Trust and Verify–Why Reusable Verified Credentials Are So Essential to Modern IAM

Michael Cichon

“Fast” and “frictionless” onboarding for customers, workers and citizens is an elusive goal. Sure, identity verification is crucial, but so is verifying claims such as educational qualifications, an industry certification, health data, citizen status, residency and more. Striking the right balance with defenses against another, less desirable “F” word—fraud—in a manner that protects privacy and reduces the chances of compromise, yet another challenge.

Whether it’s for onboarding, new customer account origination, or provisioning additional digital services to qualified requesters, organizations need to replace and digitally transform outdated and manual verification using AI, data triangulation and machine verification of identity and credentials. The new and better way to do this is to give users reusable, verified “smart credentials“neatly packaged in a digital identity wallet that users keep up-to-date, present on demand, and grant specific sharing permissions.

Verifiable credentials leverage data registries that include trusted databases, decentralized databases, government ID databases, and distributed ledgers. The credential holder mediates between the registry or trusted “issuer” and the verifier authenticating the holder—creating a triangle of trust. A holder’s credentials can be verified without any data being exchanged – a zero knowledge proof. In this way, verification is assured, privacy concerns are ameliorated, and the risk of identity theft or compromise is minimized or eliminated. Here again, the 1Kosmos architecture excels because this all needs to be done in an auditable, tamper-evident way to ensure high assurance and trust.

IAM Verified–Quickly, Easily, and Accurately

In Parts Two, Three, and Four in this series, we explained how the 1Kosmos architecture provides a secure and reliable way to verify user or applicant identity and biometrically authenticate them with 99.6% accuracy via decentralized digital identity (DID) mechanisms within our BlockID solution, including a reusable digital identity wallet while removing the centralized PII honeypot hackers target for exploitation.

The final pillar of the 1Kosmos architectural advantage is Digital Claims and Credentials Verification, which delivers automated, cryptographically secure verification of identity, qualifications, competencies, authority, and more while respecting an individual’s privacy.

Why did we feel this pillar was so important? Because it provides progressively higher levels of identity assurance for authentication and digitally transforms a broad range of business processes—from worker or contractor onboarding to new customer account origination to the provisioning of new digital product lines and beyond. Often, there is more than one type of verifiable data registry utilized, depending on use cases that span:

  • Education: Utilize a credential repository service to provide digital transcripts and digital credentials representing certificates or degrees verified to be earned by the individual
  • Finance: Perform Know-Your-Customer (KYC)- and Anti-Money Laundering (AML)-compliant identity verification using government-supplied verifiable credentials and issue a digitally-signed credential
  • Retail: Verify retail and payment account ownership, payment amount, and sufficient permission to approve payment
  • Healthcare: Facilitate patient-approved sharing of electronic healthcare records with a Qualified Health Information Network (AHIN)
  • Government: Enable government agencies to function as Credential Service Providers by performing Identity Assurance Level 2 (IAL2) and issuing a digitally-signed Authentication Assurance Level 2 (AAL2) credential certified to NiST 800-63-3 and UK DIATF standards
  • Enterprise: Share current and past employment to prospective employers and other entities that need to verify status

A Trustworthy Method for Verifying Claims and Credentials

1Kosmos BlockID automates manual identity and credential verification with a secure, rules-based workflow, reducing errors and improving accuracy. High assurance along with cryptographically secure storage and sharing establish repeatable, high-trust, and seamless re-verification by business partners or by additional lines of business. Key features of the 1Kosmos solution include the following.

Data Triangulation to Verify Claims Across Trusted Data Sources

To reach identity verification and authentication assurance to NIST 800-63-3 standards, BlockID triangulates claims across multiple verifiable sources. These include personal details such as the individual’s full name, date of birth, address, place of birth, photo ID, phone number, employer, etc. The triangulation is based upon government- or bank-issued documents such as a driver’s license, national ID card, passport, credit card, and Social Security Number.

Information can be matched across multiple sources to validate documents as current, or flagged as lost or stolen. Our verification accommodates government-issued credentials in 205 countries with +99% identity proofing accuracy and spoofing/counterfeit detection. Verification at lower levels of assurance is achieved through banking, telco (SIM binding), email, Social Security Number, phone number, and more.

This kind of digital verifiable credential can represent all of the same information that a physical credential represents while also including additional assurances against fraud, such as a digital signature.

Standards-based Design for Maximum Interoperability

With 1Kosmos, verifiable credentials allow for the digital proofing of an individual’s claims information through public-private cryptography. Our solutions follow the VC Data Model defined at the W3C, which provides a common mechanism for the interoperable implementation of digital credentials that are cryptographically secure, tamper-evident, privacy-respecting, and machine-verifiable.

A standardized data model enables credential packaging, cryptographic signing, and proof expression. This creates a verified credential (VC) ecosystem with interoperable credentials that can be processed and understood across and between disparate systems.

Powerful, Easy-to-Use Administration and DevOps Tools

We developed the 1Kosmos BlockID platform to require no custom coding, special firewall rules, or unique security configurations. Deployment is simple and fast, with over 50 out-of-the-box integrations and a robust SDK/API framework that complies with the strictest GDPR, SOC2, and ISO 27001 certification standards for handling and retaining sensitive data.

This enables ID proofing to be quickly integrated into native apps via an API, mobile, web, or desktop integration. This flexible, standards-based approach can meet the needs of virtually any workflow and enables BlockID to satisfy both workforce and customer identity verification.

Our cloud-based administration panel makes configuring and managing the BlockID platform easy. And our DevX portal provides a hosted sandbox for developers to test FIDO-based authentication and verification options integrated into your applications. The Developer Sandbox offers an easy, hands-on way for developers to test use cases using available APIs for FIDO-based authentication, WebAuthn, Magic Links, Driver’s License Verification, Verified Credentials, and more.

A Modern IAM Architecture That Means Business

According to a recent Ernst & Young survey, nearly 70% of organizations report having manual verification processes that are riddled with errors, highly time-consuming, or both. By automating manual identity and credential verification with a secure, rules-based workflow, BlockID eliminates errors, improves accuracy, and reduces administrative overhead. Its high assurance and cryptographically secure storage and sharing, help establish repeatable, high-trust re-verification by business partners or additional lines of business. And its automated machine verification, combined with the high level of trust from a tamper-proof design, reduces the need for manual reviews and enables digital processes to scale or evolve rapidly. All while providing a fast, frictionless user experience—while kicking that other “F” word to the curb.

Learn how 1Kosmos can help your organization modernize Identity and Access Management—visit our Architectural Advantage page and schedule a demo today.

Overcoming Resistance to Change on the Journey to Passwordless MFA
Read More

Expert Insights in Your Inbox

Subscribe to the blog
Meet the Author

Michael Cichon

CMO of 1Kosmos

Michael is a Silicon Valley veteran with over two decades of experience marketing B2B SaaS solutions for startups and publicly traded companies. Prior to joining 1Kosmos, Michael held VP of Digital and Content Marketing roles at both Agari and ThreatMetrix.