Kisi Product Security Overview

Kisi strives towards transparent end-to-end security and hope this document contributes to that goal.

Credentials

Kisi iOS and Android App

Uses HTTPs and user credentials as authentication. Passwords never stored, only a token to access API is stored. 

Kisi Pro Reader

Communication to cards

AES 128 bit CR. Authentication via secure Handshake Card - Reader. Locally cached, fully encrypted credentials, PoE connected.

Communication to cloud

Encryption via SSL and HTTPs. Secure boot system, application software is separated from the operating system, runs in its own protected virtual machine, certificate-based security, keys rotated frequently.

Kisi Cloud

Kisi's cloud is hosted on Heroku. Their security policies are linked here.

 

User-API is encrypted via HTTPs and authenticated via user credentials. Information is directly authenticated against the API and hosted on cloud server. No cookies used on server.

Kisi Pro Controller

API facing encryption via SSL and HTTPs. Secure boot system, application software is separated from the operating system, runs in its own protected virtual machine, certificate-based security.

 

Questions, want to do a deep dive or penetration test? Leave us a message:

Name *
Name
 
// // //