The Business Challenge

The global pandemic put government agencies under pressure to accelerate digital transformation of resident services and to combat escalating phishing, ransomware and data breach attacks. Federal agencies must now comply with executive order 14058 to make digital services accessible and executive order 14028 to implement multifactor authentication (MFA) and move toward a Zero Trust architecture. 

For states, rampant unemployment fraud related to COVID relief has made resident identity proofing an imperative for the delivery of online services. Not to be excluded, municipalities and public utilities increasingly find themselves the target of ransomware and data breaches.

1Kosmos identity verification supports remote worker and resident onboarding, detecting and blocking stolen or synthetic identities during a customizable self-service registration workflow. Legitimate individuals receive a strong, identity-backed identity wallet that replaces passwords with modern biometric MFA that exceeds NIST, UK DIATF, FIDO2 and iBeta DEA EPCS specifications.

During all steps in these processes, personally identifiable information (PII) in the reusable wallet is secured through a decentralized identity architecture using a private, permissioned blockchain that delivers the very highest level of security while giving users complete control over what information they share when accessing digital services.

The 1Kosmos Advantage

Automate Identity Verification for Citizens
1Kosmos digital identity provides a streamlining and citizen friendly remote onboarding experience delivered via an app or apples experience. Citizens can create and manage a digital identity that is secure, private, and easy to use. Our identity proofing utilizes a user’s driver’s license, passport, or National ID to verify user identity and is completed within a few minutes with 99%+ identity proofing accuracy and 99%+ spoofing and counterfeit detection.

Our solutions support document verification for over 205 countries. We can also verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods. 1Kosmos detects stolen and synthetic identity fraud through a our self-service, tightly aligned to the Know Your Customer (KYC) enrollment process.

The verified identity can be now be used to access to their medical records, prescriptions, and other sensitive information.

By deploying 1Kosmos BlockID, healthcare providers can streamline the patient onboarding process, reducing the time and resources required for identity verification and authentication. And as a result improve the patient experience, as well as reduce the risk of fraud and data breaches. Patients can be confident that their personal information is secure, only accessible by them, and cannot be tampered with or altered.
Address All of Your Authentication Needs
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.

The BlockID platform comes with several convenient features, such as password forgot/reset for customers. The password reset feature utilizes user biometrics to ensure the validity of the request. For mobile, citizens can authenticate via any of seven authentication methods including device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and Mac TouchID.

BlockID also integrates via industry authentication standards such as OAuth, OIDC, SAML, and FIDO. It also offers legacy support via RADIUS and supports interoperability across all major operating systems for both desktop and mobile.
Empower Users to Control Their Personal Information
Privacy and security of citizen biometrics and other personal identifiable Information (PII) is critical to comply with GDPR and 230+ similar regulations around the world. It’s also important to give patients the assurance they need that their information is not accessible without their explicit consent.

1Kosmos places users in sole control of their own information by securing information via cryptographically paired public-private key architecture. For added security, 1Kosmos BlockID utilizes a private and permissioned blockchain to decentralize data, eliminating administrative access to a centralized “honeypot” of information that hackers often target in data breach or ransomware attacks.

All updates are encrypted and written according to W3C DID standard, ensuring privacy, security and complete auditability. Only the enrolled user has access to the private key required to access and share their information at any time and with any online service.
Utilize or Become a Credential Service Provider (CSP) with Ease
Credential Service Providers are trusted entities responsible for registration of user authenticators and issuing electronic credentials to users. 1Kosmos offers white-label solutions that can enable a government organization to become a CSP. Subscribers of the CSP – citizens - can use the 1Kosmos identity verification journey and share data with relying parties after giving their consent.

Identity verification is the first step in establishing a user’s eligibility for a digital service. 1Kosmos remotely verifies identities with a NIST compliant, customizable journey-based identity verification workflow that presents low friction user experience. Citizen PII is never stored in a centralized database. This information is under the citizen's control, and this approach offers a significantly lower risk of compromise.

PII information is stored in the user’s identity wallet, protected with a unique pin, and can only be unlocked with consent from the user. During account creation, every user is provided with a web-based wallet where information about their identity is stored. Once a citizen completes identity verification with 1Kosmos, they never need to reach for their government-issued ID’s again.

