAME SECURITY MODEL
DIFFERENT DESIGN DECISIONS

Cuvex and Cuvex BIT are built on the same sovereign security architecture:

Pink Poppy Flowers
BIT_MOBILE.jpg

HSM SEED PHRASE PROTECTOR & BTC
HARDWARE WALLET

  • You can encrypt your current seed phrase on NFC cards.

  • You can create your seed phrase from scratch by contributing to its entropy and forget about the ones automatically generated by third-party software.

  • You can fully manage your BTC and sign double air-gapped PSBT transactions with the best user experience.

Personal HSM model

The differences between them are not about “more or less security”, but about how the communication boundary with the smartphone is implemented. Understanding this boundary is key to choosing the right device.

Offline encryption and signing

Double AirGap PSBT

No backend, no telemetry, no key storage

CUVEX 

Controlled Interfaces by Design

Go
disp+usbc.png

CUVEX BIT

No Radios, Deterministic File Bridge

Go
Cuvex_home.png
biometric.png

CUVEX
CONTROLLED INTERFACES BY DESIGN

  • PRESENT, BUT STRICTLY ISOLATED

    Cuvex includes Bluetooth hardware, but its usage is extremely constrained by design:

    • Bluetooth is only enabled inside the Bootloader

    • Its sole purpose is firmware updates

    • Every firmware update is cryptographically verified using RSA signature validation

    • If the firmware is not correctly signed, it is rejected

    Once the firmware is installed and the device boots into AppCode (the firmware that manages all cryptographic and signing operations):

    • Bluetooth is completely disabled

    • The AppCode firmware contains zero lines of code capable of interacting with the Bluetooth peripheral

    • Bluetooth cannot be enabled, accessed, or triggered during normal operation

    In other words:
    Bluetooth is not part of the operational attack surface.
    It exists only in a tightly controlled update context.

    * More information about Bluetooth security

  • POWER ONLY, NO DATA CHANNEL

    On Cuvex, the USB-C port is used exclusively for power delivery.

    • No data is exchanged over USB-C

    • No files, commands, or metadata flow through the USB connection

    • USB-C cannot be used as a communication channel with the smartphone or computer

    This eliminates an entire class of USB-based attacks during normal use.

  • PASSIVE, FILE-BASED, AND ISOLATED

    All operational communication between Cuvex and the smartphone app happens via passive NFC cards.

    • NFC cards are read/write only

    • They do not execute code

    • They do not establish active sessions

    • They cannot trigger logic inside the device

    NFC is used purely as a physical file transfer medium:

    • PSBT files

    • encrypted cryptograms

    • metadata required for the signing flow

    This keeps communication:

    • offline

    • explicit

    • user-mediated

    • physically observable

cuvex menu features

SUMMARY
COMMUNICATION MODEL

  • Bluetooth → Bootloader only, RSA-verified firmware updates

  • USB-C → power only

  • NFC → passive file exchange, no execution

This model prioritizes interface versatility while keeping each interface cryptographically and logically constrained.

CUVEX BIT
RADIO FREE, DETERMINISTIC FILE BRIDGE,
BIOMETRIC ACCESS CONTROL 

Cuvex BIT takes a different approach: instead of constraining interfaces, it removes them entirely at the hardware level.

  • NO BLUETOOTH - NO NFC - PHYSICALLY ABSENT

    Cuvex BIT does not include:

    • Bluetooth hardware

    • NFC hardware

    As a result:

    • Neither the Bootloader nor the AppCode firmware can ever interact with Bluetooth or NFC

    • Even theoretically, these interfaces cannot be enabled or exploited

    This is a hard physical guarantee, not a software policy.

  • AS A CONTROLLER FILE BRIDGE (NOT A LIVE CONNECTION)

    Cuvex BIT communicates with the smartphone exclusively via USB-C, but not as a direct device-to-device protocol.

    Instead, it uses a mounted external memory model:

    • The device mounts a temporary external storage unit

    • The smartphone recognizes it as a standard removable drive (similar to a USB flash drive)

    • Inside this storage, a dedicated folder called “Cuvex” is used to exchange files

    There is no live communication channel, no commands, no sessions.

    Communication is purely file-based.

     

    Security properties of the memory bridge

    From a cybersecurity and hardware architecture perspective, this model has very strong properties:

    • All data written by the device to the shared memory is already encrypted

    • No plaintext secrets are ever exposed

    • The smartphone only ever sees protected data

    When the device reads files from the shared memory:

    • It expects very strict formats

    • If a file does not match the expected structure and data:

      • it is ignored

      • deleted

      • and the memory unit is immediately unmounted

    There is:

    • no parser flexibility

    • no command surface

    • no opportunity for code execution

    This makes active attacks through the file bridge practically impossible.

