Hardware security
Hardware security
- Tamper-resistant housing: Chip access requires destroying the device (readers)
- Security screws: Proprietary mechanisms to prevent unauthorized opening (readers)
- Magnetic tamper detection: Built-in magnet-based sensing for enclosure tampering (readers), or GPIO-based detection of enclosure opening (controllers)
- No debug access: Debug ports permanently disabled at manufacturing
- Sealed enclosure: No external access to internal components (readers)
Software security
- Secure boot: Hardware root of trust; each stage verifies the next
- On-chip execution: Critical code runs in a hardware-protected environment
- Signed firmware: All firmware cryptographically signed and verified
- Encrypted storage: Per-device encryption keys (AES / AES-GCM-AEAD) used for all sensitive data
- Rollback protection: Prevents installation of older firmware
Connectivity security
- TLS 1.2 with mutual authentication: Device and server verify each other
- Certificate validation: Full PKI chain verification
- Encrypted channels: All cloud communication encrypted in transit
Firmware updates
- RSA-signed: Signed with HSM-hosted keys
- AES-encrypted: Encrypted during transmission
- Integrity verification: Only verified firmware can execute
- Near-seamless uptime: Typically <10 seconds downtime
- Regular cadence: Updates deployed frequently
- Audit logging: Full update history recorded
Local communication
- AES encryption: All local device communication encrypted
- Message signing: Messages cryptographically signed
- Replay protection: Prevents network replay attacks
For technical details, see our system architecture documentation.