How it works
The biid platform was specifically designed to perform within the strict security, privacy and compliance requirements of highly regulated sectors like Government, Financial Services and Healthcare, but for today’s mobile-first era
Why “mobile identity” ?
We believe that mobile identity is the foundation of any effective digital security strategy.
By using smartphones as identity devices, we can deliver a variety of services to both our customers and the end user: from legally enforceable digital signatures to strong online authentication, transactions security, and more.
Moreover, due to the evolution in mobile App technology, today it is possible to deliver extremely complex services that are still easy to use for the everyday consumer. This is what we strive to do every single day at biid.
A PKI-based architecture
At the core of the biid platform there are Qualified Digital Certificates that are issued by recognised Trust Service Providers (TSPs or CAs) in accordance to EU Regulation N°910/2014 (also known as eIDAS).
Using robust cryptographic techniques and the secure elements of modern smartphones, our technology turns Android and iOS devices into physical token generators that can be used to authenticate users online, sign legal documents and authorize transactions of any kind.
Securing digital infrastructures
By using “Advanced Electonic Signatures” to authorise transactions, we allow our customers to secure their API infrastructures by securing transactions themselves, not just the API Gateways.
Digitally signed transactions are linked to the signatory and their authenticity can be instantly verified by the biid platform. This allows organisations to discover and reject fraudulent transactions even after they passed the initial security checks of a compromised API Gateway.
The transaction verification is performed using the Public Key of the signee, which is uniquely linked to the Private Key securely stored on the user’s smartphone.
In addition to token-based authentication techniques, PKI and certificates provide an extra layer of security to digital infrastructures: access can’t be granted and transactions can’t be authorized without the verification of the user’s digital signature, which can only be performed from the certified smartphone containing their Private Key.
Ultimately, deploying certificates on smartphones allows organizations to decentralise their security, drastically reducing the risk of phishing and large scale attacks.
If you would like to know more about how biid can help secure your organization’s digital infrastructure, do not hesitate to contact us today. Our team will be happy to assist in any way we can.
The importance of eIDAS in Europe
The eIDAS Regulation is a single, standardized regulation for all EU member states, and is not subject to individual member state interpretation and modification.
eIDAS is organized in two main sections: the first section deals with government-issued identification, establishing a legal framework for all EU member states to mutually recognize each other’s eID systems. It targets the public sector and requires each member state to permit citizens from other member states to use their own electronic IDs to access online services across borders.
The second section deals with signatures and defines a legal framework for electronic signatures and seals.
The regulation states that an electronic signature shall not be denied admissibility as evidence in legal proceedings, nor shall it’s legal effect be defined solely based on the fact that it is in an electronic form.
eIDAS defines three types of electronic signatures:
1. Electronic Signature
2. Advanced Electronic Signature
3. Qualified Electronic Signature
Trust Services under eIDAS
Electronic identification (eID) and electronic Trust Services (eTS) are key enablers for secure cross-border electronic transactions, and are central building blocks of the Digital Single Market.
Trust Services are electronic services involving:
1. Creating, verifying and validating electronic signatures, seals, time stamps and personal digital certificates
2. Creating, verifying and validating certificates used for website authentication
3. Preserving electronic signatures, seals and certificates
The eIDAS regulation ensures that:
1. Trust Services work across borders and have the same legal status as traditional paper based processes
2. In a cross-border scenarios, as well as at national level, electronic transactions are secure and legally valid
biid adheres to the OpenID Connect standard for sharing identity data whilst leaving the user in control of his or her own personal information.
Our platform can also be deployed as a federated eIDAS-Node in a Proxy Service or Middleware configuration, to provide authentication services across borders.
Open Banking, PSD2 and GDPR
Although GDPR, PSD2 and Open Banking are not directly connected, they all share the same objectives of putting consumers back in control of their own data and keeping that data safe.
The biid product was designed and developed with those same objectives as guiding principles, and in compliance with these UK and EU regulations.
Customers have full control over how to deploy our micro-service infrastructure: on-premise; in the cloud; partly on-premise and partly in the cloud. A full “anonimity mode” is also available; in this case no user’s personal information are handled or even transit through the biid platform.
Digital signature around the world
Electronic signatures are legally binding in nearly every industrialized nation, and even less developed countries are beginning to enact E-Signature laws.
Although E-Signature laws vary from country to country, it is possible to develop a corporate E-Signature policy that works worldwide.
Our platform's building blocks
The biid platform has been developed employing modern frameworks, technologies and design principles that have allowed us to produce robust, secure and highly scalable software. The main building blocks of our product are:
1. Android, iOS and Xamarin SDKs
2. CAs, PKI and digital certificates
3. Public API and development tools
4. Backend micro-service infrastructure
Public API and development tools
We are a mobile company at heart and everything we do aims at delivering great user experiences in a complex, omni-channel environment where the smartphone is the key enabler of the customer’s digital life.
We’ve applied this vision not only to our product but also to the tools and processes enabling developers to build great apps and services using our technology. Our tools, frameworks and technologies include:
1. Developer Portal with Swagger integration
2. API and SDKs documentation via Swagger UI
3. Circuit breaking API via Hystrix
4. Auto-generated client libraries from API contracts
5. SDK deployment to CocoaPods, NuGet, etc.
6. Compatibility testing using Xamarin Test Cloud
Android, iOS and Xamarin SDKs
Our SDKs for Android, iOS and Xamarin are at the core of the biid platform, simplifying the full identity management lifecycle: they enable the digital on-boarding of new users and expose the omni-channel authentication functionality and digital signature of documents and transactions.
To start integrating the biid mobile SDKs into your project, contact us to activate a developer account.
Our backend infrastructure has been designed employing a micro-services architecture composed by more than 25 independent applications.
This allows us to deploy in 3 distinct configurations:
a. Fully on-premise
b. In the cloud (private or shared)
c. Hybrid (partially on-premise and partially in the cloud)
With security, privacy and legal compliance as the guiding principles of our product design thinking, the biid platform was created to fit in the most demanding applications for highly regulated sectors like Financial Services, Defence, Governments and Healthcare.