After the citizens verified credential is created, citizens will simply share select information with relying parties as and when required and only after explicitly consenting to it.
Automate Identity Verification for Citizens
1Kosmos digital identity provides a streamlining and citizen friendly remote onboarding experience delivered via an app or apples experience. Citizens can create and manage a digital identity that is secure, private, and easy to use. Our identity proofing utilizes a user’s driver’s license, passport, or National ID to verify user identity and is completed within a few minutes with 99%+ identity proofing accuracy and 99%+ spoofing and counterfeit detection.

Our solutions support document verification for over 205 countries. We can also verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods. 1Kosmos detects stolen and synthetic identity fraud through a our self-service, tightly aligned to the Know Your Customer (KYC) enrollment process.

The verified identity can be now be used to access to their medical records, prescriptions, and other sensitive information.

By deploying 1Kosmos BlockID, healthcare providers can streamline the patient onboarding process, reducing the time and resources required for identity verification and authentication. And as a result improve the patient experience, as well as reduce the risk of fraud and data breaches. Patients can be confident that their personal information is secure, only accessible by them, and cannot be tampered with or altered.
Address All of Your Authentication Needs
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.

The BlockID platform comes with several convenient features, such as password forgot/reset for customers. The password reset feature utilizes user biometrics to ensure the validity of the request. For mobile, citizens can authenticate via any of seven authentication methods including device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and Mac TouchID.

BlockID also integrates via industry authentication standards such as OAuth, OIDC, SAML, and FIDO. It also offers legacy support via RADIUS and supports interoperability across all major operating systems for both desktop and mobile.
Empower Users to Control Their Personal Information
Privacy and security of citizen biometrics and other personal identifiable Information (PII) is critical to comply with GDPR and 230+ similar regulations around the world. It’s also important to give patients the assurance they need that their information is not accessible without their explicit consent.

1Kosmos places users in sole control of their own information by securing information via cryptographically paired public-private key architecture. For added security, 1Kosmos BlockID utilizes a private and permissioned blockchain to decentralize data, eliminating administrative access to a centralized “honeypot” of information that hackers often target in data breach or ransomware attacks.

All updates are encrypted and written according to W3C DID standard, ensuring privacy, security and complete auditability. Only the enrolled user has access to the private key required to access and share their information at any time and with any online service.
Utilize or Become a Credential Service Provider (CSP) with Ease
Credential Service Providers are trusted entities responsible for registration of user authenticators and issuing electronic credentials to users. 1Kosmos offers white-label solutions that can enable a government organization to become a CSP. Subscribers of the CSP – citizens - can use the 1Kosmos identity verification journey and share data with relying parties after giving their consent.

Identity verification is the first step in establishing a user’s eligibility for a digital service. 1Kosmos remotely verifies identities with a NIST compliant, customizable journey-based identity verification workflow that presents low friction user experience. Citizen PII is never stored in a centralized database. This information is under the citizen's control, and this approach offers a significantly lower risk of compromise.

PII information is stored in the user’s identity wallet, protected with a unique pin, and can only be unlocked with consent from the user. During account creation, every user is provided with a web-based wallet where information about their identity is stored. Once a citizen completes identity verification with 1Kosmos, they never need to reach for their government-issued ID’s again.

After the citizens verified credential is created, citizens will simply share select information with relying parties as and when required and only after explicitly consenting to it.
Strengthen Security with Verified Identity
Most logins assume identity, leaving IT and security teams hoping they’ve granted access to the legitimate user. 1Kosmos proves identity and provides flexibility to tailor the levels of identity assurance for different workers or groups of users.

For example, executives and workers with privileged access might require the highest assurance with liveness detection (ie, IAL2), whereas workers in routine office functions might only need to match their biometric to an employment photo on file or use a device-level biometric.

We support both drivers license and passport verification via app-based or appless enrollment and can verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.

The 1Kosmos BlockID platform is not only complaint-to NIST 800-63-3, but fully certified to that standard by Kantara.
Build Secure Authentication Through Verified Identity
After employment verification, organizations typically issue weak credentials such as user ID and password or some type of biometric that assumes identity on each use. The 1Kosmos approach to identity verification generates a verified credential and utilizes it as an artifact for passwordless MFA. The credential is used by the healthcare employee to access their endpoints any required applications.

