The Business Challenge
Know Your Customer guidelines require organizations to digitally transform their citizen onboarding. Once enrolled, citizens can then use their identity to authenticate access to online services, eliminating passwords, legacy MFA and virtually all risk of identity impersonation, account takeover, and transaction fraud. The FIDO2 biometric authentication and storage of citizen information in a distributed ledger to W3C DID standards ensures the very highest level of privacy.
In the United States, the wake of escalating data breaches and ransomware attacks, federal agencies are now subject to the Executive Order on Improving the Nation’s Cybersecurity. Which impacts security measures put into place and KYC guidelines help meet the order.
With 1Kosmos, government organizations can verify citizen identities, increase citizen engagement, protect logins and reduce friction while maintaining the highest level of security with a frictionless user experience.
The 1Kosmos Advantage
NIST 800-63-3 platform certification supports remote identity proofing to comply with Know Your Customer (KYC) mandates.
Because our platform is FIDO2 and NIST 800-63-3 certified, it provides certified identity assurance level 2 (IAL2) and certified authentication assurance level 2 (AAL2).
1Kosmos BlockID verifies credentials such as driver’s licenses, passports, and government-issued ID cards in 150 countries in accordance with W3C VC standards, with agent assistance if necessary. In addition, our platform complies with industry certifications for handling and retention of sensitive data.
1Kosmos offers multiple ways to verify identities to enable governments to trust that they are transacting with legitimate citizens who are who they claim to be. In addition, our systems are designed and certified to industry open standards to evolve with the needs of our customers.
Easy self-service citizen enrollment and verification automates citizens through the onboarding experience with little overhead, errors, and friction.
Citizen enrollment is a remote-first experience and starts by downloading a mobile application or accessible through a desktop and web browser. The 1Kosmos BlockID experience can be white-labeled or embedded via API / SDK into an existing government application or service. Citizens enroll their biometrics and verify their identity. Depending on the identity assurance required, citizens can utilize government issued credentials (driver’s license, passport, national ID) or banking and telco account credentials to verify their identities. This process takes less than a minute to complete.
The result is a digital wallet that is a NIST 800-63-3 certified Identity assurance level 2 (IAL2) — and a FIDO2 certified biometric authentication credential. All of this takes a few minutes, but the benefits are substantial. Citizens can now share their identity to securely access new or existing services. The citizen identity data is stored safely in a decentralized identity platform that meets W3C DID standards, accessible only by the user, sharable only with their permission.
Privacy by design.
For identity-based access to work correctly, organizations need to build identity assurance, meaning identities must be verified and enrolled. Once the identity is verified and enrolled, it can be tied to a digital identity wallet and used with user permission across multiple platforms and areas.
The digital wallet enables a portable identity and allows citizens to manage and choose when and how they share their PII data. From a government agency point of view, with a digital wallet, agencies can support citizens as they move through and require access to new or additional services. Placing all data in the 1Kosmos decentralized identity platform secures the PII data and the data is now a user-controlled wallet that is updated as the citizen needs new services or updates existing credentials.
The data captured during the document verification process is managed through the citizen’s digital identity wallet. The data is encrypted and stored in a distributed ledger, accessible only via a FIDO2 certified private-public key pair secured in the TPM / Secure Enclave of a device and under sole control by the user via their biometric. The citizen identity can be secured across multiple devices and since there is no user store, there is no honey pot of personally identifiable information to secure against the threat of data breach.
Organizations will place PII data under user control and eliminate the threat of data breach.
During enrollment, information collected from scanned credentials is encrypted and stored in a distributed ledger to the W3C DID standard, accessible only via a FIDO2 certified private-public key pair secured in the TPM / Secure Enclave of a device and under sole control by the user via their live biometric selfie.
Without the private key, the data cannot be decrypted. There is no central authority overseeing data access other than the user in possession of the private key.
PII Data is only transmitted for the purpose of creating a new account or registering for new services, after user consent is given. This happens via an explicit permission request and confirmation via the mobile app. Since there the data is stored in a distributed identity platform there is no centralized storage of user information, there is no honey pot of personally identifiable Information to secure against the threat of data breach.