E-ID Products

Make Your Systems E-ID Authentication Enabled With Our E-ID Products

Key-ID SmartLock

is in Patent Pending Status

Our Automotive Project

with TEMSA and YAGOBA is supported by EUREKA.

Our Solutions

Image

KeyID OnlineAuthenticator is a software solution that can be integrated to any online system to be able to provide the feature of E-ID card authentication to the system. For example, this can be integrated into the login mechanism of a website or a mobile application. Thus a user can authenticate himself using his E-ID card to the system securely. This solution can be provided as SaaS or can be also integrated into the system of customer. Please contact us for more information.

See our E-ID Products.

Image

KeyID MobileKey is a mobile NFC application for android phones, which can work with KeyID SmartLock as well the E-ID cards and E-Passports. Please contact us for more information.

Image

KeyID CloudH Reception is a hotel or building reception system, which is integrated with the KeyID SmartLocks of the building. This product can be tailored according to your further requirements. Please contact us for more information.

Image

KeyID OfflineAuthenticator is an embedded software solution that can be integrated to many devices to be able to provide the feature of E-ID card authention to the device. For example, this can be integrated into a closed loop payment device or an access control device. Thus a user can authenticate himself using his E-ID card to the device securely. This solution may require customization according to the target device. Please contact us for more information.

See our E-ID Products.

Image

KeyID SmartLock is our patent pending solution, which is composed of an electronic circuit card holding our special embedded software. This solution provides E-ID, E-Passport, KeyID MobileKey and Mifare/Desfire compatibility to your electronic door locks. There are Offline and Online versions of this product available. This product can be tailored according to your further requirements. Please contact us for more information.

Image

KeyID LockManager is a mobile lock management application, which can manage the authentications and configurations hold on the KeyID Smartlock via NFC (offline) or Wifi (online). This product can be tailored according to your further requirements. Please contact us for more information.

Our Services

R&D Project Management Consultancy

We can provide end-to-end project management service for your R&D projects (TEYDEB, HORIZON 2020, etc.). Please contact us for more information.

Software on Demand

Our expertise is developing Web Applications, Mobile Applications and Embedded Applications. We can design and develop your software project based on your special needs. Please contact us for more information.

Security Consultancy

Since we have expertise on Security Technologies, we would be happy to contribute to your projects by our Security Professionals. Please contact us for more information.

Our Team

People who contribute to our Company.
Musatafa BaŞak

Mustafa Başak

Consultant
Mustafa has been graduated as an Electronics Engineer in 1987 and worked long years as Project and Group Manager at TUBITAK Cryptology Institute. Before leaving TUBITAK, he was Group Manager of Turkish E-ID Cards Operating System Development Team.
Seda Polat

Seda Polat Erdenİz

Founder, Project Manager
Seda is the founder of the company. She is working also for her PhD study at TU Graz, Austria. Before starting PhD, she has worked several years as Product Manager and Researcher for TUBITAK Cryptology Institute and AVEA Telecommunications.
Mert

Mert Karakurt

Embedded Software Engineer
Mert is an Electronics and Communication Engineering student at Istanbul Technical University. He is responsible for Analog/Digital Circuit Design and Embedded C development.
Cihan

Cİhan Ürtekİn

Software Engineer
Cihan is studying Electronical and Communication Engineering in Istanbul Technical University. He has four years experience on java and android programming and approximately one year experiment c programming language and microprocessors.
Mustafa Özzaman

Mustafa Özzaman

Senior Embedded Software Engineer
Mustafa is an experienced embedded developer. He has been working on many embedded projects for 17 years.
Funda Özergil

Funda Özergil

Software Engineer
Funda is an experienced java developer. She has been working on many java projects for 5 years.
Freelancer1

Freelancer#1

Embedded Developer
Experienced in NFC development.
Freelancer2

Freelancer#2

Embedded Developer
Experienced in E-ID cards.

Open Positions

We will be happy to work together with you in our team!
javaweb

Java Web Application DeveloperImmediately

(for EUREKA PROJECT)
We are looking for a new team member for our EUREKA Project which starts on 01.04.2017. Project will take 3 years. We prefer a long term team member (at least 1 year). Full Time/Part Time Employment or Freelance Contracts are possible. Technical skills should be as follows:

  • Java Backend Development (Spring MVC, Restful API, MySQL, Hibernate)
  • Frontend Development (JSP, HTML, CSS)
  • Object Oriented Skills
embedded

Embedded DeveloperImmediately

(for EUREKA PROJECT)
We are looking for a new team member for our EUREKA Project which starts on 01.04.2017. Project will take 3 years. Project has 3 partner companies from Turkey and Austria. Topic of the project can be described briefly as "Secure IoT for Automotive Industry". Project details can be shared during the interview.

