The Security-Focused Platform
Data exchanges through a public infrastructure must go hand in hand with the implementation of exchange securing. In this context, the
Motilia Tech platform offers a wide array of security mechanisms as standard, in addition to the communication encryption between devices.
Mobile device vulnerability
Suivant un certain nombre d'exemples, un appareil mobile peut être considéré comme breachable. Based on a
Zero Trust approach, the
Motilia Tech environment consider mobile devices as non-trusted with regard to enterprise data recording.
In this context,
Motilia Tech has chosen not to record any data in a mobile device and to exchange with the buffer database interactively. This choice has the major advantage of keeping the buffer data up to date in real time, and allowing organizations to take their processes forward easily from batch processing to real-time processing.
Furthermore, when the mobile application goes into the background, the user is disconnected from his session and the information resident in memory is erased, in order to guard against any spyware tracking memory usage. It should be noted that the re-connection is very fast thanks to biometric identification by fingerprint or facial recognition.
As with all mobile environments on the market, the communication between the
Motilia Tech client application and the gateway application is encrypted using the standard https protocol. However, this security mechanism is not sufficient to guarantee a high level of confidentiality to a mobile solution.
Server identity verification
Despite the encryption of the communication, the data exchange must face the
Man-In-The-Middle attacks, which allows an attacker to relay secretly and possibly to alter the communications between two parties.
Motilia Tech platform has the defense mechanism
HTTP Public Key Pinning against MITM attacks using server impersonation, which allows for immediat detection of fraudulent certificate from an attacker and causes the connection to be interrupted.
Motilia Tech platform has also a low-level mechanism to check the integrity of each network datagram, to detect and reject any alteration of a transaction between the client mobile application and the gateway application.
Natural protection against SQL injections
Motilia Tech platform is built to implement data requests with a buffer database, whose schema is designed by the client organisation. Using only pre-recorded parameterized queries, it is therefore immune to any
SQL injection attack.
Other defense mechanisms are integrated in the standard
Motilia Tech offer. All of them may be disactivated in the event that the mobile solutions are used as part of an enterprise VPN.