The Business Challenge

In the wake of escalating data breaches and ransomware attacks, federal agencies are now subject to the Executive Order on Improving the Nation’s Cybersecurity. Among the many directives for modernizing cybersecurity, the order called out the need to implement multi-factor authentication and advance to a Zero Trust architecture.

Rampant unemployment fraud related to COVID relief at the state level has also made citizen identity proofing an imperative for the delivery of online services. Not to be excluded, municipalities and public utilities increasingly find themselves the target of ransomware and data breach.

The 1Kosmos identity-based authentication solutions are delivered as secure cloud services to eliminate passwords and deliver a next generation in multi-factor authentication to support the movement toward zero trust.

Our products use advanced FIDO2 and NIST certified biometric authentication to perform citizen identification, eliminate passwords at login, and secure personal information through a decentralized identity architecture, delivering the very highest level of security without compromising privacy.

The 1Kosmos Advantage

Adopt a Zero Trust Approach With Passwordless, FIDO2 Biometric Authentication

The Zero Trust security model views trust as a vulnerability and strives to re-establish trust in users and devices through authentication and continuous monitoring of each access attempt, with custom security policies that protect every application.

Among the many elements of Zero Trust, identity verification lies at the core. This is because understanding what access is being requested, where the system is located, when the user needs access, and why the access is requested all start with the login. When the login is secured to prevent unauthorized access, all that follows becomes more manageable.

Our approach uses a digital identity created during user onboarding to perform a FIDO2 certified passwordless authentication. Because our platform is also certified to the NIST 800-63-3 guideline, it provides certified identity assurance level 2 (IAL2) and authentication assurance level 2 (AAL2). 1Kosmos BlockID is the only authentication platform certified to both standards.

At any claim of identity (e.g. login), user biometrics are verified and matched to the identity-proofed biometrics captured at enrollment (employee, contractor, partner, or citizen).

We support a TouchID, FaceID, or LiveID™, which is essentially a short selfie video. At enrollment, this is matched to the image on a credential, for example, the photo on a driver’s license or a passport, to verify a likeness.

LiveID compares the live selfie to the biometric captured during the enrollment process. This verifies that the biometric traits of an individual each time they request access match the test performed during the enrollment process. This does not require any new hardware at the edge.

Use One Citizen Identity Across Multiple Services

Citizen IDs lie at the heart of societies, allowing individuals to prove their identity in person to access services, receive entitlements and more. But what about doing this online? Physical IDs are mature, digital IDs are immature by comparison. Also, with the recent COVID pandemic, fraudulent activities have skyrocketed because agencies have difficulty validating identities online.

Citizen enrollment starts by downloading a mobile application from Apple Store or Google Play. Our mobile app can be white labelled or embedded via API / SDK into an existing app. They enroll their biometrics and scan credentials. This process takes less than a minute to complete and does not require support.

When a citizen scans their identity documents (e.g, Drivers License or passport), we’ll scan the front of a driver’s license and the “PDF417” barcode on the back, performing real-time ID card detection and classification. For passports, we’ll read the “MRZ” data, perform UV, white light and ink-depth checks, and scan the embedded RFID chip. The result is verified citizen identity set to W3C VC standards.

Use FIDO2 Certified Biometrics for Next-Generation MFA

LiveID binds the live selfie with a FIDO2 certified encrypted private-public key pair to form a next-generation multi-factor authentication solution.

Our approach to privacy and security helps ensure anyone accessing systems or data is validated with strong FIDO2 authentication. Because biometric authentication is easy to use, every user and every access attempt can be verified with minimal friction.

We use the Trusted Platform Module / Secure Enclave of a device (what you have) and a live biometric (what you are) to perform next-generation multi-factor authentication. In terminology familiar for Strong Customer Authentication, the device becomes the “possession element” and the biometric the “inherence element”. We provide certified authentication assurance level 2 (AAL2).

Our solutions offer a high degree of interoperability via API / SDK and are easily integrated with just about any operating system, SSO gateway or web-enabled system, enabling organizations to go passwordless with flexible levels of identity assurance on any target system and eliminate the need for 3rd party 2FA, one-time codes, and other external authentication devices.

Provide Strong Customer Authentication to enable NIST Compliance

Our approach uses a digital identity created during user onboarding to perform a FIDO2 certified passwordless authentication. Because our platform is also certified to the NIST 800-63-3 guideline, it provides certified identity assurance level 2 (IAL2) and authentication assurance level 2 (AAL2). 1Kosmos BlockID is the only authentication platform certified to both standards.

We verify credentials such as driver’s license, passport and government-issued ID cards in 150 countries in accordance with W3C VC standards, with agent assistance if necessary. In addition, our platform complies with GDPR, SOC2, and ISO 27001 for handling and retention of sensitive data.

We offer multiple ways to verify identities to enable businesses to trust that they are transacting with legitimate individuals who are who they claim to be. Our systems are specifically designed and certified to industry open standards to evolve with the needs of our customers.

Ready to go Passwordless?

Indisputable identity-proofing, advanced biometrics-powered passwordless authentication and fraud detection in a single application.