Swipe ID

Ultimate security at your fingertips

Our lives are becoming fully digital.

Which brings tremendous opportunities.

But also tremendous risks…

Risks related to your (online) security

identity fraud, profiling and privacy.

Swipe ID eliminates these risks.

ahora-swipe-id

Swipe ID is the safest, most intuitive and most versatile personal identification device.ahora-swipe-id

ahora-swipe-idThe alternative for traditional access protocols. Authenticating persons, not identities.

 

 

Overview

 

Swipe ID is a small (pocket size) personal device suitable for all your identification, authentication and authorization needs. It is the safest, most intuitive and most versatile identification device available. One device that can communicate with your smartphone, computer and many other real-world locations and online places.

Transfer money, cross the border, e-sign Notary documents online, access websites, open the door of your property and vehicle and access an event in a stadium: the versatility of your Swipe ID offers you an all-in-one access solution and it provides you with the ultimate level in security.

 

Read more...

Swipe ID offers accurate and convenient identification possibilities. Just a simple finger swipe is enough to be identified and gain access for many kinds of online use (websites, cloud storage, online payments, etc.) and it can also serve as a certified digital signature (for example to e-sign notary documents). Furthermore, it provides secure access to many real-world places (member clubs, gyms, stadiums, etc.) and provides secure access to your home, car, yacht, etc.

In addition, Swipe ID gives you individual control over your identity; images of your fingerprint are not stored. Moreover, no personal data is stored in our database, the Central Matching Base. And finally: one-time only enrolment is valid for all online and offline access applications and purposes. This eliminates the need for your biometric data to be stored at several different places, which may increase the chance that your (stored) biometric data will be stolen and misused.

Swipe ID is a personal device; no one else can use it, except the person who originally registered it. Each user has a personal Swipe ID attached to their user account, based on the serial number of the device.

We currently offer 2 models of Swipe ID version 1: a wireless model and a USB model. The USB model connects to your computer and will be used for online purposes, for example to perform an online payment or access your cloud storage. The wireless model can also be used offline and works with bluetooth. It does not need a connection to your computer for certain specific applications like opening the door of your car or accessing your soccer stadium.

We are currently working on Swipe ID version 2: this version consists of a cover for your mobile phone. It will offer higher convenience since it eliminates the need for a separate device to carry along, as is the case with Swipe ID version 1. The separate cover incorporates our technology and the finger sensor and is attached to your mobile phone, whilst it keeps independency from your phone’s technology. This setup eliminates the possibility of hacking your Swipe ID through your mobile phone’s technology, so it maintains maximum security.

Facts & Figures

Access protocols:

Time to change

When a credit card is inserted into an ATM, the person is not identified and thus the money gets collected anonymously.

When a password and username are entered for any kind of online or physical access, the person is not identified and thus access is granted to an anonymous person.

These examples show that common access systems only identify ID’s like passwords, usernames, keys, swipe cards and regular biometric ID’s. Individuals are not identified. This fact is the main cause of all identity fraud, a problem becoming bigger every day.

Read more...

The basic operating tools of IT systems that are integrated in all types of access control systems are passwords, user names and access codes or passes. IT systems can always be compromised when the current access protocols using these tools are maintained. This applies to online and offline access protocols. Therefore, access protocols need to change in such a way that persons will be identified, not ID’s that can lead to impersonation.

Swipe ID is about to change the protocols of access control disruptively. From now on real people can be identified instead of ID’s. We protect users against ID fraud, with the safest, most intuitive and most versatile identification system to date.

Identity theft & identity fraud

According to the United States Department of Justice, identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.

Identity theft refers to the preparatory stage of acquiring and collecting someone else’s personal information for criminal purposes. Identity fraud is the actual deceptive use of the identity information of another person (living or dead) in connection with various frauds.

Read more...

Consider the following figures:

  • A 2015 research found that 12.7 million people were victims of identity fraud in the US alone: 1 victim every 2 seconds. $16 billion was stolen from consumers.
  • The most common form of reported identity theft and fraud  in 2014 was government documents/benefits fraud (39 %), loan fraud (24 %), credit card fraud (17 %), phone/utilities fraud (13 %), and bank fraud (8 %).
  • Direct and indirect losses in the US from identity theft in 2012 totalled $24.7 billion.

In addition (but related) to ID theft and fraud, there are growing concerns over and problems caused by shrinking privacy in a data-driven economy where companies collect information derived from a number of resources to build comprehensive profiles on individuals in order to sell products and to sell dossiers on behaviour.

Biometrics & common access systems

Biometrics refers to metrics related to human characteristics. Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are often categorized as physiological versus behavioural characteristics. Physiological characteristics are related to the shape of the body, for example a fingerprint. An example of a behavioural characteristic is a person’s voice.

Biometrics being employed to identify persons is now the next hype. All sorts of clever combinations of different biometric ideas are now in fashion. Whilst many technology firms are now investing large sums of money in alternative biometrics, none of them addresses the possibility/danger that a Biometric ID can also be impersonated.

Read more...

When your Biometric ID is copied or stolen, we have a much worse situation than in case of theft of a “regular” ID. This is because the theft of your Biometric ID will victimize you for the rest of your life because we cannot replace a finger, face, voice or eye when your Biometric ID is stolen. Contrary to Swipe ID (we do not store fingerprints) most biometric access control databases do store Biometric ID’s, thereby putting you at risk.

Furthermore, the ongoing increase in tracking, tracing and profiling consumers for commercial purposes is neither stopped by common Biometric systems. Many companies collect your personal information with a view toward compiling a complete 360-degree picture of your life. Google is one of the biggest companies collecting many different bits of information to profile us. However, the privacy concerns surrounding it are becoming bigger and bigger and they need to be addressed.

Both problems described above are solved by the Swipe ID: with your personal Swipe ID your identity is protected and identify fraud becomes impossible since we do not store your fingerprint. Furthermore, we do not profile you, thereby giving you back full control of your privacy.

