The Challenge of Identity Management

Identity management has been a challenge for individuals and organizations for years, especially in the digital world. One individual may have a different digital identity to log in to a streaming service account, another for her work email, and yet another for personal finances. Often, the proofing process, especially in a remote environment, gives hackers ample opportunity to impersonate someone.

As Peter Steiner, the New Yorker cartoonist, said, “On the internet, nobody knows you’re a dog.” The truth is, for some low level services, being a “dog” works perfectly fine. For other services, like transferring thousands of dollars out of a personal bank account, a high level of assurance is needed. Indisputable proofing is required in these high-risk situations that demand a heightened level of assurance.

Is Digital Identity Assurance Possible?

How is a high level of assurance possible in a digital world? The NIST Special Publication SP 800-63-2 guidelines mitigate the negative impact of authentication errors by separating individual elements of identity assurance into distinct parts, according to their Digital Identity Guidelines. Non-federated systems choose two components, Identity Assurance Level (IAL), which refers to the proofing process, and Authenticator Assurance Level (AAL), which refers to the authentication process.

The separation of the categories is particularly important because it allows for flexibility when choosing identity solutions and allows for a greater level of user privacy. For example, instead of accessing date of birth to verify age, a user can simply choose to share if they are above a certain age instead. This allows users more control over their identity by limiting the amount of personal information that needs to be collected.

1Kosmos Is Approved by Kantara Initiative to Reach IAL2 and AAL2

1Kosmos-BlockID is proud to be approved by Kantara Initiative as a Full Service, conformant with NIST SP 800-63 rev. 3 Class of Approval at IAL2 and AAL2 which are described below, according to NIST Digital Identity Guidelines:

  • IAL2: Evidence supports the real-world existence of the claimed identity and verifies that the applicant is appropriately associated with this real-world identity. IAL2 introduces the need for either remote or physically-present identity proofing. Attributes can be asserted by CSPs to RPs in support of pseudonymous identity with verified attributes.
  • AAL2: AAL2 provides high confidence that the claimant controls authenticator(s) bound to the subscriber’s account. Proof of possession and control of two distinct authentication factors is required through secure authentication protocol(s). Approved cryptographic techniques are required at AAL2 and above.

Indisputable Verification=Systematic Fraud Prevention

1Kosmos’ passwordless solution uses an advanced form of biometrics called a liveness test that secures the identity of your employees who need to authenticate and access your systems and internal web resources. A hacker cannot reproduce and compromise the analysis and result of a liveness test, so the fear of having one’s fingerprints copied, face spoofed or voice replicated is eliminated. Live ID brings an extra, uncompromisable level of authentication.

With a simple blink of an eye and a smile, 1Kosmos BlockID can indisputably verify an individual’s identity. The solution is 100% contact free which minimizes employee friction while bringing employees the highest levels of identity and authentication assurance per the NIST 800-63-3 guidelines, or IAL2 and AAL2. Lastly, with BlockID, you can leverage the BlockID Private Blockchain Ecosystem, our virtually uncompromisable system that initiates peer-to-peer transactions while ensuring the immutability of the data stored encrypted.

Overcoming Resistance to Change on the Journey to Passwordless MFA
Read More