Your badge just got a lot more powerful.
LEAF Verified is Wavelynx's next-generation access credential. Public-key security built in at the chip level. Drops into your existing readers today. Steps up to zero trust when you're ready.
Unclonable
by design.
Legacy credentials broadcast the same static number on every tap. Copy it once, replay it forever.
LEAF Verified stores its private key directly in the chip's secure hardware. It's never transmitted, never remotely extractable. Every tap generates a unique proof that expires the moment it's used.
Open Today.
Zero Trust Tomorrow.
Most installs start with the seamless drop-in. The same credential is also the foundation for zero trust physical access, for the organizations that need it.
LEAF Verified
Public-key security provisioned at the wafer. Ships in ISO card and key fob form factors, ready to use out of the box.
- Cryptographic identity at the wafer
- ISO card and key fob form factors
- Works with any LEAF-compatible device
APEX Reader
Drops into your existing infrastructure. Reads legacy and modern credentials side by side, so you transition on your schedule, not anyone else's.
- Reads legacy and modern credentials
- OSDP and Wiegand output
- IP65 outdoor rated, EAL 6+ certified
Three reasons this is different.
The access control industry has run on the same model for decades. Here's what changes when you stop.
Works with any reader. Not just ours.
Built on open standards and the LEAF Community ecosystem. Any compatible reader, panel, or platform works. The card never changes, even when your security posture does.
One credential across every vendor in your stack.
See the security tiersThe readers you already own work on day one.
No special equipment. No key ceremonies. No secret management. Drop it into your existing infrastructure and start using it today.
Protect your hardware investments while upgrading your security.
See how enrollment worksNothing proprietary. Nothing hidden.
Built on standard, well-understood cryptography. No proprietary protocols. Wavelynx maintains an open-source library for the LEAF Community so any device manufacturer can add support without asking permission.
Show your board exactly how the security works. No black boxes.
View the open-source libraryTwo security tiers.
One credential.
Every LEAF Verified credential ships with both tiers built in. Your reader policy decides which one runs, door by door.
Open Application
One-Way Proof · Zero Key Management
The default. Mount the reader. Walk away. It works. The credential proves itself to the reader without anyone handing out secrets.
- No key ceremonies. No SAM cards. No config apps.
- Drops into existing readers that speak ECC P-256.
- Lobbies, stairwells, parking, common areas.
Mutual Authentication
Two-Way Trust · Enterprise PKI Ready
Credential and reader verify each other. Bring your own PKI to extend the same trust chain across your entire ecosystem, physical and mobile Aliro credentials alike.
- Server rooms, executive suites, regulated zones.
- One trust chain: physical and mobile.
- Same credential as open mode.
See what enrollment actually looks like.
Tap a badge to a phone. Watch the identity link. That's it.
Every badge is a
connected touchpoint.
Every LEAF Verified credential has native NFC. Tap it to any phone and your access control platform decides what happens next. The first use case: self-enrollment that eliminates manual data entry entirely.
The tap experience is powered by your access control platform. Wavelynx provides the NFC capability on every credential. Ask your PACS or PIAM provider about LEAF Verified integration.
Every credential pack ships with a QR code linked to a downloadable badge list. Scan it, import hundreds of badges in seconds.
Your path to modern access.
No big-bang migrations. Start with a conversation, prove it in your environment, and scale at your own pace.
Request Samples
We'll ship a sample pack to your desk. Hold the credential, see the form factors, and share them with your team to start the conversation.
Plan Your Transition
We'll assess your infrastructure, map an upgrade path, and provide a pilot pack with credentials and a reader to test in your environment.
Deploy at Your Pace
Roll out building by building on your schedule. Legacy and LEAF Verified credentials work side by side during the transition, so nothing goes dark while you upgrade.
Common questions.
No. LEAF Verified works with any reader that supports modern NFC and public-key standards, including most readers already deployed. Legacy and LEAF Verified credentials work side by side, so you can transition door by door on your own schedule. No rip-and-replace.
Nothing. Open application mode works out of the box with zero key management. No SAM cards, no key ceremonies, no secret distribution. When you're ready for mutual authentication, you can layer on enterprise PKI at your own pace. It's there when you need it, not before.
No. LEAF Verified is built on open standards and open-source cryptography. Any reader, panel, or platform manufacturer can add support. The growing LEAF Community ecosystem already includes hardware and software from multiple vendors. The credential works the same regardless of whose reader is on the wall.
The infrastructure you deploy for LEAF Verified today is already built for it. Wavelynx Wallet brings the same public-key model to phone wallets using the Aliro standard from Apple and Google. Same trust chain, physical and mobile.
Both sides verify. The credential proves itself to the reader. The reader proves itself to the credential. Nobody gets access until both checks pass. It's the same model your IT team already uses for network access, applied to physical doors.