AimBrain Solutions Ltd

Biometric Identity As A Service

AimBrain has a unique biometrics platform that uses voice, face and behavioural data to authenticate users, not devices. Our context-sensitive machine learning approach lets organisations step-up/step-down security, applying the right amount of friction to the scenario. From access privileges to workflow approvals, we help authenticate users and keep fraud out.

Features

  • A user’s template (voice, face or behaviour) is pseudonymised
  • Any future requests to authenticate are similarly pseudonymised
  • A real-time, risk-based assessment is returned
  • Deep learning is applied to learn more about the user
  • A risk based score is returned to assess authentication levels

Benefits

  • Digital identity stored away from device
  • Identities stored as mathematical constructs using revocable templates
  • Provides the customer with omnichannel consistency of the authentication experience
  • Provides the platform to easily integrate new biometric modules
  • Benefit from instantaneous feature, security and algorithm updates in realtime
  • Immediately benefit from new anti-spoof and liveliness detection technology
  • Open-source APIs allow for immediate impact
  • Test the solution in a sandbox environment
  • Switch to live mode once you’re ready
  • Reduce onboarding friction, costs and fraud

Pricing

£1 per user per year

Service documents

G-Cloud 10

377372402213987

AimBrain Solutions Ltd

Antony Bream

07880 796403

Antony@aimbrain.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Only limitations are those in line with AWS maintenance windows
System requirements Supports AWS

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond to support requests as per our service level agreement and response times can be arranged for weekend support as well
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard WCAG 2.0 A
Web chat accessibility testing AimBrain use LiveChat for chat support
Onsite support Onsite support
Support levels We provide telephone and onsite support at no extra cost to the customer unless specifically agreed to. We work against a service level agreement for availability. We have technical account management team and cloud support engineers for our application
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide access to our SDKs and APIs via our website link with supporting help and collateral
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction AimBrain does not store any raw biometric data such as images or voice recording. User templates are stored as mathematical construct against a randomised user ID that only the client can map back to the actual user. The user templates has hashed and salted which means they are only usable within the AimBrain BIDaaS platform. Clients can delete user templates through the AimBrain API or via a formal request
End-of-contract process The AimBrain contract includes an annual subscription that is based on the number of user per module per year or number of authentication request per module per year.

Using the service

Using the service
Web browser interface No
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service AimBrain prive open SDK's for both the mobile channel (iOS and Android) and online / desktop (JavaScript)
Accessibility standards WCAG 2.0 A
Accessibility testing The only interface that AimBrain provide is a deployment dashboard that assist clients with integration and testing during a deployment.
API Yes
What users can and can't do using the API AimBrain provide an open API (https://aimbrain.github.io/aimbrain-api/#api-v1) and SDK's. As long as clients adhere to the minimum API specification any customisation is possible.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation AimBrain provides an open API and SDK's. As long as a customer adheres to the minimum API specifications any customisation is possible.

Scaling

Scaling
Independence of resources By virtue of how AimBrain has designed its architecture auto-scaling has been built in. AimBrain can scale any part of the infrastructure independently using auto-scaling groups in AWS and Kubernetes. Because AimBrain use AWS, any hardware requirement increases are near-instant

Analytics

Analytics
Service usage metrics Yes
Metrics types AimBrain provide service usage metrics for number of API requests per module, risk scores and user statistics.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach AimBrain does not store any raw biometric data such as images or voice recording. User templates are stored as mathematical construct against a randomised user ID that only the client can map back to the actual user. The user templates has been hashed and salted which means they are only usable within the AimBrain BIDaaS platform. Clients can delete or export user templates through the AimBrain API or via a formal request
Data export formats
  • CSV
  • Other
Other data export formats JSON
Data import formats Other
Other data import formats JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability If, in any month, AimBrain fails to make available the Services less than 99.9% of the time, the Customer shall become entitled to the Service Credit

99.9% - 99%: An amount equal to 2% of the-then current Subscription Fee (for each affected User Subscription) for each month or part of a month that AimBrain fails to provide a Solution.

99% - 95%:An amount equal to 5% of the-then current Subscription Fee (for each affected User Subscription) for each month or part of a month that AimBrain fails to provide a Solution.

Under 95%: An amount equal to 10% of the-then current Subscription Fee (for each affected User Subscription) for each month or part of a month that AimBrain fails to provide a Solution.
Approach to resilience AimBrain supports HA and automated DR through all Cloud system layers. Near always-on system operation is achieved by using database replication, distributed message queue architecture and container orchestration tools.

Furthermore, the system is based on micro-service architecture and thus supports rolling deployments - a pattern whereby, instead of deploying a package to all servers at once, it isslowly rolled out to each server one-by-one and the system can operate without virtually no downtime even during version upgrades.
Outage reporting This is provided through a customer dashboard and the AimBrain API

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Other
Other user authentication API Key and HMAC SHA 256 signature derived from a API secret
Access restrictions in management interfaces and support channels AimBrain is a SaaS / Cloud based solution therefore customers are relieved from Technology Platform requirements. Furthermore, AimBrain API can be integrated with any platform / language that supports Networking functionality.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes AimBrain has formal Information security policies in place that is classified according to an appropriate level of confidentiality, integrity and availability and in accordance with relevant legislative, regulatory and contractual requirements and AimBrain policies.

Reporting structure includes:
- Data Owners / Guardians: memebers with specific or overarching responsibilities for preserving the confidentiality, integrity and availability of information.

- Project administrators: Responsible for the security of information produced

- Heads of Departments: : Responsible for the information systems both manual and electronic that support AimBrain's work.

- Departmental managers / Line managers: Responsible for specific area of AimBrain work

- Head of Research: Signs off AimBrain research projects

- Head of Security: Responsible for physical aspects of security

- Information Security Manager: Responsible information security policies

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The Chief Technology Officer (CTO) must provide authorization for updates to AimBrain Software deployment to production. If the CTO is unavailable to approve the change, approval must be granted by two executive level employees. AimBrain uses project management tools such as JIRA and Confluence to log and track and evaluate all approvals, changes and security impacts through the software delivery process.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach AimBrain release SDKs fully in open source. This allows for a continuous peer-reviewed quality and security assurance for our clients. Clients are invited to do their own internal security audits and penetration testing.

AimBrain’s main servers are hosted on Amazon Web Services (AWS) cloud to ensure the highest-level of security. AimBrain uses software containers (Docker, LXD) for automatic deployment and isolation of different services and Continuous Integration workflow for their development. This approach greatly reduces the security surface footprint and allows to react to threats faster.

AimBrain constantly tests infrastructure, servers, applications and APIs using multiple 3rd-party penetration testing vendors.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach AimBrain has in place both internal and external testing procedures and processes to identify vulnerabilities against CVE security vulnerability database

This process allows for AimBrain to identify risks, assess business impact, deploy fixes and notify any affected third parties.

AimBrain has a formal incident management policy and process in place and will advise clients accordingly at the soonest.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach AimBrain takes information security very seriously and have a formal incident management policy in place. The policy aims to support incidents in order to minimise any harm to clients as well as AimBrain and to reduce the risk of potential future breaches of security.

The policy enable employees and systems to understand their roles in reporting and managing suspected incidents. If a member of AimBrain is aware of an information security incident then they must report it to the Incident Reporting Team at irt@aimbrain.com.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £1 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Access to a demonstration application and agreed trials of production APIs and SDKs
Link to free trial https://aimbrain.com/demo-set-up-process/

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