VDE Institute Certifies the Security of BlueID

The IDaaS product “BlueID” from Munich-based Baimos Technologies was tested and certified for safety by the VDE Institute, a nationally and internationally accredited institution in the area of testing and certification of electrical equipment, components and systems. BlueID has been on the market since 2006 and has since helped many of the world's most well-known companies securely communicate and interact with smartphones in offline mode. With revolutionary security based on proven public key infrastructure (PKI) standards and allowing businesses to scale, it is a popular choice as the most secure access control technology in the Internet of Things (IoT).

The VDE Institute has issued three certificates, one for each of the BlueID components, namely the BlueID Trusted Cloud Service, the Mobile Device SDK (iOS, Android) and the Secured Object SDK (Software Development Kit).

In the age of the Internet of Things, billions of devices and machines from different manufacturers will need to communicate and interact with each other. Identity and trust between them are therefore essential elements of this communication. Without identity, there can be no trust, and without trust, there can be no secure communication and interaction. PKI is a well-known security concept for large IT networks that works in secret. It has also become widely accepted, such as in the digital passports of more than 100 countries around the world and in device identity and authentication. PKI is based on unbroken security standards and has been proven to be suitable for billions of devices. In the Internet of Things, PKI can be used to authenticate mobile devices to real things, real things to cloud services, cloud services to cloud services, etc. — actually any unit to any unit.

Since 2006, Baimos Technologies has been convinced that PKI will become the de facto standard for IoT security and in particular for smartphone-based access control. It's the best way to ensure that the mobile key sent to the recipient is complete and hasn't been altered in any way — all based on asymmetric cryptography and the unique secure identity per device and machine. In this sense, the devices and machines are able to make decisions and act autonomously without being connected to the cloud service at that moment. Offline functionality is a prerequisite for robust and fast interaction between devices and machines. BlueID uses these three certified components — Trusted Cloud Service, Mobile Device SDK and Secured Object SDK — to ensure secure communication and interaction between devices and machines and to efficiently provide strictly controlled access rights.

With the Software Development Kit (SDK), Manufacturers and App Service Partners receive secure access technology and are able to use it in all networked IoT use cases, whether connected car, smart home, smart building or Industry 4.0.

“The safety of the technology, which we have been proud of for years, has now finally been tested and confirmed by the independent VDE testing and certification institute, whose certificates are recognized worldwide and particularly by the largest manufacturers. We can't stress enough how important cybersecurity is when it comes to smartphone-based access control. In addition, traditional security concepts from the RFID era are not really suitable for use on an always-on BYOD smartphone. Recent attacks, such as DDoS and ransomware, and the irreparable damage they cause to businesses, only confirm that functionality alone is not enough. A seamless user experience, scalability and — most importantly — absolutely robust, high-level cybersecurity are becoming increasingly important,” says Philipp P. Spangenberg, CEO of Baimos Technologies.

Securing objects with BlueID gives companies the certainty and confidence that all interactions in the IoT are resistant to malicious attacks.

“The IoT market is expanding before our eyes and it's clear that a secure standard is needed for access control. After a thorough review, we are pleased to certify BlueID as a technology that can meet this requirement. BlueID is based on PKI, a system for digital certificates, to ensure trustworthy identities and enable secure encryption, which is a well-known mechanism to create a trustworthy IoT ecosystem,” added Siegfried Pongratz, Head of Intelligent Technologies and Digital Systems at the VDE Institute.

In order to test BlueID Technology, the VDE test engineers in the VDE Smart Home Laboratory in Offenbach have set up a reference system to be able to verify the security of the system. To test the SDKs, they installed a reference application on test devices with all supported operating systems and checked the security measures, secure data storage, and communication with the secured object and the trust center in the backend. The communication packets were thoroughly inspected and the secure encryption was verified. The Trust Center itself was tested against the infrastructure and the provided application programming interface (API) with penetration tests. In addition, an audit of security procedures was carried out at the Baimos Technologies site in Munich.

About the VDE and the VDE Institute:

The Association of Electrical Engineering, Electronics and Information Technology e.V. (VDE), with its 36,000 members (including 1,300 companies, 8,000 students and 6,000 young professionals), is one of the largest technical-scientific associations in Europe, which combines science, standardization work, testing and certification under one roof.

The VDE Testing and Certification Institute, owned by the VDE, is a nationally and internationally accredited institution in the field of testing, inspection and certification of electrical equipment, components and systems. These electrical products are tested for safety, usability and other product features. In the World of Digitalization, the VDE Institute has developed testing and assessment procedures for cybersecurity, interoperability and functional safety and offers comprehensive and high-quality testing services in this area.

Since 1920, the VDE mark has stood for safety and quality in electrical and information technology. Cooperation agreements in more than 50 countries ensure that the VDE exams are internationally recognized. For Manufacturers and Retailers, the VDE Certificates and Signs provide access to world markets.

About Baimos Technologies:

Baimos Technologies is an IDaaS company based in Munich that specializes in the centralized management and authorization of any direct interaction between intelligent mobile devices and IoT objects and operational technologies (OT).

Baimos Technologies' core product, BlueID, is the first and only access control solution that works across all IoT verticals and enables companies to expand as it can be implemented in an unlimited number of IoT objects and devices worldwide.

Baimos Technologies works with partners such as Marquardt, Emerson Network Power, eQ-3/ELV and Microsoft. Customers include Audi, Daimler, Sixt, ISEO, LG and others.