We prefer a long term team member (at least 1 year). Full Time/Part Time Employment or Freelance Contracts are possible. Technical skills should be as follows:

  • Embedded C development on ARM processors
  • PCB Design in Altium
  • Knowhow about PCB assembly and ordering
mobile

Mobile Application DeveloperImmediately

(for EUREKA PROJECT)
We are looking for a new team member for our EUREKA Project which starts on 01.04.2017. Project will take 3 years. Project has 3 partner companies from Turkey and Austria. Topic of the project can be described briefly as "Secure IoT for Automotive Industry". Project details can be shared during the interview.

We prefer a long term team member (at least 1 year). Full Time/Part Time Employment or Freelance Contracts are possible. Technical skills should be as follows:

  • Android
  • IOS
  • UI/UX Design
javaweb

Full-Time Job Position with M.Sc./Ph.D. StudentshipImmediately

KeyID Ltd. (keyid.com.tr) offers a full-time job position for a Computer Engineering MSc/PhD student. The thesis supervisor will be Asst. Prof. Alptekin Küpçü, who is the founder and director of the Cryptography, Security, and Privacy Research Group at Koç University (crypto.ku.edu.tr). The candidates will have interviews with both KeyID Ltd. and Koç University. The candidates hence must submit two applications: (1) to Koç University with all the required documents (gsse.ku.edu.tr) where they should mention the request for application to this job position in their 'Statement of Purpose' letters and mark their interests in cryptography and security. (2) Besides, the applicants should send their CV by email to info@keyid.com.tr.

The SRFMS (Secure and Remote Fleet Management System) project can be summarized as a Secure IoT for Automotive. SRFMS Project will be implemented among the partners from Austria and Turkey by 3 years financial support of EUREKA Commision. In the SRFMS Project, there are many research topics in security such as: Cloud Security, Web Communication Security, Machine to Machine Communication Security, Security of Data and Communication on Embedded Devices.

We are looking for a fully dedicated student (Turkish citizenship is required) who has advanced skills in Java Web Application and Mobile Application development. During 3 years of the SRFMS Project, the student should also publish research papers related to the project as supervised by the thesis advisor.

For this job position, we offer flexible working conditions (home office or at our İstanbul Maslak Park Plaza Office with colleagues, compensation of lecture times is possible in the evening), Prepaid Meal Card, Mobile Device for Mobile Application Development, all rights of a legal Full-Time employment (including competitive salary) and support for presenting papers at reputable conferences.

Our Partners

  • Partners
  • Partners
  • Partners
  • Partners
  • Partners

Our Headquarters

Turkey:
Barbaros Mah. Halk Cad. 47/2
Atasehir, Istanbul, Turkey
Austria:
Peter-Rosegger-Siedlung 6, 8151
Hitzendorf, Graz, Austria
Phone:+90 (505) 0-111-222
Phone:+43 (677) 614-405-94
Email:info@keyid.com.tr

The answer is NO

The prerequisite here is: smart card inside the E-PP should also support Active Authentication.

Many people wonder whether their electronic passports can be copied and used in a fake chip or not. The answer is no it can not be copied as a whole if it supports "Active Authentication".

Some parts of the passport can be written into a fake chip. Your printed data (like you name, age ,etc.), can be placed in another chip card easily.

This does not mean that it can not be copied as a whole, because chip of the passport (which is indeed a smart card) also holds some credentials like RSA private keys. These keys can be neither read from the chip nor copied to another chip card.

According to ICAO 9303 standards, "Active Authentication" procedure can be used to be check whether the passport's smart card is genuine or not.

An electronic passport control system must apply "Active Authentication" to be able to check it is genuine or not

The answer is NO

There are many countries in the world switched to Electronic ID cards. Is there a world-wide standard for these ID cards? Can a country check validty of anohter country's ID card using same software?

No, there is no Electronic ID card (citizen card) standard applied in the world.

Most of the countries use contactless ID cards which are semi-compliant with Electronic Passport standards. They are not fully compliant generally, because for ID cards countries may put their own decisions in order to provide a higher security or larger content.

Some ID cards, like German ID cards, use different authentication algorithms than Passports as well.

