Security as part of our mission
Our mission is to make digital identity private, secure, and simple.
Security is one of the core principles that is applied to everything we do - mobile, backend, DevOps, it does not matter, security is fundamental and key.
What is more, authentication is mission critical to businesses and individuals. Therefore, we designed idemeum in accordance with the latest best practices as it relates to CIA triad of confidentiality, integrity, and availability.
Security starts with people
idemeum team brings together years of cybersecurity experience, and we have top mobile, backend, and network security engineers. We have expertise working for the largest Fortune 500 companies across high tech and financial sector.
Standardized security processes
We are conducting continuous threat modeling and evaluation to make sure we harden idemeum even further. idemeum builds security into each step of our operations, including code release, upgrades, patch management, security policies and more.
Security by design
For idemeum backend we have taken a radical new approach by storing your personal data on your mobile device only. What that means is that we have no users’ digital identity data in our backend. Not only is it important from the privacy standpoint, but it also reduces attack surface significantly. If our backend gets compromised, attackers will get nothing from it, as there is not valuable user data there.
On a mobile side, we are following general mobile security best practices, including OWASP Mobile Top 10, in order to protect idemeum mobile application. We leverage security measures such as hardware based key encryption, jailbreak detection, data encryption, liveness detection and others.
idemeum leverages biometric based authentication that is using biometric sensors on iOS and Android mobile devices. We are using FIDO2 protocol (developed by FIDO Alliance) that is becoming the de-facto standard in the identity industry. The FIDO Alliance developed FIDO Authentication standards based on public key cryptography for authentication that is more secure than passwords and SMS OTPs, simpler for consumers to use, and easier for service providers to deploy and manage. FIDO Authentication enables password-only logins to be replaced with secure and fast login experiences across websites and apps. For public-key cryptography idemeum keeps only the public key on our servers and stores private keys on your devices in a tamper-proof secure element.
If you want to learn more, contact idemeum so that we can show you a quick demo and tell you more about our product.