The Business Challenge

Detecting stolen and synthetic identities at the very front end of new account origination can pay huge dividends and help make fraud targets manageable, but too often tightening fraud controls delivers an alienating experience to legitimate customers.

Through an elegant self-service KYC identity proofing workflow, 1Kosmos innovative identity proofing and authentication solutions remove friction during onboarding to accelerate customer acquisition and then gives those customers a convenient digital wallet that eliminates most account takeover and financial fraud and actually makes logging in a fun experience.

Security for workers also improves with 1Kosmos non-phishable multifactor authentication that enables organizations to confidently phase out passwords while easing all users into their new and modern authentication experience.

The 1Kosmos Advantage

Strengthen Security with Verified Identity
Most logins assume identity, leaving IT and security teams hoping they’ve granted access to the legitimate user. 1Kosmos proves identity and provides flexibility to tailor the levels of identity assurance for different workers or groups of users.

For example, executives and workers with privileged access might require the highest assurance with liveness detection (ie, IAL2), whereas workers in routine office functions might only need to match their biometric to an employment photo on file or use a device-level biometric.

We support both drivers license and passport verification via app-based or appless enrollment and can verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.

The 1Kosmos BlockID platform is not only complaint-to NIST 800-63-3, but fully certified to that standard by Kantara.
Build Secure Authentication Through Verified Identity
After employment verification, organizations typically issue weak credentials such as user ID and password or some type of biometric that assumes identity on each use. The 1Kosmos approach to identity verification generates a verified credential and utilizes it as an artifact for passwordless MFA. The credential is used by the employee to access their endpoints any required applications.

Verified identity is matched to the user’s biometric captured at enrollment, and since the BlockID platform is certified to FIDO2 standards and bound to a public / private key pair, the biometric can’t be spoofed and their session can’t be compromised. Every access attempt physically verifies the healthcare provider's identity leaving no chance for impostors to login.

In a typical deployment, workers are given the option to login via their user ID and password or use 1Kosmos to go passwordless via a QR code placed on the same screen. This side-by-side deployment option accelerates adoption.

With 1Kosmos organizations deploy a single authentication platform where users can authenticate with a high authenticator assurance level via a QR Code.
Deploy What You Need, When You Need It
As a cloud-based identity provider, 1Kosmos BlockID comes with several exciting administration features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Azure, Ping, Okta, O365, and more.

Alternatively, by implementing our mobile SDK/API, you can securely integrate all functionality into your existing app or service. This approach eliminates silos created when managing multiple apps and services.
Address All of Your Authentication Needs
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.

The BlockID platform comes with several convenient features, such as password reset for legacy or incompatible business applications. The password reset feature utilizes user biometrics to ensure the validity of the request.

For mobile, Windows and Mac workers can authenticate via any of seven authentication methods including: device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and MAC TouchID.

BlockID also integrates via industry authentication standards such as OAuth, OIDC, SAML, and FIDO. It also offers legacy support via RADIUS and supports interoperability across Windows, Office365, Mac, iOS, Android, Linux, and Unix operating systems.
Strengthen Security with Verified Identity
Most logins assume identity, leaving IT and security teams hoping they’ve granted access to the legitimate user. 1Kosmos proves identity and provides flexibility to tailor the levels of identity assurance for different workers or groups of users.

For example, executives and workers with privileged access might require the highest assurance with liveness detection (ie, IAL2), whereas workers in routine office functions might only need to match their biometric to an employment photo on file or use a device-level biometric.

We support both drivers license and passport verification via app-based or appless enrollment and can verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.

The 1Kosmos BlockID platform is not only complaint-to NIST 800-63-3, but fully certified to that standard by Kantara.
Build Secure Authentication Through Verified Identity
After employment verification, organizations typically issue weak credentials such as user ID and password or some type of biometric that assumes identity on each use. The 1Kosmos approach to identity verification generates a verified credential and utilizes it as an artifact for passwordless MFA. The credential is used by the employee to access their endpoints any required applications.

Verified identity is matched to the user’s biometric captured at enrollment, and since the BlockID platform is certified to FIDO2 standards and bound to a public / private key pair, the biometric can’t be spoofed and their session can’t be compromised. Every access attempt physically verifies the healthcare provider's identity leaving no chance for impostors to login.

In a typical deployment, workers are given the option to login via their user ID and password or use 1Kosmos to go passwordless via a QR code placed on the same screen. This side-by-side deployment option accelerates adoption.

With 1Kosmos organizations deploy a single authentication platform where users can authenticate with a high authenticator assurance level via a QR Code.
Deploy What You Need, When You Need It
As a cloud-based identity provider, 1Kosmos BlockID comes with several exciting administration features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Azure, Ping, Okta, O365, and more.

Alternatively, by implementing our mobile SDK/API, you can securely integrate all functionality into your existing app or service. This approach eliminates silos created when managing multiple apps and services.
Address All of Your Authentication Needs
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.

The BlockID platform comes with several convenient features, such as password reset for legacy or incompatible business applications. The password reset feature utilizes user biometrics to ensure the validity of the request.

For mobile, Windows and Mac workers can authenticate via any of seven authentication methods including: device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and MAC TouchID.

BlockID also integrates via industry authentication standards such as OAuth, OIDC, SAML, and FIDO. It also offers legacy support via RADIUS and supports interoperability across Windows, Office365, Mac, iOS, Android, Linux, and Unix operating systems.
Automate KYC and AML Compliant Identity Verification
During customer onboarding, 1Kosmos detects stolen and synthetic identity fraud through a self-service, Know Your Customer (KYC) enrollment process.