Some ID cards, implements role based authentication which can not be found in E-Passport standards. According to "Role Based Authentication", role owner has a role card (including a Role Certificate and related keypair) and need to authenticate to ID card using those credentials to be able to read sensitive data only available for this role certificate owner.

This creates different authentication system and infrastructure requirements for each countries.

Those ID card verification systems can be used by Public Institutes, Private Companies and even individuals.

The answer is YES

ICAO (International Civil Aviation Organization) publishes passport standards.

ICAO has more than 190 member countries and all member countries apply ICAO standards and mentinoned deadlines for them.

Standard for Electronic Passports is ICAO 9303 - Part 1- Machine Readable Passports. Volume 2 - Specifications for Electronically Enabled Passports with Biometric Identification Capability

The answer is NO

Machine Readable Passports and Electronic Passports are differents in the manner of containing smartcard and related security features.

Machine Readable Passports just has a Machine Readable Zone to be able to read passport data on the gates easily. There is not any additional security protection. Security level is the same as the old passports.

On the other side, Electronic Passports (also called as Biometric Passports, Digital Passports), have high level security protections. These passports has secuirty chips inside which holds passport data and biometric data.

These chip cards are NFC compatible, which means chips embedded inside the cover (usually back cover) of E-Passports can be read using a NFC reader in contactless mode

The answer is INSIDE THE COVER

Electronic Passports have contactless smart card inside which holds biometric data and printed data with high security protections.

If a passport has smartcard inside, it shows that it is a E-Passport with a logo on the front cover.

Smartcard and its antenna (to be able to work in contactless mode) is located inside layer of one of the covers (usually back cover).

When passport comes closer to a NFC reader, its chip is activated with the power taken by antenna and it is ready to make cryptographic calculations and read operations.

The answer is YES

Badges are generally made by Memory cards does not have a CPU, RAM or a crypto processor inside, just holds a UID on EEPROM.

E-Passports are made by smart cards with microcontrollers (including CPU, RAM, crypto processors, etc.) on it.

Both cards operate on RF interface and has a appropriate Operating System on ROM.

The answer is YES

EMV cards work with "Chip and PIN" policy as most of the E-ID cards do.

EMV chips are verified in 2 way: Static Data Authentication and Dynamic Data Authentication.

For SDA and DDA, EMV uses Public Key Cryptography as E-ID cards also do.

SDA ensure the authenticity of the card's data wheras DDA is a more secure way of authentication and it additionally ensures the uniqueness of cards.

E-ID cards are also suitable for same kind of authentication mechanisms by holding the certificates and the related private keys on special spaces of the chip.

Only exception is contacless E-ID cards generally do not use PIN authentication.

The answer is YES

Austrian Health Card (named as :E-Card which is a social insurance card) is based on the international standard ISO/IEC 24727 for electronic identification cards.

Besides, German eID card (“elektronischer Personalausweis”), the German eHealth Card (“elektronische Gesundheitskarte”), the Estonian Identity Card, the „e-Arztausweis light“ issued by the Medical Association Nordrhein and different signature and banking cards issued by D-Trust, DATEV, S-Trust and GAD are also based on ISO/IEC 24727 standard.

The answer is NO

Mifare cards are Memory Card type smart cards with RF interface based on the protocol ISO 14443 Type-A.

Mifare cards just include EEPROM and ROM inside and provide read/write functionality. There is no CPU and RAM. It has its own security mechanisms (like Crypto-1 ciphering).

Mifare cards do not support RSA or another asymmetric algorithm. They only support symmetric algorithms like DES and AES.

For all application areas which require PKI (citizen ID, passport, credit card), Mifare cards can NOT be used. For those applications(E-Passport, EMV cards, etc.), PKI supported contact based or contactless smart cards can be used.

It is also not possible to install and execute your own application code on Mifare cards.

The answer is NO

Information Security has some key attributes such as : "Confidentiality", "Integrity", "Authentication", "Authorization", "Non-Repudiation". These factors are all requiered for different manners of Information Security.

To be able to provide;

- Confidentiality or Disclosure, Encryption is applied on the plain data(or text) to generate cipher data(or text).

- Integrity or Data Consistency, Checksums and Digital Signatures are applied.

- Authentication or Identity Assurance, Digital Signatures are applied.

- Authorization or Access Right Management, should be also apllied by access policies.

- Non-Repudiation, long term keys should be used to create Digital Signatures.

