SECURITY

Secure by design with industry leading certifications.

Airfob technology is built on the premise that mobile credentials are not only faster and easier to use than RFID access cards but also far more secure.

To make this possible, MOCA has taken great steps to ensure the foundational security of all Airfob hardware, software and firmware. We have taken steps across every layer of our system architecture and every communication touchpoint to preserve privacy and data integrity.

Data Encryption

Data is encrypted within Airfob Portal and its underlying database, on mobile phones, and as data passes between the Airfob API and apps or clients.

Secure Credentials

Credentials use anti-forgery, encryption and one-time pass technologies.

Personal Information

MOCA complies with ISO 27001 and 27701, ensuring that your data is always protected.

SECURE

Enterprise-grade security for A-grade sleep.

Airfob employs a number of the most modern proven technologies to ensure end-to-end security across all its apps and hardware.

Secure portal access

AWS Amazon RDS encrypted DB instances using advanced encryption techniques.

Data protection at rest

Industry-standard encryption algorithm, enhanced with additional encryption steps.

Data protection in transit

Secure HTTPS connection with TLS 1.2 encryption, using AWS API gateway to throttle API requests and requiring an access token that expires after one hour.

Encrypted and hashed card IDs

Advanced encryption techniques to prevent ID number exposure on third-party servers.

Secure storage of mobile cards on smartphones

Advanced encryption for all data, with keys stored and managed within the phone’s Trusted Execution Environment (TEE), such as Secure Enclave on Apple devices and TrustZone on ARM SoCs.

Secure communication between phones and readers

Every connection is secured with a new one-time encryption key, similar to a one-time-pass (OTP), which terminates immediately after each data transfer.

Mobile card data forgery prevention

Each Airfob Pass uses Public Key Infrastructure (PKI) based Digital Signature Protection with different signing key values for each Airfob Portal site, ensuring that mobile credentials only work with mobile card readers from the same organization.

CERTIFICATIONS

Your data is certified safe.

Airfob technology meets the rigorous standards for ISO 27001 and ISO 27701, solidifying our position as leaders in information protection management systems. We also make efforts to ensure that we store and handle data in a way that aligns with GDPR. ISO 27001 consultants have thoroughly analyzed Airfob and found that it successfully meets all of the following requirements:

26

Data Protection Management Standards

18

Personal Information Management Requirements

114

Data Protection Controls

AIRFOB HARDWARE

Airfob's smart hardware secrets.

Airfob ensures your access control is fortified with state-of-the-art technology for ultimate protection and transparency.

Encrypted Communication

Every connection is secured with a new one-time encryption key, similar to a one-time-pass (OTP), which terminates immediately after each data transfer.

Tamper Detection

Airfob uses a standalone tamper alerts to notify building managers and/or security personnel of any attempted tampering with readers.

Fail-secure, by design

In case of a temporary connection interruption on-site, the use of mobile credentials allows authentication even without the reader being connected to the internet.

Audit Trail

Maintain detailed records of access events, providing visibility into who entered when and where. Keep logs of visitor entries and exits to ensure transparency and security.