1id.biz

What It Is

1id.com positions itself as a hardware-backed identity provider for AI agents and relying parties. By verifying hardware security modules such as TPM, PIV security keys, Secure Enclave, and Android StrongBox, it issues standard OIDC identity tokens for agents, aiming to address Sybil attacks and the proliferation of fake identities in the AI agent ecosystem. The company emphasizes that it has been operating continuously since 2006, but the current version extending into hardware attestation for AI agents is still offered on an “as-is” operational basis.

Core Capabilities and Integration

In terms of protection, 1id.com is not focused on traditional WAF, EDR, or vulnerability defense. Instead, it targets identity-layer security: one physical chip maps to one high-trust identity, with Sybil checks performed through a registry. Its trust levels include TPM Sovereign, PIV Portable, vTPM Virtual, and Software Declaration; machine-readable metadata also lists Secure Enclave and StrongBox tiers. Relying parties can verify identities using standard OIDC/OAuth2, JWT, and JWKS, with support for Python and Node.js SDKs, token introspection, SD-JWT selective disclosure, and TPM-Attestation signatures. Overall, the integration barrier is relatively low.

Pricing and Management

Identity registration, authentication tokens, and random handles are free forever. Custom handles use a domain-like annual fee model: handles with 6 or more characters cost $10/year, while 1-character handles can cost up to $5,000/year. Premium reserved handles require separate quotation. Payments are handled through PayPal and priced in USD; one-year handles default to annual auto-renewal via PayPal. For management, operators can sign in with Google, GitHub, Apple, Microsoft, LinkedIn, or PayPal to manage handles, invoices, and associated AI agents. However, the documentation does not disclose alerting, audit logs, SIEM integration, or enterprise-grade administrative controls.

Pros, Cons, and Best Fit

Its strengths include standardized protocols, open-source SDKs, free identity authentication, and a clear anti-Sybil model. It is especially suitable for AI agent platforms, email services, API platforms, IoT device management, and services that need to verify “real, unique agents.” The drawbacks are that it does not disclose compliance certifications such as SOC 2 or ISO 27001, nor does it commit to uninterrupted service. The highest hardware trust level depends on endpoint device capabilities, while containers and serverless environments can only use lower trust tiers. Handles are non-transferable and permanently retired after expiration, which helps prevent impersonation, but brand disputes do not receive UDRP-style handling, so advance planning is required.

Access from China and Alternatives

The main text does not provide information about network connectivity from mainland China, ICP filing, local payment options, or Chinese-language support, so its accessibility from China can only be considered unknown. Since PayPal and USD pricing may create payment barriers, Chinese teams planning production use should first verify network reachability, compliance requirements, and accounting workflows. Alternatives include building an in-house TPM/device attestation system, using traditional enterprise IAM/OIDC services, adopting cloud provider device identity or confidential computing attestation services, or implementing an internal identity scheme based on YubiKey/PIV.