1. Startup

ASLI ID and LoginID Introduce Biometric Authentication Platform for Digital Services

obtained FIDO2 Certified Server to comply with international data privacy regulations

Try counting the apps on your mobile phone, from the existing app, how many accounts you have? With an average use of smartphones almost 4 hours per day, there is likely to be more than one membership-based app being used - such as social media, messaging apps, online shopping, and many more.

One characteristic in those apps is the authentication mode that requires users a password, some with a PIN. Some people might find it tedious and simply use one password for all, while according to experts, it's kind of risky. In fact, having too many passwords is quite confusing.

The gap is seen by innovators as they create more efficient solution for the authentication system. One that is offered is biometric-based - the most popular ones are using fingerprint, eye retina or face recognition to open access to a service. One company that serves the product is ASLI RI.

"ASLI RI has eKYC verification services using biometric technology, optical character recognition (OCR), liveness detection and digital onboarding; all of our services are SaaS," ASLI RI's Co-Founder & COO, Rionald A. Soerjanto.

Recently they worked with LoginID, a company from Silicon Valley, to launch the AsliLoginID product. It's called a Biometric-Authentication as a Service (BaaS) platform that has FIDO2 certification. This certification is one of the most stringent security standards today, internationally recognized and compatible with a variety of types of computing device operating systems.

"In this collaboration, LoginID has a FIDO2 Certified Server, one of the most capable and recognized types of security institutions in the world today, which is incorporated in FIDO Alliances. ASLI RI has biometric verification technology. We combined these two services to make it easy for application owners to apply safe biometric authentication models," Soerjanto added.

In this strategic partnership, ASLI RI also provides investment to LoginID with details not mentioned.

FIDO encryption standardization

In most systems today, user data such as accounts and passwords are stored centrally on the server of the application provider. Even though it is encrypted, the fact that data theft occurred some times in digital services has quite a large user base - both locally and internationally. This problem is trying to be solved by the FIDO alliance with the released standardization, they don't just place the authentication data centrally at one point.

LoginID's Founder & CEO Simon Law explained, FIDO standardization uses public-private key encryption. The public key is placed on the server system of service, while the private key is placed on the chip of each device. If the service server got leaked, the public key can be revoked and reissued at any time. This model is considered to reduce security risks. Moreover, using biometrics, to access the device must really bring the device directly to users who have authority.

"You can ensure everything (processing and data centers) is local. We bring technology from Silicon Valley and apply it locally. When talking with FIDO2 Certified, this solution complies with GDPR (known as the hardest data privacy law from the European Union), PSD2, and Open Banking. AsliLoginID will automatically comply with the PDP Law, which is immediately released by the government," he said.

As we know, the government is currently completing the draft Personal Data Protection Act (PDP Bill). Based on the draft as of December 2019, the PDP Bill contains 72 articles and 15 chapters governing the definition of personal data, types, ownership rights, processing, exceptions, controllers and processors, transmissions, authorized institutions that regulate personal data, and dispute resolution. In addition, it regulates international cooperation to sanctions imposed for misuse of personal data.

BaaS is designed to be ready for application, application development companies can integrate the AsliLoginID platform into their services, complementing existing authentication models - such as single sign-on with email accounts or social media. ASLI RI Team is quite optimistic that the login solution offered will be welcomed by consumers, especially smartphone devices that have a fingerprint or face recognition features in the market.

On the global scene, AsliLoginID solution is being sold by other technology companies. One that also targeting the Indonesian market is Element Inc. The New York-based company has received investment from GDP Ventures, Central Capital Ventures, MDI Ventures, Maloekoe Ventures, and several other investors.