Security in online banking & mobile payments

This section explains the most important aspects of current and upcoming financial regulations and guidelines that are related to Swipe ID and electronic transactions*.

In recent years, the security risks related to electronic payments have increased, which is due to the greater technical complexity of electronic payments, the continuously growing volumes of electronic payments worldwide, the emerging types of payment services and the rising use of payments done through mobile devices.

Read more...

As safe and secure payment services constitute a vital condition for a well-functioning payment services market, users of payment services should be adequately protected against such risks. Swipe ID accomplishes this, since it aligns with the Second Payment Services Directive (PSD2) that has been created for this purpose.

PSD2 is a fundamental piece of payments-related legislation in Europe, which entered into force in January 2016. PSD2 is the product of a review of the original Payment Services Directive and requires payment service providers (PSPs) to make a significant number of changes to existing operations. PSD2 will set out a common legal framework for businesses and consumers when making and receiving payments within the European Economic Area (EEA).

PSD2 must be transposed into national law by Member States by 13 January 2018, which means that the majority of the legal provisions will apply from that date. However, PSD2 empowers the European Banking Authority (EBA) to develop a number of guidelines and technical standards, including a mandate to deliver regulatory technical standards (RTS) on strong customer authentication and secure communication, implementation of which will run to a different timetable. In short, this means that the RTS will apply at the earliest from September 2018 but the deadline could extend into 2019 depending upon how long it takes to finalize and publish the RTS.

PSD2 also originates from the high level of fear and distrust with consumers especially regarding embedded banking applications currently used on mobile devices. This is fuelled by the fact that hacking mobile telephones is gaining popularity, and thus also hacking and unauthorized entering of (banking) applications used with the phone.

Furthermore, research shows that European consumers are ready to use biometrics for securing payments, likely caused by the increased popularity of hacking mobile phones: 2/3 of consumers want to use biometrics for payments. Fingerprint recognition has proven to be the most popular and the most secure form of biometrics.

Due to the developments and upcoming legislation described above, and in order to be able to offer the most secure and most convenient solution possible, the second version of Swipe ID will be a mobile phone cover that incorporates our technology. This aligns perfectly with the Regulatory Requirements for (mobile) Internet payment and covers even more than the elements mentioned by the EBA as regards to the proposed Regulatory technical Standards on strong customer authentication and secure communication. According to the EBA, strong customer authentication is the most efficient measure to fight against (identity) fraud. Although not a firm requirement imposed by the EBA, according to us, (mobile) Internet transactions can however only offer the strongest form of customer authentication when a separate hardware device is complemented with a biometric characteristic. That is why the second version of Swipe ID will continue to be a separate hardware device.

The second version of Swipe ID will however be more convenient since it eliminates the need for a separate device to carry along – as is the case with Swipe ID version 1 – since the separate cover is attached to one’s mobile phone, whilst keeping independency from the phone’s technology/software. This setup maintains maximum security: due to the technological independency from the attached Smartphone and our “known hardware” philosophy (see section “Central Matching Base”), hacking of Swipe ID phone covers and/or performing unauthorised transactions with our technology through the phone, becomes impossible. Swipe ID’s phone cover thus provides the highest possible form of (future proof) access security and combines this with utmost convenience. The applications and scalability for Swipe ID Smartphone covers are massive, keeping in mind that for 2017 the number of mobile phone users is forecasted to reach almost 5 billion.

However, we don’t impose the setup of having a separate device (whether being version 1 or 2 of Swipe ID) on all our partners. For example our bank partners also have the possibility to use third party identifiers (like a mobile phone) to connect to our platform (thus not using Swipe ID hardware devices). This enables our bank partners to have one single platform for all types of clients and offer all these clients a high level of usability but offer the device itself only to certain clients (see also section “Why yet another device?”). For clients that have a small amount of credit, movements and transactions on their account, our technology can be integrated in the third party device. In this way it offers a market-conform level of security whilst also offering a high level of usability. And for clients that have a more substantial amount of credit, movements and transactions on their account, a separate Swipe ID device can be provided for the utmost level of security.

* Part of the information in this section is sourced from www.paymentsuk.org.uk and www.eur-lex.europa.eu.

How & Where

 

How Swipe ID works

Swipe ID is a personal device that can be registered to one person only. When you want to gain access to any offline or online location, you just swipe your finger over your personal Swipe ID. The incorporated spoof-proof radiofrequency sensor with Life Detection then captures an image of your fingerprint.

Your fingerprint is then transformed into a template. The template is a vectorized representation of the most important characteristics of your fingerprint. An image of your fingerprint is not stored; the template is just a small piece of information (2,2Kb) of the whole finger data. This data is not of interest to anybody trying to commit identity fraud with your fingerprint.

Read more...

Before sending the template to the user database, it is digitally signed, time stamped and hashed for additional security. The user database then checks which person is registered to the serial number that it receives and whether the serial number involved has no cases of loss or theft registered. If that is all OK, then the user database communicates with the Central Matching Base which person is involved, which enables the Central Matching Base to determine which (maximum 6) templates are eligible for matching. The Central Matching Base then compares the received fingerprint template(s) with the stored templates that were registered to the user when he/she enrolled. If there is a match between the received template and one of the previously registered templates that correspond with this person (and thus corresponds with the Swipe ID serial number), only then access will be granted. The matching process allows you (after positive authentication) to perform a secure action, for example to make an online payment, access a certain website or open a door.

Matching can also be done locally (i.e. not through our Central Matching Base). For example, the door of your home or car could be opened with your Swipe ID when our small receiver has been installed inside your property or vehicle. In that case the receiver performs the task that would otherwise be performed by the Central Matching Base.

Activation & Enrolment

There are two ways in which an Individual can activate Swipe ID: Self-activation or activation through a third party that performs a verification of the individual to be enrolled (for example a bank or a public official).

Self-activation is valid for private use applications that correspond to a basic security level, for example accessing websites and emails or opening the door of your home or car. Third party activation is valid for high(er) security uses, for example to be able to use Swipe ID to e-sign Notary documents or to perform bank transfers.