     

    Optional additional isolation

    All Cuvex BIT workflows can be performed while:

    • the smartphone is connected via USB-C

    • with the smartphone in airplane mode

    • completely disconnected from the internet

    This allows users to add an extra operational security layer, even though the protocol itself does not require connectivity.

  • BIOMETRIC ACCESS CONTROL (FINGERPRINT SENSOR)

    Cuvex BIT integrates a biometric fingerprint sensor used exclusively for access control to encrypted cryptograms.


    This feature does not replace the password; instead, it strengthens it by applying a three-factor multifactor authentication model based on:

    • Something I have → the encrypted cryptogram

    • Something I know → the password

    • Something I am → the biometric fingerprint

     

    Mandatory physical presence

    When a secret is initially encrypted, creating a biometric-protected cryptogram:

    • The fingerprints of the authorized individuals are bound to the encryption process

    • During any subsequent decryption, the physical presence of those individuals is mandatory

    • The cryptogram cannot be decrypted using the password alone

    This effectively reinforces use cases such as:

    • shared custody

    • human multisignature schemes

    • controlled secret recovery

     

    Biometric cryptograms: exclusive use with Cuvex BIT

    Cryptograms protected by biometric access control:

    • Cannot be decrypted from the Cuvex desktop application

    • Require a Cuvex BIT device

    • Mandate biometric reading and validation through the device’s physical sensor

    This ensures that:

    • biometric enforcement cannot be bypassed by software

    • there is no security downgrade to environments without biometric hardware

     

    Security of the biometric model

    • Fingerprints are not used as passwords

    • They do not replace the cryptographic key

    • They operate strictly as an additional authorization factor

    • They reinforce the requirement for conscious, verifiable physical presence

    The result is a robust, explicit access-control model aligned with the principles of sovereign self-custody.

Cuvex_home.png

SUMMARY CUVEX BIT
COMMUNICATION AND ACCESS MODEL

  • Bluetooth → physically absent

  • NFC → physically absent

  • USB-C → file-based memory mounting, data always encrypted

  • Biometrics → mandatory additional access control for biometric cryptograms

  • Premium finish in anodized aluminum, orange color

This model prioritizes minimalism, deterministic workflows, reduced physical attack surface, and verifiable human presence.

CHOOSING BETWEEN CUVEX AND CUVEX BIT

Diferencias_cuvexs.jpg
fbe56d07-bd92-4df9-9f3a-e0596ad1588a.png

FINAL CLARIFICATION

Both devices:

  • Follow the same Personal HSM architecture

  • Never store private keys

  • Never expose secrets in plaintext

  • Can operate fully offline

  • Implement Double AirGap PSBT

Neither device is “more secure” in absolute terms.
They are optimized for different operational preferences and threat perceptions.

CHOOSE THE RIGHT CUVEX DEVICE FOR YOUR NEEDS

cual_cuvex_elegir.jpg

Both devices follow the same security architecture

The differences are about how data moves between the device and your phone not about weaker or stronger security.

CUVEX_SPECS.jpg

CUVEX SPECS

INSIDE THE BOX
1- Cuvex Device
1- USB-C Cable
3- NFC Cards

1- NFC 8K Card for transactions.
1- Sticker
1- Welcome card

4 - Dice of different colors

SIZE AND WEIGHT
92 mm x 92 mm x 35 mm / 150 g

MATERIAL
Matte Black ABS Plastic.

SCREEN
4 inch colour touchscreen to a simple
and fluent user experience.

CERTIFICATIONS
CE Certification
MET/UL Certification
Material Compliance RoHS


You will need to have a Smartphone with NFC.

To use the Cuvex App, a minimum operating system is required: iOS 16 or Android 8.

specs cuvex mobile.jpg

CUVEX SPECS

INSIDE THE BOX
1- Cuvex Device
1- USB-C Cable
3- NFC Cards

1- NFC 8K Card for transactions.
1- Sticker
1- Welcome card

4 - Dice of different colors

SIZE AND WEIGHT
92 mm x 92 mm x 35 mm / 150 g

MATERIAL
Matte Black ABS Plastic.

SCREEN
4 inch colour touchscreen to a simple
and fluent user experience.

CERTIFICATIONS
CE Certification
MET/UL Certification
Material Compliance RoHS


You will need to have a Smartphone with NFC.

To use the Cuvex App, a minimum operating system is required: iOS 16 or Android 8.

