User verification via email; user credentials are not stored on the phone, but exchanged for tokens that authenticate the mobile app to the cloud endpoints (OAuth).
HTTPS transport encryption.
Access credentials are not stored on the phone or on the reader; each operation uses a unique, time-limited, non-replayable token encrypted and signed by the server.
AES-128 encryption, unique per-device keys.
Cloud Infrastructure and Management Dashboard
- HTTPS transport encryption for all traffic.
- At-rest encryption of credentials and device keys (AES-256-GCM with rotating keys).
- User verification via email or password; user credentials are exchanged for tokens that authenticate the web app to the cloud endpoints (OAuth).
- Secure boot, digitally signed firmware images.
- Local verification of access tokens and signatures; reader is not exposed to the network.
For more detail information, please contact your Proxy Representative.