Phishing-resistant by architecture. Deepfake-proof by design. One API for customer onboarding, workforce verification, B2B signing, and AI agent identity — worldwide coverage, with chip-anchored verification across 179 NFC passport countries.
Passkeys solved the password. Liveness detection solved the printed photo. Neither solves the problem of a deepfake injected into a real-time video stream, or a synthetic identity built for $15 in half an hour. The next layer needs a real-world anchor — something no generator can produce.
IdentiGate doesn't replace your existing IAM — your SSO, your directory, your session management stay untouched. It sits alongside them — at the assurance-critical moments your everyday SSO was never built for.
Document OCR and passive liveness were built for printed photos. Real-time deepfakes defeat them for $15. The NFC chip in a biometric passport carries a nation-signed digital signature that no generator can forge — read in 30 seconds from any smartphone.
One onboarding, then reusable: the same verified identity signs the next transaction, the next agreement, the next regulatory check — without re-collecting passport images.
Remote hiring, cross-border contractors, vendor onboarding — a German SSO doesn't tell you whether the candidate in Bogotá is who they claim to be. DPRK-linked applicants now routinely bypass document-only checks.
IdentiGate sits below your IAM layer at the identity assurance step — issuing a signed X.509 certificate when a new employee, contractor, or vendor enters your environment. Your IAM (SAML / OIDC / SCIM — whichever you use) handles the session. We handle the cryptographic proof that the person is real.
eIDAS Advanced Electronic Signatures (AdES) carry full legal weight across all 27 EU member states — and the ESIGN Act recognises them in the United States. Every IdentiGate signature is biometrically bound to a verified passport identity, cryptographically timestamped, and added to a tamper-evident evidence chain.
From high-value approvals to multi-party contracts to batch signing across a customer base — one integration, court-ready evidence, zero per-signature legal ambiguity.
Machine identities now outnumber humans in most enterprises. AI agents act at machine speed across APIs and MCP servers — most with shared credentials, no scoped authority, and no accountability chain back to who authorised them.
IdentiGate issues agent identities cryptographically delegated from a passport-verified human sponsor. When the human's role changes, the agent's authority changes with it. Every action logged, attributable, and auditable — from the agent to the human, to the company.
Security by architecture, not by policy. The difference shows up in what an attacker would have to do — not in what a privacy page promises.
The NFC chip in an ICAO 9303 passport carries nation-signed data (Passive Authentication), a non-extractable private key that answers cryptographic challenges (Active Authentication), and the PACE protocol that requires physical possession of the document. A deepfake can forge a face. It cannot forge a national signature.
Every cryptographic action requires two keys in cooperation: one held in the user's device Secure Enclave, one on IdentiGate's servers. Neither side can act alone. The human is structurally part of every signature, every authentication — no stored credential, no shared service account, no insider bypass. An IdentiGate breach yields one key custodian. Useless without the user on the other end.
Your platform receives proof, not personal data. IdentiGate verifies the identity and issues a signed cryptographic attestation — "this verified person signed at this time" — so your systems get confirmation, not passport details, dates of birth, or biometric templates. What your platform never holds can't be exfiltrated from your platform, subpoenaed from your records, or leaked from your breach.
Most identity vendors pick one lane: chip-based in a few countries, or document-based with varying reliability. IdentiGate covers both — highest assurance where NFC is available, globally deployable document route where it isn't. Every verification returns a signed X.509 certificate. Not a pass/fail verdict — cryptographic evidence.
For the 179 countries that issue ICAO 9303 biometric passports.
Use when: user has a biometric passport. High-stakes onboarding. Regulated sectors. Fraud-critical flows.
For every other country and user — global reach where NFC doesn't exist yet.
Use when: user is outside the 179 NFC countries. Worldwide coverage. No country left uncovered.
NIS2 Article 21 requires documented evidence of identity controls. DORA requires auditable access records. The EU AI Act requires provenance for agent actions. IdentiGate's evidence layer covers all three — as a property of how the system works, not an add-on module.
Passport-verified, biometrically bound, cryptographically attested. No anonymous sessions. No shared service accounts.
Every signature, approval, access event, and agent invocation signed at AdES level. Timestamped to the second.
Tamper-evident sequence of signed events. Court-admissible across 27 EU member states. Recognised under ESIGN Act.
