Security Measures

Secure by Design with Industry Leading Certifications

MOCA’s Airfob technology is built on the premise that mobile credentials are not only faster and easier to use than RFID access cards but also far more secure. To make this possible, MOCA has taken great steps to ensure the foundational security of all Airfob hardware, software and firmware. We have taken steps across every layer of our system architecture and every communication touchpoint to preserve privacy and data integrity.

Data Encryption

Data is encrypted within Airfob Portal and its underlying database, on mobile phones, and as data passes between the Airfob API and apps or clients.

Secure Data Storage and Transfers

Data is securely stored in the database and on mobile phones, and while transferring between phones and readers.

Forgery Protection

Mobile access cards can not be forged and each organization’s mobile cards use a unique signing key.

A Superior Choice

Mobile credentials are inherently secure

Replacing RFID cards with mobile credentials immediately makes your access control system more secure. There are many reasons why mobile credentials are the more secure option:

  • It’s cheap and easy to issue a mobile card to every single person that enters a facility, from visitors and freelancers to delivery drivers and repairmen, granting authorization only for specific areas they need to access.
  • Credentials can be canceled remotely or set to automatically expire after a specific period of time.
  • Site administrators can (optionally) require people to unlock their phones before using mobile credentials for an extra layer of security.
  • People naturally mind their phones more closely than access cards and are less likely to lend out or lose them.

Secured by design with proven technologies

Airfob employs a number of the most modern proven technologies to ensure end-to-end security across all its apps and hardware.

Secure portal access

AWS Amazon RDS encrypted DB instances using the industry standard AES-256 or better encryption algorithm

Data protection at rest

Industry-standard AES-256 or a better encryption algorithm, enhanced with additional encryption steps

Data protection in transit

Secure HTTPS connection with TLS 1.2 encryption, using AWS API gateway to throttle API requests and requiring an access token that expires after one hour

Encrypted and hashed card IDs

AES 256-encrypted to prevent ID number exposure on third-party servers

Secure storage of mobile cards on smartphones

AES 256 encryption for all data, with keys stored and managed within the phone’s Trusted Execution Environment (TEE), such as Secure Enclave on Apple devices and TrustZone on ARM SoCs

Secure communication between phones and readers

Every connection is secured with a new one-time encryption key, similar to a one-time-pass (OTP), which terminates immediately after each data transfer

 

Mobile card data forgery prevention

Each Airfob Pass uses Public Key Infrastructure (PKI) based Digital Signature Protection with different signing key values for each Airfob Portal site, ensuring that mobile credentials only work with mobile card readers from the same organization.

ISO 27001

Your data is certified Safe

Airfob technology meets the rigorous standards for ISO 27001 and ISO 27701, solidifying our position as leaders in information protection management systems. We also make efforts to ensure that we store and handle data in a way that aligns with GDPR. ISO 27001 consultants have thoroughly analyzed Airfob and found that it successfully meets all of the following requirements:

 

Data Protection Management Standards

Personal Information Management Requirements

Data Protection Controls

Upgrade to the future of access control

Airfob opens doors for more than 11,000 spaces. Is yours next?

Upgrade to the future of access control

Airfob opens doors for more than 11,000 spaces. Is yours next?