The future of identity

SkinID replaces passwords, keys, badges, and cards with a single scan of your hand. One implant. Every access point. Swiss-engineered.

DESFire EV3 AES-128 mutual auth ISO 14443 Type A FADP compliant Hosted in Switzerland

The problem

The average person manages 191 credentials. 91% of users reuse passwords across accounts. 80% of enterprise breaches involve credential exposure. Each breach costs an average of $4.2 million.

Existing solutions (password managers, MFA apps, biometrics) address fragments of the problem. They reduce risk but don't eliminate the root cause: identity is fragmented across dozens of disconnected systems.

191
Average credentials per person
91%
Password reuse rate
80%
Breaches from credential exposure
$92B
Passwordless market by 2035

The solution

SkinID is a unified identity platform built around a subdermal NFC cryptographic implant. The implant, placed beneath the skin of the hand, becomes the user's universal authenticator across both digital and physical environments.

Authentication is reduced to a single natural action: the user scans their hand. No passwords to remember, no keys to carry, no cards to lose. The implant uses DESFire EV3 with AES-128 mutual authentication, making cloning virtually impossible.

Unlike biometrics, SkinID's cryptographic keys can be revoked and replaced at any time. Unlike password managers, SkinID extends beyond digital services into physical access control: doors, offices, hotels, payments.

What we've built

SkinID is a working product today, not a concept. The following components are built, deployed, and operational on production at skinid.ch:

Cloud platform

Server running on Swiss infrastructure. SQLite (WAL mode), nightly age-encrypted backups with off-server private key, TLS 1.3 + HSTS preload, full security headers (CSP, COOP, CORP), strict rate limiting per IP and per token.

Customer panel

Web dashboard for managing credentials, passkeys, shared access, trusted devices, activity logs, and autofill profiles.

Operator / customer-service panel

Internal admin panel with three-tier RBAC (support / senior / super), multi-operator approval (2-of-N) for destructive actions, full audit trail, password rotation. PBKDF2-SHA256/600k passwords, SameSite=Strict sessions, CSRF defense-in-depth.

Chrome & Firefox extensions

Password autofill, FIDO2 passkey registration, form detection, password generation, profile fill. Submitted to Chrome Web Store; Firefox extension signed and self-served.

Native apps (Mac, Windows, iOS)

Mac: menu bar app, USB NFC reader bridge, certificate pinning. Windows: system tray equivalent. iOS: SwiftUI + Core NFC + Safari web extension. All three speak the same APDU relay protocol to the server.

DESFire EV3 cryptographic stack

Full implementation of NXP DESFire EV2/EV3: AuthenticateEV2First state machine, EV2 secure messaging in PLAIN/MAC/FULL modes, ChangeKey, file CRUD, NXP originality signature verification (secp224r1). Self-tested round trips against simulated chip.

Provisioning state machine

13-round-trip flow taking a blank chip from NXP factory state to a SkinID-bound chip with per-chip AES master key and an encrypted vault wrap key written into an authenticated chip file. DES + ISO authenticate paths covered for compatibility.

Zero-knowledge architecture

Per-credential ChaCha20-Poly1305 + HKDF-SHA256 from the chip's vault key. Server holds ciphertext only. AAD binding to (user, site, credential id) prevents ciphertext-swap attacks. Domain separation between password / FIDO / note blobs.

Current status

Core platform development
Server, database, encryption architecture, API endpoints, multi-user support, NFC bridge protocol.
Complete
Desktop apps (Mac + Windows)
Native apps with menu bar/tray integration, NFC reader bridge, certificate pinning, auto-update.
Complete
Chrome extension
Password autofill, FIDO2 passkeys, form autofill, password generator, credential sharing.
Complete. Submitted to Chrome Web Store (pending review)
Landing site + legal compliance
skinid.ch with landing page, FAQ, privacy policy, legal compliance documents (nLPD), enterprise page.
Complete. Live at skinid.ch
Cloud deployment
Production server on Infomaniak (Switzerland), HTTPS with certificate pinning, daily automated backups, rate limiting.
Complete. Running at skinid.ch
iOS app + Safari extension
Code complete. SwiftUI + Core NFC + Safari WebExtension. Waiting for Apple Developer Program enrollment approval.
In progress. Apple approval pending
Chrome Web Store approval
Extension submitted for review. Extended review due to host permissions.
In review
Pilot testing
Real-world testing with early adopters in Switzerland. Usability feedback, security validation, bug bounty program.
Next
Door access integration
API integration with Salto KS, Assa Abloy Aperio, and Dormakaba for hotel and office door access. Server-side access control.
Planned
Enterprise dashboard
Employee management, zone-based access, floor map visualization, audit trail, compliance reports.
Planned
Zero-knowledge encryption
Chip-bound credential encryption: each chip holds a 32-byte vault wrap key, every credential ciphertext is derived from it via HKDF + ChaCha20-Poly1305. Server holds opaque ciphertext only. Documented at skinid.ch/security.
Architecture complete; rollout pending xDF3 chip availability
Operator / customer-service panel
Production-grade admin surface: chip inventory, user accounts, recovery queue, multi-operator approval (2-of-N for destructive actions), audit log, full RBAC. Operator runbook + incident response plan documented.
Live
DESFire EV3 cryptographic stack
AuthenticateEV2First, EV2 secure messaging (PLAIN/MAC/FULL), ChangeKey for both same-key and DES to AES type change, file CRUD, NXP originality signature verification (secp224r1). 13-round-trip blank-chip provisioning state machine. iPhone (Core NFC) and Mac (PCSC) APDU relays implemented.
Code + self-tests complete; awaiting genuine factory-state chips for end-to-end validation

Business model

SkinID operates with a dual-layered model combining hardware sales and recurring subscription revenue.

Implant kit (CHF 100-150)

One-time purchase. Includes the DESFire EV3 implant, biocompatible glass encapsulation, and professional installation at a certified location.

Subscription (CHF 10-20/month)

Advanced features: enterprise management, secure sharing, priority support, door access integrations, compliance tools.

Enterprise licenses

Per-employee pricing for organizations. Unified access management across digital systems and physical infrastructure.

Integration partnerships

Revenue from smart lock manufacturers, hotel chains, and access control providers integrating SkinID into their platforms.

Market opportunity

The global passwordless authentication market is projected to grow from $22 billion in 2025 to $93 billion by 2035. Passkey adoption grew 400% in 2025. 94% of users prefer passwordless authentication. 89% of new enterprise deployments adopt passwordless-first strategies.

Tens of thousands of people worldwide already have NFC implants. The technology is proven. What's missing is a comprehensive software ecosystem that makes the implant useful for everything, not just niche applications. SkinID fills that gap.

Why Switzerland

Switzerland is globally recognized for privacy, precision, and security. For a product that becomes part of your body, trust in the origin matters. SkinID is designed, developed, and hosted entirely in Switzerland under the Federal Act on Data Protection (nLPD). Swiss engineering means rigorous standards, transparent governance, and a legal framework built to protect individuals.

What makes SkinID different

Not a password manager

Password managers store credentials. SkinID replaces the entire authentication paradigm across digital and physical environments.

Not a biometric

Biometrics can't be changed if compromised. SkinID's cryptographic keys can be revoked and replaced instantly.

Not device-dependent

Apple Face ID works on Apple. Windows Hello works on Windows. SkinID works on every platform, every device, every door.

Not a concept

The product exists today. Server deployed, apps built, extension working, encryption implemented, legal compliance documented.

See it in action

Explore the interactive platform demo to see how SkinID works for personal users, hotel managers, and enterprise administrators.

Open platform demo