Meeting SEBI Authentication Requirements: 1Kosmos Guide

SEBI’s proposed authentication framework addresses pervasive cybersecurity threats in India’s trading ecosystem, including unauthorized account access, SIM spoofing to divert OTPs, unauthorized account modifications, and erroneous share transfers. The consultation paper outlines a “One UCC-One Device-One SIM” framework requiring brokers to implement:\

• Hard binding of SIM cards linking Unique Client Codes (UCC) to registered mobile devices and SIM cards
• Biometric authentication for primary device login with PIN alternatives
• QR-based multi-device access with proximity and time-sensitive controls for desktop and laptop trading
• Enhanced trading controls including session monitoring, temporary account locks, and transaction limits

1Kosmos addresses the SEBI mandate to secure trading environments—specifically SIM binding and biometric authentication—through a suite of capabilities that map directly to the requirements detailed in SEBI’s consultation paper.

1. SIM Binding: Device, SIM, and Account Hard Linking

   SEBI Requirement: The hard binding of the SIM with a Unique Client Code (UCC) proves that the user is in possession of the registered mobile number, ensuring only authorized devices and numbers can access trading accounts.
   This is to prevent SIM swap fraud and unauthorized access.

   1Kosmos Solution: 1Kosmos enables SIM binding by detecting the SIM(s) in the device and validating the user’s mobile number against the one registered with the institution (e.g., broker, bank, or employer). During registration, the user is prompted to verify their phone number via a one-click operation. The platform matches this to the number on record, binding the device, SIM, and account together. This directly addresses the need for a “One UCC-One Device-One SIM” authentication approach.

2. Biometric Authentication

   SEBI Requirement: Mandatory biometric authentication on the primary SIM-bound device for login, with alternatives like PIN as a fallback.

   1Kosmos Solution: 1Kosmos offers advanced biometric authentication, including a unique capability of facial matching (LiveID), and device-native biometrics (TouchID/FaceID). LiveID uses liveness detection and compares a live selfie to the registered biometric without storing any PII on a central server. This enables high assurance identity verification and resistance to spoofing, exceeding SEBI’s requirement for robust biometric authentication on the primary device ensuring that it is a real and authorized person authenticating.

3. Multi-Device and Web Login Controls

   SEBI Requirement: QR code-based, proximity- and time-sensitive authentication for logging in from additional devices (e.g., desktop, laptop), with strict session controls.

   1Kosmos Solution: The platform supports QR code-based authentication for secondary devices, ensuring that new sessions are authorized from the primary SIM-bound device. Session management features allow users to monitor and revoke active sessions, aligning with SEBI’s multi-device controls.

4. Fallback and Recovery Mechanisms

   SEBI Requirement: Procedures for device/SIM change or loss, including KYC reverification for continuity of access.

   1Kosmos Solution: 1Kosmos supports secure account recovery and re-binding via identity proofing (using government-issued IDs or telco verification) and multi-factor authentication, ensuring compliance with fallback requirements.

5. Family Accounts and Authorization

   SEBI Requirement: Allowing a single device/SIM to be linked to multiple UCCs for family accounts, with explicit authorization.

   1Kosmos Solution: The platform’s flexible identity management and consent-based linking support scenarios where one device/SIM is authorized for multiple related accounts, and permissions are managed through documented mandates.

6. Compliance, Privacy, and Security
   SEBI Requirement: High standards for data protection, privacy, and regulatory compliance.

   1Kosmos Solution: 1Kosmos is certified to FIDO2, NIST 800-63-3, ISO/IEC 30107-1, ISO/IEC 30107-3, SOC2, and ISO 27001 standards. User data is encrypted and stored on a private, permissioned ledger, accessible only by the user’s private key, ensuring privacy by design and regulatory compliance for sensitive financial data.

Get the Complete SEBI Compliance Mapping

1. Regulatory Compliance by Design
   • FIDO2, NIST 800-63-3, ISO/IEC 30107-1/3 certified with Level 2 Presentation Attack Detection (PAD-2)
   • SOC2 Type II and ISO 27001 compliant with over 421 security controls
   • FedRAMP High authorized for protecting critical infrastructure by US Government agencies
   • Privacy by design with W3C DID standards and distributed identity architecture
   • 1Kosmos LiveID uses liveness detection with certified presentation attack detection, comparing live selfie to registered biometric template
2. Indian Market Optimization
• Multi-language support for regional trading platforms
• Low-bandwidth optimization for rural connectivity challenges
• Basic phone fallback through secure IVRS integration for users without smartphones
• API-driven coexistence models to integrate with legacy systems without systemwide disruptions
3. Enterprise-Grade Scalability
   • 99.999% uptime SLA with global redundancy and continuous monitoring
   • Millions of daily authentications across existing deployments worldwide
   • APIs & federated authentication support for major trading platforms, including integration capabilities for legacy Java systems, SSO portals, and Active Directory
4. India Market Commitment
   • Dedicated India team and office providing local market expertise and support
   • Growing experience with Indian financial institutions and regulatory requirements
   • Partnership approach focused on learning market nuances and building long-term relationships
   • Commitment to pilot programs allowing brokers to validate solutions before fullscale deployment