The answer is YES

To share encryption keys in a secure way was a problem before 1970s. Till 1970s, symmetric cryptographic keys are used to encrypt/decrypt data which should be shared in a secure medium. In the beginning o 1970s, this problem is started to be discussed that there can be a solution to share encryption keys on insecure mediums also.

In 1976, an asymmetric-key cryptosystem was published by Whitfield Diffie and Martin Hellman.

In 1978, Ron Rivest, Adi Shamir and Leonard Adleman published their work and the algorithm came to be known as RSA, from their initials.

Again in 1970s, DSA has proposed as a standard by NIST which was developed at the US National Security Agency (NSA).

One of the other known asymmetric algorithms of 70s is The ElGamal cryptosystem which is invented by Taher ElGamal.

In mid 1980s, elliptic curve cryptography is invented by Neal Koblitz and Victor Miller.

All those asymmetric algorithms uses different mathematical functions (integer factorization, discrete logarithm, and elliptic curve relationships). Their common feature is all functions are irreversible. All those algorithms, uses a public and private key-pair for encryption and decryption. Public key is the shared part, whereas private key is the secret part. by knowing public key, generating the corresponding private key is computationally impractical, we can say impossible.

The answer is YES

Currently, we as web application users, access trusted web applications or web pages by using HTTPS (HTTP over SSL). This means Websites authenticates themselves to our browsers by their certificates. It is also possible to use this authentication as 2-way. Clients can also authenticate themselves to Servers by their own certificates by using Mutual SSL (also called as 2-Way SSL and mutual authentication is applied).

HTTPS web pages, has a valid Digital Certificate (provided by Certificate authorities such as Symantec, Comodo, GoDaddy and GlobalSign). Web browser software already know how to validate certificates of HTTPS websites.

1-Way SSL provides, web site authentication(by certificate validation), data integrity(by checksum) and privacy(by encryption).

2-Way SSL provides additionally client authentication to a web site. Clients should have valid digital certificates in this case. These certificates and related private keys can be stored best in a Smart Card. By this way, clonning the key will not be possible. To be able to use the Smart Card as a token, PKCS11 library (of related smart token) should be loaded on client system.

The answer is YES

Session keys are established by two communication peers and generated as symmetric keys since asymmetric keys are not effective in the manner of time for using during whole communication. Thus, peers authenticates themselves using asymmetric keys and establish a symmetric session key for the rest of the communication. On the other hand, peers using symmetric keys also establishes a new symmetric session key for the on going communication.

When peers has already symmetric keys which can be effectively (in the manner of time) used for establishing a secure communication channel, why do they still generate a new symmetric key as a session key? The reason is to be avoid from cryptoanalytical attacks. When a symmetric key is always used for all communications, then it generates so many cipher texts which helps to hack the symmetric key by providing enough data for attackers.

The answer is NO

Collision attack tries to find other possible input that gives the same hash output as the real plain text.

When hash is signed and sent with the plain text itself, there is still attack possibility. Attacker generate 2 different plain text as P1 and P2 those give same hash output as H. Attacker sends P1 to be signed electronically and receives back the P1 with signature added on it. Then he replaces P1 with P2 and places the P2's signature under it. Finally he succeds to produce a fake couple as P2 and its signature.

The answer is NO

Replay attacks are done by eavesdropping a communication and recording it to use later on as fake. It does not matter it is plain or encrypted.

For example, when Bob requests password from Alice, Alice can provide this password in plain, hash or encrypted forms. Both 3 forms can be reused by Eve after recording them by eavesdropping. One of the countermeasure is session tokens. Bob provides also a session token (one-time token), Alice concatenates this token with password then takes hash or calculates the encryption of it before sending back to Bob. By this way, Eve can not use recorded data later on, since the one-time token from Bob will differ.

The answer is YES

Brute Force attacks can be applied on any encrypted data as a cryptanalysis method.

When attack is applied on a online system, there are several countermeasures for brute force. Those can be listed as;

- Limiting number of attempts by adding time delays (e.g. password trials)

- Avoiding software attacks (e.g. by using Captcha)

- Locking accounts after a number of unsuccessfull attempts

- Blocking attacker IP addresses

When attack is applied on a offline system (e.g. entering PIN code of a smartcard), there can be applied several countermeasures also against brute force. Those can be listed as;

- Limiting number of attempts by adding time delays(e.g. password trials)

- Locking device/smartcard after a number of unsuccessfull attempts

Smartcards

Company Presentation