The 1Kosmos BlockID Customer Advantage
1Kosmos BlockID Customer is built with specific capabilities for the onboarding, verification and authentication of customers and citizens. The CIAM approach was intended to eliminate barriers to user engagement and improve the user experience. Unfortunately, this opened the door to fraudulent activities as identities are not fully verified. 1Kosmos BlockID Customer eliminates this gap. We deliver a quick and convenient way for customers and citizens to self-verify their identity using physical documents such as a driver’s license and passport. We can also leverage the non-physical, such as a telco ID account and banking credentials to further improve identity assurance.
Combined with 1Kosmos BlockID Verify, 1Kosmos BlockID Customer digitally transforms the standard onboarding process for customers or citizens, delivering the highest degree of end-user assurance. This transformation securely automates the entire onboarding process for new and existing customers or citizens.
Our approach binds the device not only to an identity but to a verified and validated identity. This creates identity-based biometric authentication and a strong passwordless experience. Customers and citizens will utilize their trusted device for daily authentication and step-up authentication for account access and high-risk transactions. As a result, each access event is validated against a real, verified identity that meets the KYC (Know Your Customer) guidelines. This provides users with a frictionless experience and organizations with a flexible level of assurance for the identity on the other side of the digital engagement.
New Customer or Citizen Onboarding
1Kosmos BlockID Customer and BlockID Verify bind the user’s mobile device to a verified and validated identity.
- Our solution provides organizations with the ability to complete a mobile-first onboarding journey for customers or citizens. Once a customer or citizen begins their account setup, a process starts to verify the new identity remotely.
- First, the new user will download your custom app integrated with the 1Kosmos BlockID mobile SDK or the 1Kosmos BlockID app.
- Then, depending on the level of assurance required, the user will be guided to enroll their identity. For those instances where high identity proofing assurance is required, the user must enroll one or more forms of government-issued ID.
- The captured data is encrypted with the user’s private key and goes through another level of encryption before being stored in the 1Kosmos private and permissioned blockchain.
- Once the identity is validated and verified, the customer or citizen account is generated and enrolled in a passwordless experience. 1Kosmos BlockID Customer provides the option of using a much stronger identity-based MFA during this flow. The user will never need (or know) their credentials (username and password) and can now access their account or service through an identity-based biometric and a strong passwordless experience.
Existing Customer and Citizen Onboarding
Onboarding existing customers or citizens into the 1Kosmos BlockID Customer identity-based biometric passwordless experience is simple and takes less than a minute to complete.
- Moving customers or citizens to a passwordless experience can be achieved in one of three ways:
- An invitation sent to the user through the 1Kosmos administration portal
- An invite to join is added to the standard login page
- Or within your organization’s custom app (our mobile app can be white labelled or embedded into your own via our API/SDK)
Users choose to accept the invitation and onboard themselves to start their passwordless journey.
- First, the enrollment begins by prompting the user to enroll their identity, either in an existing custom app, the 1Kosmos BlockID app or via an existing web page.
- The user is then guided to use their mobile phone to complete the onboarding process. Depending on the business need, the customer or citizen may enroll in an optional biometric to increase their access assurance level. If the organization requires a higher identity assurance level, the customer or citizen may enroll up to two forms of government-issued ID.
- The user’s LiveID is validated against the picture extracted from the provided documents. The captured data is encrypted with the user’s private key and stored in the 1Kosmos private and permissioned blockchain. The customer or citizen will now use their enrolled identity or identity-based biometric to complete a transaction or to authenticate into their account without a username and password.
To manage identity attributes and user privacy, 1Kosmos BlockID Customer utilizes a W3C Decentralized Identifier standard – a private and permissioned Blockchain distributed ledger.
The 1Kosmos BlockID backend eliminates the central storage database of usernames and passwords and removes any risk of lost, borrowed, or stolen credentials. This backend is immutable, highly secure and designed to support rapid transaction execution that often cannot be achieved when using a public blockchain. Each user’s information is encrypted using their own unique cryptographic key pairs, with their private key stored securely on their mobile device.
Once users enroll their attributes and biometrics with 1Kosmos BlockID Customer, the data is pushed to the 1Kosmos BlockID private and permissioned Blockchain network. A smart contract inside the Blockchain is triggered and executed, and once validated, the user’s data is stored inside the blockchain.
The clear benefit of the blockchain approach is eliminating a single identity repository, so hackers will not be able to access a “honey pot” of identity data that traditional IAM vendors support.
For administrators, the portal is a centralized hub that allows for easy management of users and applications and is the starting point to enroll customers or citizens into passwordless access.
Our administration portal delivers:
- Visibility – review a user’s identity profile, their access and usage (but not their private identity information)
- Policy-based authentication – define authentication policies based on rules
- Policy enforcement – challenge users, based on defined rules and “strength of identity”
- Strong identity – begin the user’s identity lifecycle based on strong identity proofing
- Dashboard to monitor threats – receive alerts on unauthorized access and unusual behavior patterns
For customers and citizens, the portal is a centralized hub that allows for easy control of their identity data and how it is shared
- Visibility – customer and citizens will have visibility into their identity profile, applications and devices
- Portfolio of devices – enroll a portfolio of devices allowing seamless access to applications
- Avoid helpdesk – self manage and recover account(s), sign-up for passwordless access, link & unlink devices
- Protect against fraud and identity theft – customer and citizens will be alerted when unusual behavior is detected, on their device
SDK, API and Integrations
1Kosmos BlockID Customer provides out-of-the-box integration into 50 target systems, including desktops (Windows and macOS) and mobile devices (iOS and Android), to help ensure a consistent customer or citizen login experience.
1Kosmos BlockID Customer also comes with a developer-friendly SDK and APIs that comply with the strictest GDPR, SOC2, and ISO 27001 certification standards for handling and retention of sensitive data, so you can connect to almost anything you need for customer or citizen engagement. 1Kosmos can also integrate into commercial or government systems via industry authentication standards such as OAuth, OIDC, SAML and FIDO and also offers legacy support via RADIUS.
It’s not enough to just authenticate and let users do what they please once access is granted. The 1Kosmos BlockID Customer approach continuously validates identity assurance and offers a configurable journey to map user authentication requirements. Traditional “allow or deny” responses are replaced by more fine-grained options such as “allow, but step up the authentication level with biometrics.”
1Kosmos can ingest behavioral and peripheral risk signals. For example, we have partnered with organizations like Behaviosec and RSA to track user behavior (desktop, mobile and environmental factors). This capability will detect attacks including session hijacking or credential loss on an access attempt. This combination of technologies improves your overall security posture as you can detect potentially fraudulent activities in real-time and step-up authentication if something out of band is noted with the least impact to the user.
Based on your domain and risk level, 1Kosmos provides schematics to increase every session’s assurance level. As customers or citizens transition to higher-risk activities, they can be asked to re-authenticate to ensure identity. To ensure the highest level of compliance, 1Kosmos supports the NIST AAL3 and eIDAS “high” level of authentication.