Case Study – Securing the Mobility Data Supply Chain Using Tozny’s TozStore Platform


A growing number of mobility companies are creating sustainable and secure solutions for the ever-changing state of urban transportation by enabling seamless multimodal experiences and connected transit commerce with trip planning, mobile ticketing, and payment solutions for public transit authorities in the US and abroad.

The Tozny team has deep expertise in privacy, security, cryptography, and identity management. Our products and services support the commercial market, as well as federal clients in the DoD, DARPA, DHS, and NIST.



As the backbone for public transit authorities around the world, mobility companies are always looking for ways to strengthen their existing defense against fraud and cyber crime while maintaining their intricate role in handling passenger data on behalf of their clients. As intermediaries, these companies collect data from transit authorities’ passengers, and transport it to the transit authorities for the purpose of record keeping and data processing. As such, these companies are held responsible for what happens to the data while under their control. Tozny worked with one such company that wanted to add another layer of security to protect its users’ privacy and security while preventing their Personally Identifiable Information (PII) from being exploited.


After working with Tozny on its password-free authentication technology for one of their metropolitan transit system deployments, the company decided to continue its long-term partnership by integrating Tozny’s TozStore product, a commercial toolkit for end-to-end control of stored structured data using strong encryption. TozStore can be embedded in an app, web page, or server to ensure that the data owner maintains complete control of the data from the point of creation, through transmission, storage, analysis, and finally expiration and deletion – i.e., for the entire lifecycle of the data. Tozny partnered with the mobility company to provide more secure and convenient identity solutions for their mobile applications. By finding a better way to secure ticket transaction and user data, the company continues to be a leader in the mobility space in protecting its users privacy and security.

Being the intermediary between the transit authorities and passengers comes with a lot of responsibilities, and mobility companies desire to go above and beyond to make sure they are not taking those responsibilities lightly. By integrating Tozny’s TozStore technology as part of their platform, another layer of security is added to the data handling process, while continuing to enhance both the end user and client experience.

How It Works

The process ensures that each user and each server has its own cryptographic keys. PII and transaction information is encrypted or signed by the user’s device, while tickets and route information are encrypted and signed by company’s servers. The result is that each party has strong guarantees in the confidentiality and integrity of the data flowing across its APIs.

Identity Management with End-to-End Encryption

Questions About Securing Your Mobility Application Data?