Our identity proofing utilizes a user’s driver’s license, passport, or National ID to verify user identity and is completed within a few minutes with 99%+ identity proofing accuracy and 99%+ spoofing and counterfeit detection. Our solutions support document verification for over 205 countries. We can also verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.

The extracted data is used to build a convenient reusable digital wallet for frictionless biometric MFA and to give users control over their captured PII data.

The BlockID platform is certified to FIDO2, NIST 800-63-3 (by Kantara) and iBeta DEA EPCS standards.
Implement Non-Phishable Multi-Factor Authentication
After identity verification, 1Kosmos BlockID provides an authentication platform to support biometric passwordless multi-factor authentication. Our Identity proofing provides flexible levels of identity assertion.

1Kosmos BlockID authentication methods are available through our SDK, and can be easily integrated into an existing mobile app or delivered through the 1Kosmos BlockID app, which can be white labeled.

Users will authenticate via any of our methods depending on the business need, the risk profile of the activity, and the security requirement for each access request. These methods include: device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and Mac TouchID.
Empower Customer Managed Privacy
During enrolment, information collected from scanned credentials is encrypted, and (for the highest level of security) stored in a distributed ledger compliant to the W3C DID standard. As such, they are accessible only via a FIDO2 certified public/private key pair secured in the TPM/Secure Enclave of a device and under sole control of the user, typically via their live biometric selfie, made possible by our innovative LiveID feature.

Without the private key, data cannot be decrypted, accessed or shared. There is no central authority overseeing data access other than the user possessing the private key.

For deployments that will continue to need passwords, customers will ultimately forget their passwords and require a reset. The digital wallet has a convenient password reset feature that provides users a self-service reset option that can utilize biometrics to ensure the validity of the request.

Since there is no user store and no centralized storage of user information, there is no honeypot of personally identifiable information to secure against the threat of data breach. This improves an organization’s compliance.
Deploy What You Need to Meet Customer Expectations
Many people believe that passwordless customer authentication is difficult to deploy. Others just want to migrate from their antiquated 2FA systems and go passwordless gradually to stay with customer expectations. Still, others have some passwordless capabilities but want to improve security because there are gaps in their current deployment.

A result of our flexible architecture is an ability to meet the needs of most any workflow. As new mandates, regulations or even integrations come to market (e.g., open banking) as an example, the 1Kosmos API framework can help organizations quickly adapt and integrate, providing a future proof platform.

As a cloud-based identity provider, BlockID comes with several features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Azure, Ping, Okta, ForgeRock, and more.

1Kosmos BlockID APIs comply with the strictest GDPR, SOC2, and ISO 27001 certification standards for the handling and retention of sensitive data, so you can connect customers to anything you need for strong customer engagement.
Automate KYC and AML Compliant Identity Verification
During customer onboarding, 1Kosmos detects stolen and synthetic identity fraud through a self-service, Know Your Customer (KYC) enrollment process.

Our identity proofing utilizes a user’s driver’s license, passport, or National ID to verify user identity and is completed within a few minutes with 99%+ identity proofing accuracy and 99%+ spoofing and counterfeit detection. Our solutions support document verification for over 205 countries. We can also verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.

The extracted data is used to build a convenient reusable digital wallet for frictionless biometric MFA and to give users control over their captured PII data.

The BlockID platform is certified to FIDO2, NIST 800-63-3 (by Kantara) and iBeta DEA EPCS standards.
Implement Non-Phishable Multi-Factor Authentication
After identity verification, 1Kosmos BlockID provides an authentication platform to support biometric passwordless multi-factor authentication. Our Identity proofing provides flexible levels of identity assertion.

1Kosmos BlockID authentication methods are available through our SDK, and can be easily integrated into an existing mobile app or delivered through the 1Kosmos BlockID app, which can be white labeled.

Users will authenticate via any of our methods depending on the business need, the risk profile of the activity, and the security requirement for each access request. These methods include: device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and Mac TouchID.
Empower Customer Managed Privacy
During enrolment, information collected from scanned credentials is encrypted, and (for the highest level of security) stored in a distributed ledger compliant to the W3C DID standard. As such, they are accessible only via a FIDO2 certified public/private key pair secured in the TPM/Secure Enclave of a device and under sole control of the user, typically via their live biometric selfie, made possible by our innovative LiveID feature.

Without the private key, data cannot be decrypted, accessed or shared. There is no central authority overseeing data access other than the user possessing the private key.

For deployments that will continue to need passwords, customers will ultimately forget their passwords and require a reset. The digital wallet has a convenient password reset feature that provides users a self-service reset option that can utilize biometrics to ensure the validity of the request.

Since there is no user store and no centralized storage of user information, there is no honeypot of personally identifiable information to secure against the threat of data breach. This improves an organization’s compliance.
Deploy What You Need to Meet Customer Expectations
Many people believe that passwordless customer authentication is difficult to deploy. Others just want to migrate from their antiquated 2FA systems and go passwordless gradually to stay with customer expectations. Still, others have some passwordless capabilities but want to improve security because there are gaps in their current deployment.

A result of our flexible architecture is an ability to meet the needs of most any workflow. As new mandates, regulations or even integrations come to market (e.g., open banking) as an example, the 1Kosmos API framework can help organizations quickly adapt and integrate, providing a future proof platform.

As a cloud-based identity provider, BlockID comes with several features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Azure, Ping, Okta, ForgeRock, and more.

1Kosmos BlockID APIs comply with the strictest GDPR, SOC2, and ISO 27001 certification standards for the handling and retention of sensitive data, so you can connect customers to anything you need for strong customer engagement.

Contact us for more information!