IdentiGate was built for organisations that sell on both sides of the Atlantic. The same API satisfies EU regulatory regimes and their US counterparts — without duplicate integrations, parallel identity stores, or region-specific vendors.
| Control area | European Union | United States |
|---|---|---|
| Strong authentication / MFA | NIS2 Art 21 · DORA · eIDAS 2.0 | NIST SP 800-63B · CISA phishing-resistant MFA guidance |
| Electronic signatures | eIDAS AdES (Article 26) | ESIGN Act · UETA |
| KYC / customer due diligence | AMLD6 | FinCEN CDD Rule · BSA |
| Supply chain / third-party identity | NIS2 Art 21 · DORA ICT register | NIST SP 800-161 · EO 14028 |
| AI agent governance | EU AI Act (enforcement Aug 2026) | NIST AI RMF |
| Data minimisation | GDPR Art 5(1)(c) | CCPA · Texas DPSA · state privacy laws |
| Operational resilience | DORA · ISO 27001 | SOC 2 Type II · FFIEC |
Each capability below addresses a different surface in a company's cybersecurity posture — from the first employee at onboarding, through every customer transaction, to the AI agents that will increasingly act on behalf of both. Deployable today, built on our existing products.
A CISO discovers that 31% of their production systems are accessed weekly by contractors whose legal identities the company has never cryptographically verified — only the hiring vendor has. When a regulator asks "who had access to this system on this date", the chain of evidence is fragile. Passport-anchored workforce identity makes the answer verifiable, across employees and every tier of external contractor.
A counterparty email arrives from what looks like an existing vendor, asking for an urgent change of bank details. Business email compromise attacks succeed because company identity, at the signature block, is a claim — not a cryptographic fact. Linking individuals to their companies with verified attestations moves identity from "trust the header" to "verify the signer".
After onboarding, your customers authenticate thousands of times. Each authentication is an opportunity for credential theft, SIM-swap, or session hijacking. When the authentication primitive is a Dual Key anchored to the customer's verified passport identity, there is no password to steal, no code to intercept — and the human is structurally part of every login.
A €2M wire transfer. A supplier contract amendment. A board resolution. In most corporate workflows, these are signed by a typed name, a click-through, or an email confirmation — all of which can be impersonated or disputed. An AdES signature, cryptographically bound to a verified passport identity, makes "who approved this" a mathematical fact, not a log entry.
NIS2 wants Article 21 evidence of identity controls. DORA wants a verifiable ICT third-party register. The EU AI Act will want human-oversight records. In most companies, "producing" this evidence means assembling it after the fact from SIEM logs and ticketing systems. In a Dual Key architecture, the evidence is produced as a structural by-product of every identity event — not an extraction, but a record.
A Friday directive: re-verify identity for all 3,400 active contractors by Monday morning. A quarterly compliance requirement: sign 12,000 customer attestations in one window. In most identity platforms, these are multi-week projects. With batch operations, they are single API calls — each individual identity still verified, each signature still cryptographic, but orchestrated at the volume a real security operation needs.
The industry isn't here yet. Our architecture already is.
In 18 months, most companies will have more AI agents acting on their behalf than employees. Each agent signs, commits, approves, pays. The question "who is responsible for this action" cannot have an answer like "the agent". The EU AI Act makes this formal from August 2026; the architecture that delivers human-traceable agent identity today will be the baseline tomorrow.
Regulatory teams keep asking for more proof. Privacy teams keep asking to collect less data. These two demands look incompatible — until zero-knowledge proof shows that both can be satisfied simultaneously. "This customer is over 18" without the birthdate. "This signer holds authority" without the role. "This entity is regulated" without the registration number. Compliance, with less data leaving the perimeter.
A customer uses eight of your services over three years. Each service, today, holds its own copy of their identity data — each copy a breach surface, a compliance obligation, a data-deletion headache. Portable identity moves the data out of the services and into an attestation layer. Your services consume cryptographic proof; the raw identity data lives in one place, not eight.
NFC chip read via smartphone. ICAO 9303. Works with biometric passports from 179 countries.
Biometric face match against the chip photo. Real-time liveness. Anti-spoofing by design.
Dual Key generated — one custodian on your device, one on our servers. Reusable across any IdentiGate-powered platform.
Every future action confirmed with PIN + biometrics. No re-verification. No new passport scan.
Whether you run a platform serving thousands, integrate directly into your enterprise stack, or need identity and signing without writing code — start in the path that fits your team today.
For platforms & SaaS products integrating identity into their user flow.
Your IAM layer consumes our X.509 certificates as verified identity assertions — we sit below your identity stack, not inside it.
For teams that need identity and signing without engineering lift.
20 minutes. A real passport scan on a real phone. Your use case, not a canned demo. We show exactly how IdentiGate fits alongside your existing IAM — and what it changes for the assurance-critical moments your stack doesn't yet cover.
Pay per transaction. No setup fees, no minimum commitments, no license costs. Integration fee scoped per engagement. Full pricing on each product page.