To make sure mobile communications do not create a security risk, the Airlock Secure Access Hub guarantees secure mobile data communication combined with great flexibility in access control and integration. Together with leading technology partners, Airlock provides end-to-end protection – from the mobile device and the management of authentication tokens to protection of the REST API interface on the server.
Authentication on your smartphone
Our technology partners provide mobile apps for secure authentication and SDKs for protecting self-developed apps. The necessary authentication tokens are pre-integrated into Airlock and can be managed centrally. Biometric options available on many smartphones, such as Touch ID or Face ID, can also be used for authentication.
A comprehensive range of user self-services are available for mobile tokens. This makes it easy for new users to get started. New tokens can be rolled out quickly and easily, and token migrations are also easy to organise.
Swisscom’s Mobile ID does not require an app. This innovative solution, which is based on the international Mobile Signature Services (MSS) standard, uses the SIM card as a secure environment for the key material. Mobile ID services are a part of Airlock IAM and are available to developers for their own applications.
Mobile clients typically use back-end REST APIs to access business data. With its specialised filters and powerful access management functionality, the Airlock API Gateway is ideally suited for protecting these interfaces.
Simple integration of Airlock functions
The Secure Access Hub’s features are accessible to developers through REST APIs. For the development of portals, mobile apps or Single-Page-Applications (SPAs) all relevant Airlock security services are available to support a simple technical integration:
- Self-registration of users
- Authentication and login
- Device activation
- User self-services
In addition to the REST APIs, native applications can use third-party federation, such as OAuth, OpenID Connect, or browser-based login functions. With browser-based logins, developers can also choose between the standard login app and an SPA.
Mobile security highlights
- Protection of REST APIs
- Support for OAuth and OpenID Connect
- REST interface for user authentication
- Integration of leading partner solutions
- Secure mobile apps for authentication
- SDKs to protect apps
- User self-service for mobile tokens
- Mobile ID support