- User verification via email; user credentials are not stored on the phone, but exchanged for tokens that authenticate the mobile app to the cloud endpoints (OAuth).
- HTTPS transport encryption.
- Access credentials are not stored on the phone or on the reader; each operation uses a unique, time-limited, non-replayable token encrypted and signed by the server.
- AES-128 encryption, unique per-device keys.
Cloud Infrastructure and Management Mobile Access Manager
- HTTPS transport encryption for all traffic.
- At-rest encryption of credentials and device keys (AES-256-GCM with rotating keys).
- User verification via email or password; user credentials are exchanged for tokens that authenticate the web app to the cloud endpoints (OAuth).
- Secure boot, digitally signed firmware images.
- Local verification of access tokens and signatures; reader is not exposed to the network.
For more detail information, please contact your Proxy Representative.