Verified identity is matched to the user’s biometric captured at enrollment, and since the BlockID platform is certified to FIDO2 standards and bound to a public / private key pair, the biometric can’t be spoofed and their session can’t be compromised. Every access attempt physically verifies the healthcare provider's identity leaving no chance for impostors to login.

The flexibility built into the 1Kosmos platform enables security teams to deploy authentication methods that match the associated risk, meaning, practitioners can authenticate via device biometrics, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and Mac TouchID, or user biometric.
Give Admins and DevOps the Tools They Need
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.

NIST 800-63-3, UK DIATF, FIDO2, ISO27001, and iBeta DEA EPCS are contemporary technical standards designed to ensure security and interoperability for biometric authentication and passwordless access. 1Kosmos is certified to these standards and our solution has passed rigorous testing to validate our development is to the highest quality standards.

As a cloud-based identity provider, BlockID comes with several exciting administration features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Azure, Ping, Okta, O365, and more.
Address All of Your Authentication Needs
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.

The BlockID platform comes with several convenient features, such as password reset for legacy or incompatible business applications. The password reset feature utilizes user biometrics to ensure the validity of the request.

For mobile, Windows and Mac workers can authenticate via any of seven authentication methods including device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and MAC TouchID.

BlockID also integrates via industry authentication standards such as OAuth, OIDC, SAML, and FIDO. It also offers legacy support via RADIUS and supports interoperability across Windows, Office365, Mac, iOS, Android, Linux, and Unix operating systems.
Strengthen Security with Verified Identity
Most logins assume identity, leaving IT and security teams hoping they’ve granted access to the legitimate user. 1Kosmos proves identity and provides flexibility to tailor the levels of identity assurance for different workers or groups of users.

For example, executives and workers with privileged access might require the highest assurance with liveness detection (ie, IAL2), whereas workers in routine office functions might only need to match their biometric to an employment photo on file or use a device-level biometric.

We support both drivers license and passport verification via app-based or appless enrollment and can verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.

The 1Kosmos BlockID platform is not only complaint-to NIST 800-63-3, but fully certified to that standard by Kantara.
Build Secure Authentication Through Verified Identity
After employment verification, organizations typically issue weak credentials such as user ID and password or some type of biometric that assumes identity on each use. The 1Kosmos approach to identity verification generates a verified credential and utilizes it as an artifact for passwordless MFA. The credential is used by the healthcare employee to access their endpoints any required applications.

Verified identity is matched to the user’s biometric captured at enrollment, and since the BlockID platform is certified to FIDO2 standards and bound to a public / private key pair, the biometric can’t be spoofed and their session can’t be compromised. Every access attempt physically verifies the healthcare provider's identity leaving no chance for impostors to login.

The flexibility built into the 1Kosmos platform enables security teams to deploy authentication methods that match the associated risk, meaning, practitioners can authenticate via device biometrics, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and Mac TouchID, or user biometric.
Give Admins and DevOps the Tools They Need
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.

NIST 800-63-3, UK DIATF, FIDO2, ISO27001, and iBeta DEA EPCS are contemporary technical standards designed to ensure security and interoperability for biometric authentication and passwordless access. 1Kosmos is certified to these standards and our solution has passed rigorous testing to validate our development is to the highest quality standards.

As a cloud-based identity provider, BlockID comes with several exciting administration features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Azure, Ping, Okta, O365, and more.
Address All of Your Authentication Needs
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.

The BlockID platform comes with several convenient features, such as password reset for legacy or incompatible business applications. The password reset feature utilizes user biometrics to ensure the validity of the request.

For mobile, Windows and Mac workers can authenticate via any of seven authentication methods including device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and MAC TouchID.

BlockID also integrates via industry authentication standards such as OAuth, OIDC, SAML, and FIDO. It also offers legacy support via RADIUS and supports interoperability across Windows, Office365, Mac, iOS, Android, Linux, and Unix operating systems.

Contact us for more information!

Insights
Learn how Indisputable Digital Identities are Created with Biometrics and a Blockchain