The various steps involved in these two activation processes are described below.

Read more...

Self-Activation (includes self-enrolment)

After you have received a Swipe ID by post or collected it from one of the pickup points, the process to activate your Swipe ID and to enroll yourself is as follows:

• You download the App from the Swipe ID website and you install the App. During this process, your email address and mobile phone number will be requested.

• After installation, an email with confirmation link is sent to you. In addition, a code is sent to your mobile phone.

• You click on the link in the email and fill in the code.

• The App now asks for the Swipe ID to be connected. You connect it to your computer or mobile phone (through Bluetooth or USB).

• The system asks you to enroll (maximum) 6 fingers on your Swipe ID.

• You place your fingers on your Swipe ID. After each finger, a confirmation/validation message appears that it has been enrolled correctly, followed by a request to place the next finger.

• After the last finger, a message confirms that the registration process has been completed and that the fingerprint templates are now registered to the serial number of the Swipe ID. You can now start using your Swipe ID.

Third-Party Activation

There are two ways in which third parties (for example a bank) can work together with Swipe ID: Using their own system to activate (and possibly enroll) you or using Swipe ID’s platform to activate (and possibly enroll) you. In the first scenario, the process involves an App that needs to be installed within the third party’s system. In the second scenario, this App is not necessary.

With a third-party activation, the following applies:

• Your identity will first be validated by the third-party employee (by checking your passport or other document, as required by the third party). This third-party validation is the biggest difference compared to self-activation.

• Your details are then selected by the employee in the App or your details are entered manually in the Swipe ID platform by the employee (whichever procedure has been chosen by the third party).

• After you have been selected by the employee, your Swipe ID is held close to a NFC reader and you are then registered to the device.

• After this, an email with a confirmation link is sent to the third-party employee and to you. In addition, a code is sent to your mobile phone.

The actual enrolment (registering the fingerprint templates) can now be done during your visit at the third party’s location or afterwards when you are back home (using a mobile App or App to be installed on your desktop computer). The process of enrolment is similar to the steps described for self-activation, as mentioned above.

Identification Levels

Depending on the type of use of your personal Swipe ID, various identification levels can be assigned. Swipe ID offers 4 identification levels:

• Level 1: All users can start with level 1, allowing (anonymous) self-activation and self-enrolment (as described above). This means that a user can enrol with any chosen personal details. If you want to raise the level after this self-activation, the personal information must be verified by a third party (bank, public official, etc.).

Read more...

• Level 2: Basic level of identification. In this case, a basic check of the individual takes place at the third party involved, for example a member club, gym or stadium that wants to verify your age, name or similar details before allowing access.

• Level 3: High level of identification. In this case, a comprehensive identity check takes place at the institution involved, f.i. enrolment for banking services with your local bank.

• Level 4: On this ultimate level, the individual is identified and verified by a public official when initially activating the Swipe ID device. After this one-off verification, the verified individual can use his/her personal Swipe ID for many different applications for secure online and offline access. At level 4, the Swipe ID becomes your e-Identity and digital signature and it can be used (for example) to e-sign notary transactions online and crossing the border. Of course, at this level, you can also use your Swipe ID for all uses that belong to a lower Identification Level, for example bank transfers. Furthermore, on level 4 Swipe ID provides a (patented) eIDAS and FIDO certified notary service, guaranteeing the identity of individuals online and offline; transactions made by Swipe ID users are always totally secure.

Please note that the Swipe ID can also be used together with an existing system or App to support the authentication of an individual and to provide secure online or offline access. Therefore, it is not necessarily a replacement of an already existing App or access system in use.

Where to use Swipe ID

Your Swipe ID can be used for many different purposes. It is faster and more convenient than the process of entering a password, username and/or security code. But most important of all: it is highly secure.

Since many different functions can be performed for various purposes online and offline, your Swipe ID eliminates the need for registering your personal details (like your fingerprints) with various parties in different databases and/or on various devices, which increases the risk for identity theft and identity fraud.

Just one device is needed for all different purposes. And since you only need to enrol once for all possible purposes, it doesn’t just make Swipe ID the most secure device available, but also makes the entire process very convenient.

Some of the most important uses of Swipe ID are mentioned below.

Read more...

When you have your car fob-size Swipe ID with you, you can forget about passwords, login names, boarding passes, credit cards, keys, and many other items that you can leave at home from now on.

For the below-mentioned uses to become available, you must have installed the Swipe ID App, and there needs to exist a collaboration between the service provider / third party and Swipe ID. If there is no third party involved, our small receiver (the “N3 box”) must have been installed inside your car, home, yacht, etc. to allow for access control.

Finally, only in case of Identification Level 4, as described above, all below-mentioned uses are available; for lower Identification Levels, certain uses are not enabled.

 

Banking & Online Shopping

With your personal Swipe ID you can make any kind of transaction online and perform payments from your bank account, provided that your bank collaborates with us. Furthermore, purchasing goods and services online has never been so secure and convenient; your Swipe ID offers the ideal solution for all your e-Commerce transactions.

When you wish to make a bank transfer, you first login to your bank’s website with your Swipe ID. As soon as you open the bank’s website you choose the preferred login option in the menu that pops up, in this case “Login with Swipe ID”. By swiping your finger by the device, you get access to your online banking environment. When you then wish to make a transaction, you fill in the required fields (amount, account number, etc.) and choose the option “confirm with Swipe ID”. Your Swipe ID instantly receives a message from your bank, you check the Swipe ID’s display to make sure the amount is correct, swipe your finger by the device and the transaction is confirmed. This means that your Swipe ID eliminates the need to use Signature Codes, Coordinates Cards, Token devices and SMS confirmation codes.

For purchasing goods and services online, the procedure is similar: As soon as you go to the shopping cart of your web shop and proceed to check-out, you choose the option “Pay with Swipe ID” and you select the credit card to be used for the payment. Also in this case, your device will instantly receive a message from the online Payment operator and you will check the Swipe ID’s display to make sure that the amount is correct. Then you swipe your finger by the device and the purchase is confirmed. Here, your Swipe ID eliminates the need for a credit card, additional signature confirmation, SMS code confirmation, etc. Just a simple finger swipe is enough to complete the online purchase procedure.

