The Business Challenge

Demands by residents for digital government services have resulted in rampant identity fraud impeding digital transformation and costing taxpayers millions. Stopping fraud means blocking synthetic and stolen identities during the application process and securing resident accounts from phishing and social engineering attacks aimed at account takeover.

1Kosmos’ Credential Service Provider (CSP) is a user-centric, modern, and privacy-led, managed service that performs identity verification at the time of enrollment and then authenticates identity at first and every access to enable agencies to focus scarce resources on the efficient delivery of services to the people who are entitled to receive them.

The 1Kosmos CSP managed service replaces slow, error prone manual processes and significantly reduces IT management and overhead costs.

The 1Kosmos Advantage

Automatically Verify Identity for New Citizen and Resident Accounts

1Kosmos CSP identity proofing utilizes many factors of identity, including government issued ID like a driver’s license or passport, and lower levels of identity assurance, such as a bank account, telco account, email, social security number, or phone number, ensuring access for more citizens and residents. Our CSP ensures legitimate new accounts by automating ID verification with our platform which is certified to NIST and UKDIATF guidelines.

Through an app or appless experience, citizens and residents will utilizes a driver’s license, passport, or National ID to verify their identity and is completed within a few minutes. Our privacy-by-design framework ensures the security of users biometrics and other personal identifiable Information (PII) which is critical to comply with 230+ similar privacy regulations around the world, including California Consumer Privacy Act (CCPA), giving citizens and residents the assurance they need that their information is not accessible without their explicit consent.

Build Citizen Trust with Enterprise Grade Security

After identity verification and customer enrollment, typically citizens and residents are issued weak credentials such as usernames and passwords. The 1Kosmos CSP provides an authentication platform to support phishing resistant passwordless multi-factor authentication.

1Kosmos’ authentication methods are available as an appless experience or through our SDK, and can be easily integrated into any mobile app, delivered through our 1Kosmos app. Citizens and residents can authenticate via any deployed authentication method depending on the business need, the risk profile of the activity, and the security requirement for each access request.

Agencies can implement any authentication method, including device biometrics, 1Kosmos LiveID, FIDO passkeys, push messages, email/SMS/Tokens, 3rd party hardware tokens, and even Windows Hello or Mac TouchID.

Utilize a Credential Service Provider (CSP) with Ease

The entire user journey is managed by the 1Kosmos CSP managed service, streamlining the management of resident data and requiring no investment or deployment of hardware or software. As a cloud-based identity provider, the 1Kosmos CSP comes with several administration features, including over 50 out-of-the-box integrations and a robust SDK and API framework enabling quick and easy integrations into common identity technologies, such as Entra, Ping, Okta, and more.

The 1Kosmos CSP is certified to NIST 800-63-3, UK DIATF, FIDO2, ISO27001, SOC II Type 2 and iBeta DEA EPCS, ISO/IEC 30107-3 standards which are contemporary technical standards designed to ensure security and interoperability for biometric authentication and passwordless access. 1Kosmos’ platform has passed rigorous testing to validate our development is to the highest quality standards.

Additionally, the 1Kosmos platform and the CSP are aligned to US Federal requirements, including Privacy Act, Section 508, EO13985 (multi-language), EO14028, OMB M19-17, OMB M22-09, as well as FedRAMP and FIPS.

Customer Managed Data

During enrollment, information collected from scanned citizen and resident credentials are encrypted and, for the highest level of security, stored in a distributed ledger compliant to the W3C DID standard. As such, user information is accessible only via a FIDO2 certified public/private key pair secured in the TPM/Secure Enclave of a device and under sole control of the user.

Without a centralized administration authority, The CSPs private blockchain technology enables individuals’ sole access and control of all personally identifiable information. This approach enables end users to view and approve or reject sharing of all information requested by online services they wish to access.

All personal identifiable information (PII) is encrypted end-to-end so it’s never exposed. Citizens and residents approve or reject sharing requests directly with the applications to which they connect without. Since there is no user store and no centralized storage of user information, there is no honeypot of personally identifiable information to secure against the threat of data breach, which is an architectural advantage.

Contact us for a demo!