The Business Challenge
Employee Eligibility Verification (e.g., I9 in the United States) requires employers to examine and determine as genuine documents that verify the identity of an individual as well as their eligibility for employment.
Many workers have grown accustomed to emailing static images of government-issued identity documents, but this can lead to unintended disclosure at multiple points should either the devices or the accounts with access to the email or storage locations become compromised.
But poor quality copies typically result in lengthy back and forth exchanges, propagating multiple copies across devices and communication channels and frustrating all parties involved.
But even with valid documents, the true identity of the person sending the documents from a remote location is not verified through this process.
Because they are not appearing in person, the individual submitting the documents might be different from the person starting work as an employee or contractor. Unfortunately, this happens all too frequently.
The BlockID Advantage
Self service document verification automates workflow and alleviates administrative overhead
The beauty of our system is the users enroll their own identity. We start by sending an invitation via email or text to install and launch the app, which they use to enroll their biometrics and scan credentials. This process takes less than a minute to complete and does not require IT involvement.
When users scan their identity documents (e.g, Drivers License), we’ll scan the front of a driver’s license and the “PDF417” barcode on the back, performing real-time ID card detection and classification.
For passports we’ll read the “MRZ” data, perform UV, white light and ink-depth checks, and scan the embedded RFID chip.
Within minutes, we verify the validity of those credentials and the information they contain to W3C VC standards using artificial intelligence (AI) and leading third-party verification services, if necessary.
Our mobile app has built in zero-trust checks to verify the patch level, device security, jailbroken status, etc, to ensure device integrity, particularly in bring-your-own-device environments.
LiveID biometric matching defies spoofing and verifies the individual not just device-level access
To overcome facial spoofing through the use of a photo, video, mask, or a different substitute for the actual face of a legitimate person, we’ve developed “LiveID”, which is essentially a short selfie video. This is matched to the image on a scanned credential … the photo on a driver’s license or a passport, for example … to verify a likeness.
LiveID is a real biometric, not just the phone’s interpretation of someone’s face or finger. This means that any time LiveID is used, it is compared to the biometric captured during the enrollment process.
We call this a liveness test and it is performed to verify if the biometric traits of an individual are from a living person rather than from an artificial or lifeless person.
After enrollment, a liveness test is performed each time a user needs access to online services. When the live test doesn’t match the test performed during the enrollment process, the authentication fails. The liveness is also used to verify compromised TouchID and FaceID forms of device biometrics.
A digital wallet captures and secures for reuse digital identity information from multiple sources
During onboarding of employees, we create a digital wallet that can be used for storing other types of digital credentials, for example, educational, vocational or professional certificates that a worker may from time to time need to present on demand.
This happens through a digital binding process between the user’s device and target system using a FIDO2 certified private-public key pair.
The combination of the private key stored in the secure enclave / trusted platform module of the device (what you have) and the LiveID biometric (what you are) supported by our NIST 800-63-3 certified platform serve as strong authenticators for the associated identity.
All information associated with the wallet is encrypted and stored in a private distributed ledger which is based on W3C DID standards with the private key under sole control of the owner, who then determines specifically what information is shared at the time they request access to an online service. This keeps information safe and ready for access when needed.
Privacy by design secures personal information under user control and eliminates threat of data breach
During enrollment, information collected from scanned credentials is encrypted and stored in a distributed ledger to the W3C DID standard, accessible only via a private-public key pair secured in the TPM / Secure Enclave of a device and under sole control by the user via their live biometric selfie.
Without the private key, the data cannot be decrypted. There is no central authority overseeing data access other than the user in possession of the private key.
Data is only transmitted to the human resources information system after user consent is given. This happens via an explicit permission request and confirmation via the mobile app.
Since there is no user store and no centralized storage of user information, there is no honey pot of personally identifiable Information to secure against the threat of data breach.
Personal information shared automatically on consent with HRIS eliminating manual data entry
When a worker consents to sharing their information with the Human Resources department, the data is transmitted automatically to the final destination without ever being in the clear.
We have implemented advanced security protocols and processes in compliance with the strictest standards for handling and retention of sensitive data including GDPR, SOC2, and ISO 27001.
This eliminates any need to email, fax or use SMS messaging to communicate sensitive information and confidential documents, or the information they contain.