Please note that purchasing goods and services online can also be done by authorizing a bank transfer. However, since it is not very common using your bank account or transfer money to pay in a web shop, in the case mentioned above, the use of Swipe ID as emulating a Credit Card has been described (which is the most common way).

 

Online Use & Securing Websites

Swipe ID can secure your access to any website, without the use of a username and password. In case you want a website only to be accessible by you (for example a gambling or dating website where you have an account) or for accessing certain membership websites, you can configure it as such by choosing the option “only allow login through Swipe ID” in your account settings for that website. The same applies to any other online service. The website will then always ask you to swipe your finger to login.

 

Cloud Access

Swipe ID also secures access to your cloud storage, preventing that other people can view or change the documents and files that you are exchanging with others. To log in, the cloud service will then always ask you to swipe your finger by your Swipe ID.

 

Email Security

If you don’t want that other people can get the information contained in your email communications, Swipe ID enables you to control access to your email accounts. Furthermore, if both persons in an email conversation own a Swipe ID, both persons are protected by the “end to end” encryption protocol provided by Swipe ID, which makes all communications private. It also allows to sign your email, so the person that receives it can verify that the communication comes from you, avoiding impersonation.

 

File Protection

In case you need to encrypt secrets or qualified information in a secure way that only you can access, Swipe ID provides the solution. It allows you to encrypt and protect your files from access by others. You can restrict access only to certain folders on your computer or other devices (photos, videos, etc.) and only allow access to those folders by decrypting them, using your Swipe ID.

 

Device Access Protection

Swipe ID can protect the access to your device, restricting it to only you. If you want your laptop, iPad, computer or other device only to allow access after swiping your finger, you can configure this with the Swipe ID App.

 

Travel: Boarding Passes, Transport Tickets, Crossing Borders

Your Swipe ID is also a convenient travel companion. First, it can serve as your train ticket or airline boarding pass. During the ticket purchase process, in the menu that pops up you choose the option “Swipe ID identification” with your travel service provider (for example your airline company). During this process, you will also be asked to swipe your finger by your Swipe ID. At the moment that you want to check in and board at the train/bus station or airport, you just swipe your finger by your device whilst you hold it close to the NFC reader of the transport company. Nothing else is needed to provide access (no passport, common ID, boarding ticket or anything else).

Secondly, your Swipe ID eases the process of passing through (airport) security checks. When you have been assigned Identification Level 4, it means that your identity has been verified in a profound way. Since your identity is guaranteed, it is expected that these checks will be faster than the regular security checks because you will be able to pass the security checks through a separate lane.

 

Official Documents: Digital Signatures & Notary Use

In case you want to digitally sign a document (for example to buy certain goods or services), you can choose to sign with Swipe ID. This provides the counterparty with a guarantee that it was indeed you who signed the document. On the Swipe ID platform, after signing in to your account, you upload the document it concerns and choose the option “Sign with Swipe ID”. After you have swiped your finger by your device, you receive the document back by email with a Swipe ID seal confirming that your identity has been verified with Swipe ID. Alternatively, you can send it straight to the recipient from your account page. When you forward the document to the counterparty (or when it is sent straight from the platform), the recipient has the guarantee that it was signed by the authorized person.

Also for Notary documents (for example signing a property title deed) Swipe ID offers the utmost speed and convenience. For signing these kinds of documents, a similar procedure applies as described in the foregoing section. On the Swipe ID platform, you choose one of the affiliated notaries that are available at that moment (listed per country), upload your document to be notarized and request a “Swipe ID Notary Seal”. The notary instantly connects to the platform and asks you to swipe your finger by your device, after which the seal will be applied and you get the document delivered by email instantly.

 

Physical Access: Homes, Vehicles, Yachts, etc.

Swipe ID can also be used for opening the door of your private property such as your car, boat or home. For this purpose, a small box, the “N3 box”, will be installed in your home, car, or boat. When you want to get access, you just swipe your finger by your device that communicates with the N3 box inside your property. If there is a match with the previously registered fingerprint template, the N3 box sends a signal to the door lock that access can be granted and the door will open.

 

Third Party Locations: Stadiums, Member Clubs, etc.

Swipe ID offers the possibility to all kinds of third party premises and physical locations to incorporate our disruptive access technology. Some examples where you can use your Swipe ID in this respect are discotheques, member clubs, gyms, football stadiums and big events. After you have been verified by the third party (as described above in Identification Level 2), and a NFC reader has been installed at the third-party location, you will be able to access their location by swiping your finger by your device while you hold it close to the NFC reader at the entrance gate.

 

Corporate Use: Time & Attendance, Remote & Physical Access

Swipe ID is also an ideal tool for secure access control in online or physical corporate environments. In a similar way as described in the previous sections, Swipe ID can provide you access to your employer’s office building, IT devices and computer files. In addition, Swipe ID can be integrated in Time & Attendance systems providing employers with a watertight system that guarantees the identity of the employees checking in or checking out.

 

Other Uses

In addition to the above-mentioned uses, Swipe ID can also be deployed in other sectors like border control (immigration services), law enforcement situations, medical environments (hospitals, medical dossiers, blood banks, etc.), schools, hotels and many more.

Why yet another device?

 

Several new biometric authentication technologies and devices have become available over the past few years in many different forms. This raises the question why we felt the need to create yet another separate device, with yet another new (database) technology.

Furthermore, it raises the question why our technology could not be integrated in other technologies and thus why it needs to be an independent (separate) device. In other words, what makes Swipe ID and the technology involved so different and better than anything else on the market, what justifies the creation of yet another separate device?

Although a new, separate device might not seem convenient (to carry around) and thus might seem illogical at first sight, we wanted to develop a completely new ecosystem altogether. The reason for this, is that we want to offer a solution that fulfils all of the following requirements.

