MOBOTIX Cloud Data Center Authentication
For communication with the browser and the mobile app, the MOBOTIX Cloud Data Center server uses a digital certificate from a third-party provider to establish the secure TLS connection. The allow displaying the content of the certificate used to establish the connection, so that users can connection, so that users can check whether they are actually connected to an actual MOBOTIX Cloud Data Center server.
MOBOTIX CLOUD Application Authentication
MOBOTIX CLOUD applications use self-signed digital certificates to authenticate themselves to the MOBOTIX CLOUD Data Center.
Transmitted data encryption
The MOBOTIX CLOUD web application, mobile apps and APIs communicate via HTTPS using TLS (Transport Layer Security). The TLS protocol mainly aims at providing data protection and data integrity between two communicating computer applications. TLS achieves this in three ways:
• Authenticating the communicating applications with digital certificates.
• Ensuring that the connection is private by using strong data encryption.
• Including a message integrity check using a
authentication code to prevent unnoticed loss or alteration of data during transmission.
The MOBOTIX CLOUD web application, mobile apps and APIs use TLS version 1.1 or higher using the secure SHA-256 hashing algorithm with a 2048-bit RSA key.
Stored data encryption
Stored data is protected with AES 256-bit encryption (Advanced Encryption Standard) both on the bridges and in the MOBOTIX Cloud Data Center. Keys are stored and exchanged with MOBOTIX digital certificates.
User authentication
The MOBOTIX CLOUD Camera Security VMS provides different types of secure login access for users:
• User Two-Factor Authentication
• Apple Touch ID fingerprint authentication
• Real-time video access for designated persons
User two-factor authentication
Users are employees of MOBOTIX CLOUD customers with assigned rights to log in to MOBOTIX CLOUD applications (mobile apps or browser apps) to access video or manage cameras. Two-factor authentication is used to provide strong security by allowing trusted user devices (PCs, laptops
user devices (PCs, laptops, tablets and smartphones) and only allowing camera and video access from these trusted
video access from these trusted devices. Attempts to log in with an untrusted
untrusted device will result in access being denied.
Two-factor authentication uses the following mechanisms:
- Trusted device. A trusted device is a mobile device or a browser on a specific computer
a specific computer that has previously been registered using two-factor authentication. It is
a device that is known to be associated with this MOBOTIX CLOUD user. - Security code. A security code is a one-time code that is sent to a trusted device or phone number when the user logs in for the first time.
device or a trusted phone number the first time the user logs in with a new device or browser.
logs in with a new device or browser.
Apple Touch ID fingerprint authentication
The MOBOTIX CLOUD VMS supports Apple Touch ID fingerprint biometrics to minimise the likelihood of third parties observing password entry and to make login more secure and convenient. The mechanism utilises the iOS Keychain password store and allows the user’s fingerprint to be used for login.
Real-time video access for designated persons (first responders)
The MOBOTIX CLOUD Surveillance Camera VMS allows customers to designate designated persons in advance.
In emergency situations via the free MOBOTIX CLOUD mobile app or any common web browser to gain instant access to real-time cameras. Customers also specify which of their own employees are authorised to activate the emergency service when an incident occurs.
Emergency responder permission can be limited to certain groups of cameras; for example, only outdoor cameras and public lobby areas. The cameras are kept private and only released when an authorised user activates the emergency responder (Forst Responder) access. When emergency responder access is enabled, emergency responders receive an email with links to specific cameras they are authorised to view. The links open the
camera views in the app or in the web browser.