Security

Security at
every layer.

From biometric hardware to cryptographic audit trails. Every part of UIP is designed with security and privacy as the foundation — never the afterthought.

Architecture

How UIP protects your identity

Biometric-first

Every action requires fingerprint or face verification. No passwords, no SMS codes, no phishing vectors.

Secure enclave

Private cryptographic keys are stored in your device's hardware security module. They can never be extracted or copied.

Government-verified

Identity backed by live document capture and verification against official issuing authorities. Legally valid worldwide.

AES-256 encryption

All data encrypted at rest and in transit. Messages use end-to-end encryption with unique session keys.

On-device signing

Digital signatures are created locally on your device using hardware-backed keys, then verified server-side.

Tamper-proof audit

Every action returns a permanent, queryable reference ID. Immutable records of who, what, and when.

Cryptography

AdES signatures, end to end

Every API action is cryptographically secured with Advanced Electronic Signatures and SHA-256 hashing.

Hardware-backed keys

Private keys stored in the device Secure Enclave, never exposed or extractable.

SHA-256 document hashing

Every document and action is hashed for integrity verification.

On-device signing

Signatures are created locally — the private key never leaves the device.

Full audit transparency

Document hash, signature, and public key are included in every audit record.

Audit Trail

Permanent, tamper-proof records

01

Action returns ID

Every auth, signature, or message returns a unique reference ID string.

02

Store ID safely

Save the reference ID in your database or compliance systems as permanent proof.

03

Query for verification

Use the ID to retrieve timestamp, signatory, requester, and full action details.

What each reference reveals

Signatory details

Full name, government ID verification status, biometric authentication time.

Precise timestamp

Exact UTC timestamp, timezone info, and duration of the signature process.

Requester context

Business organization, authorized representative, document type, action category.

Privacy

GDPR compliant
by design

  • Users control their own identity data
  • Biometric data never leaves the device
  • Clear data processing agreements
  • Encrypted at rest and in transit
  • Right to deletion supported
Live now

Built for trust.,

Start with the UIP app — create your own verified credential in minutes, then integrate the same protocol into your stack.

Download on the
App Store
GET IT ON
Google Play
Business portal For businesses