Click here to learn more

  1. The most secure and best protected way for online and offline access, protecting one’s personal data and avoiding unauthorized access;
  2. The most trustworthy way for online and offline access, circumventing the limitations of False Acceptance Rates (FAR);
  3. The fastest response time (matching < 1 second) when dealing with a high volume database (i.e. billions of fingerprint templates);
  4. The most versatile device that can be used for many different applications and services, online and offline;
  5. Easy integration from a software perspective, stimulating collaboration with many businesses, sectors and markets;
  6. The highest scalability provided by the natural result of requirements 4 and 5.

Since the combination of a platform with an integrated device that offers all of these characteristics does currently not exist in the market, our company Primary-Net has worked towards a solution offering the combination of the benefits described above, the result being Swipe ID (device) and Biocryptology (technology). This combination of benefits cannot be obtained by incorporating (part of) our technology or device in other systems or in collaboration with existing devices. Therefore a separate technology and device needed to be developed. These above-mentioned characteristics will be explained below.

 

1) The most secure way for online and offline access

Swipe ID and Biocryptology offer the most secure way of authentication, due to several reasons.

First of all, it is based on a closed end-to-end system where only “known hardware” communicates with other “known hardware”: unknown elements can’t access our data or devices. If unknown elements try to enter our database or the authentication/ communication process (which is very unlikely to happen), it is impossible to perform a matching. Swipe ID can be registered to 1-person-only, based on its serial number.

This means that on the user’s side two elements need to be present at the start of the matching process in order for it to work: a (living) finger and the corresponding device (= known hardware), that has been previously registered to the user that swipes his/her finger. Since it is a personal device no one else can use it (and it is no problem when it gets lost or stolen). The concept of allowing only communication between “known hardware” is the only way to make sure that hackers/criminals won’t be able to get unauthorized access, since our system does not allow unauthorized/unknown hardware to submit a request for access.

This also means that technologies not working through this method (i.e. all other currently available biometric access control technologies) cannot be as secure as Primary-Net’s technology. Working with other (external) technologies and/or devices not known to the system makes the matching process a priori less secure and puts database protection at risk since it opens the door for hackers and unauthorized matching. Primary-Net believes that this should be stopped at the “front door” and attains this by not allowing unknown sources (that could have a bad intention) to connect to our system in the first place.

Secondly, our technology and Swipe ID work with 1 central database; no third party databases are involved in the matching process. Additionally, if the client wishes, there is the possibility of a distributed database to be installed at one or more different client locations that optionally connect to our central database. The main benefit of working with one central database for all possible applications is that it avoids the need for a person to register one’s personal data in various databases and/or with various parties. This is however still a common situation nowadays: people leave their fingerprint details with airport security, the hospital, their local gym and their employer’s office (to name just a few). In many cases this even concerns full fingerprint details (Please note: Primary-Net does not store full fingerprint details, just templates, see further on).

Registering one’s data in various databases increases the risk for identity fraud and according to Primary-Net this should be avoided and thus explains the creation of a central database, the Central Matching Base. We have designed the Central Matching Base, our technology and Swipe ID in such a way that it can work with all kinds of parties that want to collaborate with us (based on low cost and easy implementation). The bottom line is that there is only one central place where one’s details (i.e. templates, not fingerprints) are registered. Swipe ID users don’t need to leave their details elsewhere anymore.

Thirdly, the device itself offers a Life Detection Sensor, a 3-D Radio Frequency fingerprint scanner, electronic tamper protection, time stamping and hashing. A high-level encryption algorithm makes sure that the communication between the database and the device is highly secure. Although these features by themselves are not unique, they are of the highest possible level and thus add value to the security of Swipe ID and our technology.

Fourthly, no fingerprints are stored (neither in the device, nor anywhere else in our system). Just templates are stored, these are simplified and vectorized representations of a fingerprint, not containing information of interest to criminals/hackers. Many common biometric systems do however store full fingerprint details, which make these systems highly vulnerable in case of database theft, since the registered persons are victimized for the rest of their lives because fingerprints cannot be replaced like a username or password.

2) The most trustworthy way for online and offline access

Swipe ID circumvents the limitations of the False Acceptance Rate (FAR), the typical downside of matching systems. This makes our system highly reliable. The FAR, is the measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. A system’s FAR typically is stated as the ratio of the number of false acceptances divided by the number of identification attempts. Since Swipe ID is a personal authentication device with maximum 6 fingerprint templates registered to the serial number of the device, a “false acceptance” is almost impossible. This is because it is highly unlikely that a criminal’s fingerprint will look similar to one of the (maximum) 6 fingerprints of the person that originally has been registered to the device.

The FAR is however an issue in case several thousands (or more) persons have registered to the same biometric device (which occurs with common biometric access systems) since in that case the chance that the criminal’s fingerprint looks similar to one of the other thousands of fingerprints is higher and thus also the chance for gaining unauthorized access (=FAR) is higher. Commonly employed biometric access systems allow more than one individual to register to the device and to use the system (in many cases thousands or even tens of thousands of users are registered to the same device). Swipe ID is a personal device that works with only one registered user and his/her corresponding fingerprint templates, making a FAR almost non-existent.

The only way that Swipe ID could have a FAR comparable with common biometric systems is in the event that tens of thousands of criminals will swipe their living finger (no copies) on 1 specific, stolen personal Swipe ID, a situation that is obviously highly unlikely to occur (apart from the fact that a stolen Swipe ID will already have been reported as stolen and thus will have been excluded from the system anyhow).

3) The fastest response time with a high volume database

None of the currently available Biometric systems work with a personal device where the serial number (or any other unique identifier of the device) plays a key role in the matching process. In the case of Swipe ID the personal device guarantees that (when applying for access) the Central Matching Base has to compare the template that it receives only with a maximum of 6 templates as registered to the corresponding Swipe ID’s serial number. This type of matching is called “One to Few” and offers the big advantage that it can perform matching < 1 second when dealing with a high volume of database entries (i.e. billions of fingerprint templates). In the case of any other biometric access system currently on the market, such a fast response time cannot be reached due to the fact that it needs to search the entire database (with maybe hundreds of millions of fingerprint data) that could result in a response time of many seconds, something that would (commercially) not be acceptable.

