The Business Challenge
An increase in remote workers and resident demands for digital services following the global pandemic has accelerated the need to transform government services. Government agencies are the target of rampant fraud from job applicants and resident claims. Workers, contractors and citizens across the supply chain are affected.
In the United States and in the wake of escalating data breach and ransomware attacks, federal agencies are subject to an executive order requiring them to accelerate movement toward a zero trust architecture and adopt multi-factor authentication. Identity verification lies at the very heart of zero trust, but knowledge based verification (KBV) has been proven highly vulnerable.
1Kosmos identity verification replaces KBV with a customizable self-service journey built to meet diverse identity verification requirements, including the NIST 800-63-3 Identity Assurance Level 2 (IAL2) standard. With 1Kosmos, government organizations can verify user identities remotely and store personal information in a decentralized identity that users control. This accelerates service delivery and makes government services more accessible in a privacy preserving way.
The 1Kosmos Advantage
Identity Verification for Government Services
Strengthen Security with Verified Identity
NIST 800-63-3 platform certification supports remote identity proofing to comply with Know Your Customer (KYC) mandates.
Because our platform is FIDO2, NIST 800-63-3, and UK DIATF certified, it provides certified identity assurance level 2 (IAL2) and certified authentication assurance level 2 (AAL2).
1Kosmos BlockID verifies credentials such as driver’s licenses, passports, and government-issued ID cards in 205 countries in accordance with W3C VC standards, with agent assistance if necessary. In addition, our platform complies with industry certifications for handling and retention of sensitive data.
1Kosmos offers multiple ways to verify identities to enable governments to trust that they are transacting with legitimate citizens who are who they claim to be. In addition, our systems are designed and certified to industry open standards to evolve with the needs of our customers.
Deploy Self-Service Citizen Enrollment and Verification
Citizen enrollment is a remote-first experience and starts by downloading a mobile application or accessible through a desktop and web browser. The 1Kosmos BlockID experience can be white-labeled or embedded via API / SDK into an existing government application or service. Citizens enroll their biometrics and verify their identity. Depending on the identity assurance required, citizens can utilize government issued credentials (driver’s license, passport, national ID) or banking and telco account credentials to verify their identities. This process takes less than a minute to complete.
The result is a digital wallet that is a NIST 800-63-3 certified Identity assurance level 2 (IAL2) — and a FIDO2 certified biometric authentication credential. All of this takes a few minutes, but the benefits are substantial. Citizens can now share their identity to securely access new or existing services. The citizen identity data is stored safely in a decentralized identity platform that meets W3C DID standards, accessible only by the user, sharable only with their permission.
IAL2 – NIST 800-63-3
Empower Citizens to Control Their Personal Information
For identity-based access to work correctly, organizations need to build identity assurance, meaning identities must be verified and enrolled. Once the identity is verified and enrolled, it can be tied to a digital identity wallet and used with user permission across multiple platforms and areas.
The data captured during the document verification process is managed through the citizen’s digital identity wallet. The data is encrypted and stored in a distributed ledger, accessible only via a FIDO2 certified private-public key pair secured in the TPM / Secure Enclave of a device and under sole control by the user via their biometric. The citizen identity can be secured across multiple devices and since there is no user store, there is no honey pot of personally identifiable information to secure against the threat of data breach.
Enabling Digital Business with Decentralized Identity
Eliminate the Threat of Data Breach
During enrollment, information collected from scanned credentials is encrypted and stored in a distributed ledger to the W3C DID standard, accessible only via a FIDO2 certified private-public key pair secured in the TPM / Secure Enclave of a device and under sole control by the user via their live biometric selfie.
Without the private key, the data cannot be decrypted. There is no central authority overseeing data access other than the user in possession of the private key.
PII Data is only transmitted for the purpose of creating a new account or registering for new services, after user consent is given. This happens via an explicit permission request and confirmation via the mobile app. Since there the data is stored in a distributed identity platform there is no centralized storage of user information, there is no honey pot of personally identifiable Information to secure against the threat of data breach.