Citizen Identity Verification

Easy self-service citizen enrollment and verification automates citizens through the onboarding experience with little overhead, errors, and friction.

Citizen enrollment is a remote-first experience and starts by downloading a mobile application or accessible through a desktop and web browser. The 1Kosmos BlockID experience can be white-labeled or embedded via API / SDK into an existing government application or service. Citizens enroll their biometrics and verify their identity. Depending on the identity assurance required, citizens can utilize government issued credentials (driver’s license, passport, national ID) or banking and telco account credentials to verify their identities. This process takes less than a minute to complete.

The result is a digital wallet that is a NIST 800-63-3 certified Identity assurance level 2 (IAL2) — and a FIDO2 certified biometric authentication credential. All of this takes a few minutes, but the benefits are substantial. Citizens can now share their identity to securely access new or existing services. The citizen identity data is stored safely in a decentralized identity platform that meets W3C DID standards, accessible only by the user, sharable only with their permission.

Privacy by design.

For identity-based access to work correctly, organizations need to build identity assurance, meaning identities must be verified and enrolled. Once the identity is verified and enrolled, it can be tied to a digital identity wallet and used with user permission across multiple platforms and areas. 

The digital wallet enables a portable identity and allows citizens to manage and choose when and how they share their PII data. From a government agency point of view, with a digital wallet, agencies can support citizens as they move through and require access to new or additional services. Placing all data in the 1Kosmos decentralized identity platform secures the PII data and the data is now a user-controlled wallet that is updated as the citizen needs new services or updates existing credentials. 

The data captured during the document verification process is managed through the citizen’s digital identity wallet. The data is encrypted and stored in a distributed ledger, accessible only via a FIDO2 certified private-public key pair secured in the TPM / Secure Enclave of a device and under sole control by the user via their biometric. The citizen identity can be secured across multiple devices and since there is no user store, there is no honey pot of personally identifiable information to secure against the threat of data breach.

Organizations will place PII data under user control and eliminate the threat of data breach.

During enrollment, information collected from scanned credentials is encrypted and stored in a distributed ledger to the W3C DID standard, accessible only via a FIDO2 certified private-public key pair secured in the TPM / Secure Enclave of a device and under sole control by the user via their live biometric selfie.

Without the private key, the data cannot be decrypted. There is no central authority overseeing data access other than the user in possession of the private key.

PII Data is only transmitted for the purpose of creating a new account or registering for new services, after user consent is given. This happens via an explicit permission request and confirmation via the mobile app. Since there the data is stored in a distributed identity platform there is no centralized storage of user information, there is no honey pot of personally identifiable Information to secure against the threat of data breach.