Employee Onboarding

LiveID biometric matching defies spoofing and verifies the individual not just device-level access

To overcome facial spoofing through the use of a photo, video, mask, or a different substitute for the actual face of a legitimate person, we’ve developed “LiveID”, which is essentially a short selfie video. This is matched to the image on a scanned credential …  the photo on a driver’s license or a passport, for example … to verify a likeness.

LiveID is a real biometric, not just the phone’s interpretation of someone’s face or finger. This means that any time LiveID is used, it is compared to the biometric captured during the enrollment process.

We call this a liveness test and it is performed to verify if the biometric traits of an individual are from a living person rather than from an artificial or lifeless person. 

After enrollment, a liveness test is performed each time a user needs access to online services. When the live test doesn’t match the test performed during the enrollment process, the authentication fails.  The liveness is also used to verify compromised TouchID and FaceID forms of device biometrics.

A digital wallet captures and secures for reuse digital identity information from multiple sources

During onboarding of employees, we create a digital wallet that can be used for storing other types of digital credentials, for example, educational, vocational or professional certificates that a worker may from time to time need to present on demand.

This happens through a digital binding process between the user’s device and target system using a FIDO2 certified private-public key pair.

The combination of the private key stored in the secure enclave / trusted platform module of the device (what you have) and the LiveID biometric (what you are) supported by our NIST 800-63-3 certified platform serve as strong authenticators for the associated identity.

All information associated with the wallet is encrypted and stored in a private distributed ledger which is based on W3C DID standards  with the private key under sole control of the owner, who then determines specifically what information is shared at the time they request access to an online service. This keeps information safe and ready for access when needed.

Privacy by design secures personal information under user control and eliminates threat of data breach

During enrollment, information collected from scanned credentials is encrypted and stored in a distributed ledger to the W3C DID standard, accessible only via a private-public key pair secured in the TPM / Secure Enclave of a device and under sole control by the user via their live biometric selfie.

Without the private key, the data cannot be decrypted. There is no central authority overseeing data access other than the user in possession of the private key.

Data is only transmitted to the human resources information system after user consent is given. This happens via an explicit permission request and confirmation via the mobile app.

Since there is no user store and no centralized storage of user information, there is no honey pot of personally identifiable Information to secure against the threat of data breach.

Personal information shared automatically on consent with HRIS eliminating manual data entry

When a worker consents to sharing their information with the Human Resources department, the data is transmitted automatically to the final destination without ever being in the clear.

We have implemented advanced security protocols and processes in compliance with the strictest standards for handling and retention of sensitive data including GDPR, SOC2, and ISO 27001.

This eliminates any need to email, fax or use SMS messaging to communicate sensitive information and confidential documents, or the information they contain.