The Security-Focused Platform

Data exchanges through a public infrastructure must go hand in hand with the implementation of exchange securing. In this context, the Motilia Tech platform offers a wide array of security mechanisms as standard, in addition to the communication encryption between devices.

Suivant un certain nombre d'exemples, un appareil mobile peut être considéré comme breachable. Based on a Zero Trust approach, the Motilia Tech environment consider mobile devices as non-trusted with regard to enterprise data recording.

In this context, Motilia Tech has chosen not to record any data in a mobile device and to exchange with the buffer database interactively. This choice has the major advantage of keeping the buffer data up to date in real time, and allowing organizations to take their processes forward easily from batch processing to real-time processing.

Furthermore, when the mobile application goes into the background, the user is disconnected from his session and the information resident in memory is erased, in order to guard against any spyware tracking memory usage. It should be noted that the re-connection is very fast thanks to biometric identification by fingerprint or facial recognition.

As with all mobile environments on the market, the communication between the Motilia Tech client application and the gateway application is encrypted using the standard https protocol. However, this security mechanism is not sufficient to guarantee a high level of confidentiality to a mobile solution.

Despite the encryption of the communication, the data exchange must face the Man-In-The-Middle attacks, which allows an attacker to relay secretly and possibly to alter the communications between two parties.

The Motilia Tech platform has the defense mechanism HTTP Public Key Pinning against MITM attacks using server impersonation, which allows for immediat detection of fraudulent certificate from an attacker and causes the connection to be interrupted.

The Motilia Tech platform has also a low-level mechanism to check the integrity of each network datagram, to detect and reject any alteration of a transaction between the client mobile application and the gateway application.

The Motilia Tech platform is built to implement data requests with a buffer database, whose schema is designed by the client organisation. Using only pre-recorded parameterized queries, it is therefore immune to any SQL injection attack.

Other defense mechanisms are integrated in the standard Motilia Tech offer. All of them may be disactivated in the event that the mobile solutions are used as part of an enterprise VPN.