4) The most versatile biometric access device

Swipe ID does not have just one use, like most of the currently available biometric access control devices. Swipe ID is the most versatile identification device available, just one device that serves for all online access and offline access, replacing all access codes, passwords, login names, car fobs, passports, boarding passes, credit cards, etc.

It is suitable for many different applications, from online banking and e-Commerce to Time & Attendance and secure access to real world places, like member clubs, stadiums, gyms, properties, vehicles, etc.

5) Easy integration

Throughout our secured API and pre-developed modules, any company can easily integrate an existing system with our user identification, authentication and authorization module in any website or identity server (LDAP, Active Directory, etc.). For the physical perspective we employ/install our “N3 device” that provides the connection with the Swipe ID in order to give physical access.

6) The highest scalability

Since Swipe ID can be used for many different purposes, combined with the fact that our technology can be easily integrated, the business model is also highly scalable, which is very beneficial from a commercial point of view. Other Biometric access control systems currently on the market are not capable of scaling to the level that Swipe ID can. Swipe ID is therefore the only system that is capable of becoming the worldwide standard for secure access control.

Technology

Biocryptology

Swipe ID is based on Biocryptology®, a disruptive biometric-based authentication technology. The term emphasizes the relevance of encryption to make biometrics based identity verification and electronic transactions private and secure.

It consists of unique biometric identification and anti-tampering mechanisms combined with a high quality encryption algorithm. The sum total of which provides extremely robust security, addressing some major challenges facing current access protocols today.

Read more...

Biocryptology is based on the principle that biometric information is encrypted. The biometric information consists of a fingerprint scan that is captured by the tamper-protected biometric device, the Swipe ID. This biometric information is then transformed into a vectorized representation of the user’s fingerprint. This vectorized representation is called a template.

For authentication, a biometric verification or identification takes place, whichever applies (verification answers the question “Is this person who he says he is?” whereas identification answers the question “who is this person”?).

Biocryptology uses several algorithms, among others symmetric encryption keys, which offer the highest form of security (keys are pieces of information that determine the functional output of the algorithm). These encryption keys use a large key space (256 bits) and are not stored in the software so they don’t travel through the system, nor can any administrator or privileged user gain access to them.

Instead they are stored in a Hardware Security Module (HSM device) in a safe, fixed place being separated from the Central Matching Base (our database). This ensures maximum protection of the keys against theft and any type of external reading. The keys can only be used internally by the Swipe ID and our platform.

Central matching base

Biocryptology authenticates (matches) a user in a central place (the Central Matching Base) or in the N3 receiver (in case of offline use, for example for opening your car door).

The Biocryptology platform consists of a closed system with only “known hardware” being able to communicate with other “known hardware”: It’s of course much easier to protect data when stored in a closed system with devices that must be known by the platform instead of having data stored inside many different (third party) devices that are not known by the system, as is the case in many common biometric access systems.

Read more...

A great contribution to the high level of security in our systems is provided by the fact that our entire platform with all connected devices is a complete end-to-end authentication solution developed in-house. Only Swipe ID can communicate with our own Biocryptology platform.

Since the involvement of third parties usually increases the risk of compromising security and privacy of the users, we have decided not to depend on third parties to deliver a complete authentication platform. Hardware, firmware, software, server communications, etc.: everything is developed by our own company, which guarantees the highest security standards, highest convenience for use and integration and the lowest costs.

Most of the common biometric access systems do not provide full transparency about where and how they store data and neither what they store exactly. Do they store full fingerprint details or just a template? And: how is that database protected?

Users that register their biometric details with various parties or a party that does not provide the highest level of security, find themselves in a risky position, due to the fact that their fingerprint details could be stolen. When a Biometric ID (like a fingerprint) is stolen, we have a much worse situation than in case of theft of a “regular” ID. This is because the theft of a Biometric ID will victimize the person for the rest of his life because we cannot replace a finger, face, voice or eye when a Biometric ID is stolen. 

The combination of the Swipe ID, the Central Matching Base and the “Known Hardware” feature eliminates the need for a person’s biometric data to be left at many different places, which would increase the possibility that the (stored) biometric data will be stolen and misused. Even if a hacker would be able to enter our highly protected Central Matching Base or N3 receiver, he will not find any information that could be used to commit identity fraud since only fingerprint templates are stored.

Security features

Swipe ID and our platform offer the highest form of security in hardware, software, firmware, protocols, database management & protection and physical security of our premises.

Swipe ID security features:

  1. 3-D Radio Frequency sensor

In our aim to make the Swipe ID spoof-proof, we have studied many different models of fingerprint readers. From all these models we selected the one that is the most convenient and that offers the highest quality. Our 3-D Radio Frequency sensor captures a 3D image of the fingerprint instead of a 2D picture, which provides additional information to the matching system and avoids spoofing with basic tactics.

Read more...

2. Life Detection Mechanism

Every Swipe ID incorporates a Life Detection Mechanism. This obligates the user to swipe a (living) finger by the sensor. This is another unique feature in our attempt to make the device spoof-proof.

3. Anti-tampering mechanisms

Swipe ID also offers an Active Electronic Tamper Protection (which is the highest form of tamper protection), making the Swipe ID resistant to hardware attacks.

Platform security features:

  1. Data Protection

Data is protected behind several layers in our platform:

Firewall: evaluates every connection to the system and detects whether an intruder got access to the system, or if the system has been attacked or abused.

Secure API: every system that is able to access our platform needs a special key to be allowed. Keys are renewed from time to time to avoid any security compromise.

Backend: verifies every transaction and keeps out any inconsistencies. In case someone is trying to access the system in a way that is not allowed, the system detects it and blocks the connection.

