SECURITY
Secure by design with industry leading certifications.
Airfob technology is built on the premise that mobile credentials are not only faster and easier to use than RFID access cards but also far more secure.
To make this possible, MOCA has taken great steps to ensure the foundational security of all Airfob hardware, software and firmware. We have taken steps across every layer of our system architecture and every communication touchpoint to preserve privacy and data integrity.
Data Encryption
Data is encrypted within Airfob Portal and its underlying database, on mobile phones, and as data passes between the Airfob API and apps or clients.
Secure Credentials
Credentials use anti-forgery, encryption and one-time pass technologies.
Personal Information
MOCA complies with ISO 27001 and 27701, ensuring that your data is always protected.
SECURE
Enterprise-grade security for A-grade sleep.
Airfob employs a number of the most modern proven technologies to ensure end-to-end security across all its apps and hardware.
Secure portal access
AWS Amazon RDS encrypted DB instances using advanced encryption techniques.
Data protection at rest
Industry-standard encryption algorithm, enhanced with additional encryption steps.
Data protection in transit
Secure HTTPS connection with TLS 1.2 encryption, using AWS API gateway to throttle API requests and requiring an access token that expires after one hour.
Encrypted and hashed card IDs
Advanced encryption techniques to prevent ID number exposure on third-party servers.
Secure storage of mobile cards on smartphones
Advanced encryption for all data, with keys stored and managed within the phone’s Trusted Execution Environment (TEE), such as Secure Enclave on Apple devices and TrustZone on ARM SoCs.
Secure communication between phones and readers
Mobile card data forgery prevention
Each Airfob Pass uses Public Key Infrastructure (PKI) based Digital Signature Protection with different signing key values for each Airfob Portal site, ensuring that mobile credentials only work with mobile card readers from the same organization.
CERTIFICATIONS
Your data is certified safe.
Airfob technology meets the rigorous standards for ISO 27001 and ISO 27701, solidifying our position as leaders in information protection management systems. We also make efforts to ensure that we store and handle data in a way that aligns with GDPR. ISO 27001 consultants have thoroughly analyzed Airfob and found that it successfully meets all of the following requirements:
Data Protection Management Standards
Personal Information Management Requirements
Data Protection Controls
AIRFOB HARDWARE
Airfob's smart hardware secrets.
Airfob ensures your access control is fortified with state-of-the-art technology for ultimate protection and transparency.
Encrypted Communication
Every connection is secured with a new one-time encryption key, similar to a one-time-pass (OTP), which terminates immediately after each data transfer.
Tamper Detection
Airfob uses a standalone tamper alerts to notify building managers and/or security personnel of any attempted tampering with readers.
Fail-secure, by design
In case of a temporary connection interruption on-site, the use of mobile credentials allows authentication even without the reader being connected to the internet.
Audit Trail
Maintain detailed records of access events, providing visibility into who entered when and where. Keep logs of visitor entries and exits to ensure transparency and security.