CUVEX_BIT_SPECS.jpg

CUVEX BIT SPECS

INSIDE THE BOX
1- Cuvex Device
1- USB-C Cable
3- NFC Cards

1- MicroSD Card
1- Sticker
1- Welcome card

4 - Dice of different colors

SIZE AND WEIGHT
92 mm x 92 mm x 23 mm / 190 g

MATERIAL

Premium finish in anodized aluminum, orange color

SCREEN
4 inch colour touchscreen to a simple
and fluent user experience.

CERTIFICATIONS
CE Certification

FCC Certification
Material Compliance RoHS

You will need to have a Smartphone with NFC and USB-C connection. To use the Cuvex App, a minimum operating system is required: iOS 16 or Android 8.

specs cuvex bit.jpg

CUVEX BIT SPECS

INSIDE THE BOX
1- Cuvex Device
1- USB-C Cable
3- NFC Cards

1- MicroSD Card
1- Sticker
1- Welcome card

4 - Dice of different colors

SIZE AND WEIGHT
92 mm x 92 mm x 23 mm / 190 g

MATERIAL

Premium finish in anodized aluminum, orange color

SCREEN
4 inch colour touchscreen to a simple
and fluent user experience.

CERTIFICATIONS
CE Certification
FCC Certification
Material Compliance RoHS

You will need to have a Smartphone with NFC and USB-C connection. To use the Cuvex App, a minimum operating system is required: iOS 16 or Android 8.

Frame 304.jpg

SPECS

INSIDE THE BOX

1- Cuvex Device
1- USB-C Cable
3- NFC Cards

1- NFC 8K Card for transactions.
1- Sticker
1- Welcome card

4 - Dice of different colors


SIZE AND WEIGHT
92 mm x 92 mm x35 mm / 150 g

MATERIAL
Matte Black ABS Plastic.

SCREEN
4 inch colour touchscreen to a simple
and fluent user experience.

CERTIFICATIONS
CE Certification
MET/UL Certification
Material Compliance RoHS

You will need to have a Smartphone

with NFC Minimum operating system:

iOS 16 - Android 8

CuvexBIT + Caja.png

MAXIMUM
SECURITY

Seed Phrase protector

No experience needed, Fully equipped.

 

Designed for easy usability. AES-256 GCM cold encryption, through a device created for it and without an internet connection. It does not store any data after performing the processes.

Cuvex crypto cold storage device is a completely isolated encryption mechanism for connection to networks, the cloud, the Internet of Things and any data input and output peripheral. At no step in the process will your secret be exposed.

Learn more about security

  • Short answer: No.

    Why: Bluetooth on Cuvex exists only inside the bootloader, and only for firmware updates.

    • It is never active during normal use

    • It cannot access keys, cryptograms or transactions

    • Firmware updates are accepted only if they are RSA-signed

    • Once the device boots into normal operation, Bluetooth is completely disabled

    Bluetooth is not part of the operational security surface.

  • Cuvex BIT is designed for users who prefer physical simplicity and minimal interfaces.

    • Bluetooth hardware is physically absent

    • It cannot be enabled by software

    • This reduces the number of components and attack vectors.

    Both approaches are secure they simply reflect different design preferences.

  • Yes, because NFC on Cuvex is passive and file-based.

    • NFC cards do not execute code

    • They do not establish live sessions

    • They only store and transfer files (PSBTs and encrypted cryptograms)

    NFC is used as a physical transfer medium, similar to handing over a USB drive but without active connectivity.

  • Not inherently.
    Security depends on how the interface is used.

    • On Cuvex, USB-C is power only

    • On Cuvex BIT, USB-C is used as a controlled file exchange mechanism

    In both cases:

    • No secrets are shared in plaintext

    • No live communication channel exists

    • Invalid data is rejected automatically

    The difference is operational style, not security level.

  • No.

    • The device only reads files with very strict formats

    • Any unexpected or malformed data is ignored and deleted

    • No commands or executable code are accepted

    • Secrets never leave the device unencrypted

    Even a compromised smartphone cannot extract keys or control the device.

  • No.

    Both Cuvex and Cuvex BIT can be used with the smartphone:

    • connected via NFC or USB-C

    • with the phone in airplane mode

    • completely offline

    Internet access is never required for encryption or signing.

  • Neither.

    • Both use the same Personal HSM architecture

    • Both operate fully offline

    • Both avoid storing private keys

    • Both implement Double AirGap PSBT

    The difference is how you prefer to interact with the device.

  • Choose Cuvex if you:

    • prefer NFC-based workflows

    • want flexible backup options

    • like physically mediated transfers

    Choose Cuvex BIT if you:

    • want biometric access control

    • prefer fewer physical interfaces

    • want the simplest possible connectivity model

bottom of page