VDE Institute certifies BlueID’s security

27. April 2017

Munich, 26 April 2017 – The Munich based Baimos Technologies’ IDaaS product “BlueID” has had its security tested and certified by VDE Institute, a national and internationally accredited institution in the field of testing and certification of electrotechnical devices, components and systems. BlueID has been on the market since 2006 and since then helped many of the world’s best recognized companies to make their products securely communicate and interact with smartphones in an offline mode. With its revolutionary security based on well-proven Public-Key-Infrastructure (PKI) standards that enables businesses to scale, it’s been a popular choice as the most secure access control technology in Internet of Things (IoT).

The VDE Institute has issued three certificates, one for each of BlueID’s components, which are the BlueID Trusted Cloud Service, the Mobile Device SDK (iOS, Android) and the Secured Object SDK (Software Development Kit).

In the era of IoT, billions of devices and machines from various manufacturers will have to communicate and interact with each other. Therefore identity and trust amongst them are essential elements in this communication. Without identity there can be no trust and without trust, there cannot be secure communication and interaction. PKI is a well-known security concept for large IT networks working quietly behind the scenes. It has also shown significant uptake i.e. in digital passports of more than 100 countries around the world as well as for device identity and authentication. PKI is based on unbroken security standards and has also been proven to scale across billions of devices. In the IoT, PKI can be used to authenticate mobile devices to real things, real things to cloud services, cloud services to cloud services etc. – in fact any entity to any entity.

Baimos Technologies has been convinced since 2006 that PKI will become the de facto standard for IoT security and in particular for smartphone based access control. It’s the best way to assure that the mobile key sent to the recipient is complete and has not been modified in any way – all based on asymmetric crypto and the unique secure identity per device and machine. In that sense, devices and machines are able to make decisions and act autonomously without being connected to the cloud service in that moment. The offline functionality is a fundamental requirement for robust and fast interaction between devices and machines. BlueID uses these three certified components – Trusted Cloud Service, Mobile Device SDK and Secured Object SDK – to ensure secure communication and interaction between devices and machines and to efficiently provide strictly controlled access permits.

Using the Software Development Kit (SDK), manufacturers and app service partners get the secure access technology and are in a position to apply it in all connected IoT use cases, be it Connected Car, Smart Home, Smart Building or Industry 4.0.

“The security of the technology we have been proud of for years has finally been tested and confirmed by the independent VDE Testing and Certification Institute whose certificates are recognized worldwide and in particular amongst the largest manufacturers. We cannot stress enough how important the subject of cybersecurity is when it comes to a smartphone based access control. Additionally, traditional security concepts from the RFID era are not really suited for the deployment on an always-on BYOD smartphones. The recent attacks like DDoS and Ransomware and the irreparable damage they cause to companies only confirm that functionality alone is not enough. It is starting to become crucial to have a seamless user experience, ability to scale and what is most important – an absolutely robust, highest grade cybersecurity.” says Philipp P. Spangenberg, CEO of Baimos Technologies.

Securing objects with BlueID will give organizations the confidence and trust that all interactions in the IoT are resilient to malicious attacks.

“The IoT market is expanding before our eyes and it is clear that a secure standard for access control is needed. After an in depth assessment we are happy to certify BlueID as a technology that could fulfill this requirement. BlueID is based on PKI, a system for digital certificates to ensure trusted identities and enable secure encryption, which is a well-known mechanism to create a trusted IoT ecosystem.” added Siegfried Pongratz, Head of Smart Technologies and Digital Systems at the VDE Institute.

To test the BlueID technology, the VDE test engineers built a reference system in the VDE Smart Home Laboratory in Offenbach to be able to verify the security of the system. To test the SDKs, they installed a reference application on test devices on all supported operating systems and checked the security measures, the secure data storage and the communication with the secured object and the trust center in the backend. The packets of the communication were inspected in depth and the secure encryption was verified. The Trust Center itself was inspected with penetration tests against the infrastructure and the provided Application programming interface (API). In addition, an audit of the security procedures was conducted in the location of Baimos Technologies in Munich.


About the VDE and the VDE Institute:

The registered Association for Electrical, Electronic and Information Technologies (VDE), with its 36,000 members (which includes 1,300 companies, 8,000 students and 6,000 young professionals), is one of Europe’s largest technical-scientific associations that combines science, work on standards, testing, and certification under one roof.

The VDE Testing and Certification Institute supported by the VDE is a nationally- and internationally- accredited institution in the field of testing, inspection and certification of electro technical equipment, components and systems. These electrical products are tested for safety, usability, and further product features. In the world of digitalization, the VDE Institute has developed test and assessment procedures for cybersecurity, interoperability and functional safety and offers comprehensive, high-quality testing services in this field.

Since 1920, the VDE mark represents safety and quality in the electrical and information technology. Cooperation agreements in more than 50 countries ensure that the inspections carried out by the VDE receive international recognition. Manufacturers and the trade regard the certificates and marks of the VDE as opening up access to world markets


About Baimos Technologies:

Baimos Technologies is an IDaaS company based in Munich specializing in the central management & authorization of any direct interaction between smart mobile devices and IoT objects & Operational Technologies (OT).

Baimos Technologies’ core product, BlueID, is the first and only Access Control solution that works across any IoT vertical and allows for businesses to swiftly expand by having the ability to be implemented in unlimited numbers of IoT objects and devices globally.

Baimos Technologies works with partners like Marquardt, Emerson Network Power, eQ-3/ELV and Microsoft . Its list of customers includes Audi, Daimler, Sixt, ISEO, LG and others.