Database: our database is secured with encryption and blocked access embedded in the infrastructure; only our backend is able to communicate with it. Additionally, all data is protected for editing, so if any external source gains access and changes something, we will detect the change and put the register under quarantine.

Private networks: all above-mentioned layers are separated in different levels of private networks, so there is no direct access from one layer to the other layer. Only our own apps can cross those barriers.

Code signature: all applications are digitally signed, and every time that a server (re)starts or a new server joins the system, those signatures are verified, so any modification in our applications can be detected immediately and put under quarantine.

  1. Periodic system/database integrity checks

Biocryptology applies periodic system/database integrity checks, which means that an automatic system verifies internal signatures in the software and database that nothing has been modified in the core system. This allows a system administrator to check if an unauthorized person accessed the system and/or made changes to the system.

  1. Controlled and secured access

Biocryptology has a controlled and secured access to system administration. Only through our own Swipe ID, a system administrator can log in to the system. Every operation done by the system administrators is monitored and saved for future audit. Revocable access exists at any time. This is a far better and more secure way than accessing the servers with a username and password.

  1. No vital information stored

The Central Matching Base only stores your fingerprint template. This information cannot be used for impersonation as regards to identity fraud. So even when a hacker would be able to access this database, he wouldn’t find any data that would enable him to commit identity fraud.

General security features:

  1. Random Key Generation

Keys are used to encrypt/decrypt information. Biocryptology secures the biometric data and the communications between the Swipe ID and our platform by Random Key Generation. Random keys make it more difficult for an attacker to unravel the information.

  1. Digital Signatures

Biocryptology also secures the biometric data and the communications between the Swipe ID and the Central Matching Base (or N3 Receiver) by digital signatures. Every message between the Swipe ID and the server is signed digitally, which means that only our own developed devices are able to communicate with our matching server. In case of offline use, digital signatures are applied to the communications between the Swipe ID and the N3 receiver (that is installed inside the property, car, etc.).

  1. Time Stamping & Hashing

Finally, Biocryptology secures the biometric data and the communications between the Swipe ID and our platform by time stamping mechanisms combined with hashing (hashing is a function used to map data of arbitrary size to data of fixed size). Each message is time stamped using our platform’s certified time reference and then is hashed with a 256bits digest algorithm. This means that if there is a time delay between the Swipe ID and our platform, if the hash code is being changed, or if there is a “replay back attack”, the platform or the Swipe ID will refuse the message and will request a new message from the device or server. This means that a hacker (“man in the middle”) can’t intercept data during communications without being detected. In case of offline use (with the mobile Swipe ID), the time stamping task is performed by the internal certified time reference inside the Swipe ID itself, communicating with the N3 receiver.

Browsers and operating systems

The Swipe ID is compatible with the following browsers:

  • Windows: Internet Explorer 11, Microsoft Edge, Mozilla Firefox (from V.47) and Google Chrome (from V.45).
  • Mac OSX: Safari (from V.9), Mozilla Firefox (from V.47), Google Chrome (from V.45).

Furthermore, the system is compatibility with the following Operating Systems:

  • Windows: 7, 8 and 10 (32 bits and 64 bits).
  • Mac OSX: 10, 11 and 12 (Yosemite, El Capitan, Sierra).
  • Linux: Ubuntu and Debian.

The platform and the Swipe ID work on tablets, laptops, desktop computers and mobile devices.

Certifications

Swipe ID and Primary Net are currently in the process of obtaining the highest form and the most extensive list of certifications on all aspects of the technology, as well as regards to the organization itself. The list of standard and optional certifications to be included is mentioned below.

Part 1: Standard Certifications Included

GOVERNMENT – COMPANY – QUALITY

  • ISO 9001:2015. Quality Management Systems (QMS)
  • ISO 27001. Information Security Management System (ISMS)
  • Organic law on the Protection of Personal Data (LOPD) 15/1999.

Read more...

HARDWARE SECURITY

  • ISO/IEC 15408 Common Criteria for Information Technology Security Evaluation (hardware, software and firmware) EAL3+
  • FIPS 140-2 level 3, Security Requirements for Cryptographic Modules
  • FIPS 180-4, Secure Hash Standard (SHS)
  • ISO/IEC 19790 Information technology – Security techniques – Security requirements for cryptographic modules

 DIGITAL SIGNATURE

  • ISO 14533-1: Advanced Digital Signature CMS (CAdES)
  • ISO 14533-2: Advanced Digital Signature XML (XAdES)
  • ISO 14533-3: Advanced Digital Signature PDF (PAdES)
  • eIDAS Regulation (EU) 910/2014

 SOFTWARE

  • OpenID Connect
  • SAML
  • ISO/IEC 27034-1:2011 Security techniques – Application security OWASP
  • Application Security controls project OWASP 

HARDWARE MANUFACTURING

  • IPC-A-610, Acceptability of Electronic Assemblies
  • IEC 62321:2008 Electrotechnical products – Determination of levels of six regulated substances (lead, mercury, cadmium, hexavalent chromium, polybrominated biphenyls, polybrominated diphenyl ethers)
  • RoHS Compliant (Restriction of Hazardous Substances). The RoHS directive 2002/95/CE aims to restrict certain dangerous substances commonly used in electronic and electronic equipment.
  • IEC Electromagnetic Compatibility (EMC)
  • EN 61000-6-1:2007 Electromagnetic compatibility (EMC) – Part 6-1: Generic standards – Immunity for residential, commercial and light-industrial environments
  • EN 61000-6-3:2007 Electromagnetic compatibility (EMC) – Part 6-3: Generic standards – Emission standard for residential, commercial and light-industrial environments

