Array requires authentication at all three points (the lock, the App and the Cloud) to complete a requested user action.
All commands from the Array app are encoded with information specific to the lock and is encrypted using industry standard encryption methods/protocols. This is what you do when completing the "handing process" during setup. Any commands are further authenticated and verified by the Array Cloud and then they are verified again on the lock before the command is actually executed.
For the encryption(handing) process, this is the industry standard, non-proprietary enterprise security 128-bit using SSL and TLS.