SOFTWARE QUALITY – PROCESS – TESTING

  • ISTQB (International Software Testing Qualifications Board) Methodology
  • ISO/IEC/IEEE 29119 Software Testing:
    • ISO/IEC 29119-1: Concepts & Definitions (published September 2013)
    • ISO/IEC 29119-2: Test Processes (published September 2013). ISO/IEC 33063:2015 Process Assessment Model. ISO/IEC 33020:2015 Process measurement framework for assessment of process capability
    • ISO/IEC 29119-3: Test Documentation (published September 2013)
    • ISO/IEC 29119-4: Test Techniques
    • ISO/IEC 29119-5: Keyword Driven Testing
    • The ISO/IEC/IEEE 29119 standards replace several existing software testing standards:
      • IEEE 829 Test Documentation
      • IEEE 1008 Unit Testing
      • BS 7925-1 Vocabulary of Terms in Software Testing
      • BS 7925-2 Software Component Testing Standard

 

Part 2: Optional Certifications (depending on client) 

  • ANSI X9.31-1998, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)
  • ANSI X9.80, Prime Number Generation, Primality Testing and Primality Certificates
  • ISO/IEC 29115:2013 – Entity authentication assurance framework
  • ISO/IEC 29110 – Small organizations, life cycle Profiles & Guidelines
  • ISO/IEC 29100 – Security techniques
  • ISO/IEC 15504:2003 (uses the process model for ISO/IEC 12207:2002): Software Process Improvement Capability Determination (“SPICE”)
  • ISO 20000-1: 2011 and 20000-2: 2007 – Information Technology Service Management and Information Security Management
  • ISO 28000/28001: Supply Chain Security Management Systems Package
  • ISO /IEC JTC 1/SC 37: 2007 Harmonized Biometric Vocabulary
  • ISO/IEC 24759:2014 Information technology – Security Techniques – Test Requirements for Cryptographic modules
  • ANSI X9.62-2005 – Public Key Cryptography for the Financial Services Industry
  • IEEE Std. 1363-2000 – Standard Specifications for Public Key Cryptography
  • Commercial Standards: PKCS #13 – Elliptic Curve Cryptography Standard
  • PCI DSS Compliant (Payment Card Industry Data Security Standard)
  • FIDO CERTIFICATIONS:
    • UAF: Server, Authenticator and Client
    • U2F: Server and Authenticator
  • PIV-071006 and FIPS 201 standards specify parameters that devices must meet to guarantee a correct acquisition of the fingerprint image for “Personal Identity Verification” (PIV). The requirements in those standards are:
    • Linearity
    • Geometric Accuracy
    • Spatial Frequency Response
    • Signal-to-Noise Ratio
    • Fingerprint Image Quality
  • NIST – FIPS PUB 186-4, Digital Signature Standard (DSS)
  • ISO/IEC 25000:2014 Systems and software Quality Requirements and Evaluation

About Us

Swipe ID is developed by Primary-Net, a privately owned authentication technology firm. The company develops biometric and authentication management technology, specifically designed to address the growing global problems facing security, privacy and identity theft and fraud. This technology makes it easier and safer to gain access to and deal with the growing number of security measures required to protect identities nowadays.

Primary-Net was founded by a visionary engineer. After having earned his spurs in the oil industry with the invention of unique technologies and products and the registration of over 250 patents, he accomplished something that was widely believed to be impossible: the construction of a private, members-only race resort inside a nature reserve near world-famous Marbella (Spain): the Ascari race resort.

Read more...

ascari-pytIn search of a new, sophisticated access system for this exclusive resort in 2011, the founder of Primary-Net realised that there were no systems available that fulfilled his wishes. It needed to offer his members secure entry and access and guarantee utmost privacy. Furthermore, the system needed to be free from using keys or passwords and should be able to give access by just using one’s finger. Lacking the commercial availability of a highly secure biometric access control system, he started developing his own. The result was an innovative and very secure biometric access system for the resort that is still in use today.

Building on this accomplishment, he started his next big dream of creating the ultimate biometric solution for online identification, authorisation and authentication. It (again) needed to offer the highest level of security and be able to eliminate the use of passwords and user names. Based upon the knowledge gained with the development of the race resort’s offline access control system, together with a team of professionals from various disciplines, Primary-Net created Nexus Smart Pay, a payment system offering the highest level of convenience, speed and security for merchants and consumers alike.

nexus-swipeThis system was tested extensively in a real life situation in the USA. During a trial period of 3 years, Nexus Smart Pay offered many different types of merchants and consumers the possibility to pay for goods and services with just a scan of their fingerprint. The system was offered for free and solely served to test and fine-tune the technology. It has not recorded even one false transaction since the first day of operation, thereby providing the highest level of security in online payment solutions.

swiper-pequenoHowever, Primary-Net and its founder did not stop there. The company continued searching for the ultimate disruptive solution. A solution that would create a secure, new access control protocol. And that could be implemented worldwide in all possible sectors, for offline and online use.  A true game changer in the access control industry, setting the standard for security in biometric access systems. In other words: The Next Big Thing. After many years of development and fine-tuning this cutting edge technology, Primary-Net proudly presents the revolutionary Swipe ID.

Partners

We believe that there should not be any room for any kind of consumer insecurity regarding impersonation or identity fraud.  Whether it’s in banking, in your online life or in your daily offline life. And we believe Swipe ID is the answer. If you endorse our mission to take personal identification and authentication to the next level, we would like to get in touch.

We are very interested in forming partnerships with companies, institutions and individuals that are just as enthusiastic about Swipe ID as we are. Parties who believe that this is the Next Big Thing in security and who want to play an active role in shaping the worldwide revolution that we are going to create by changing the game and disruptively altering the access control landscape worldwide.

Due to the versatility and usability of the Swipe ID, we are looking for partners in different sectors and industries. Swipe ID can be implemented easily, is very cost-effective and highly suitable for all kinds of online access, offline access, Time & Attendance systems and access to many different real world places. Swipe ID is one device for all possible identity checks. In combination with our Central Matching Base and N3 receiver it offers the most secure access control system available.

To make the most of every partnership, we have a partner license program for banks and large corporations. In addition, we offer installation companies and third-party developers an excellent opportunity to join the Swipe ID revolution that will start in the fourth quarter of 2017.

If you are interested in finding out how we could set up a fruitful collaboration, please contact us by using the form below.

Contact

Contact form

7 + 1 =