The Business Challenge
Multi-factor authentication has long been the approach to shore up the vulnerabilities in password-based authentication.
The obvious rationale being that if the shared secret known as the password gets compromised, asking the user to authenticate by providing two pieces of evidence in the form of what they know, what they have, or what they are will be sufficient proof of identity.
And so entered a long series of innovations such as one time codes sent via email or text, hardware and software tokens, and push messages.
The limitations of some of these such as sms and email is that they can be intercepted through well known security loopholes like SIM jacking and business email compromise. Users found one time codes, push notifications, and U2F keys a less than thrilling experience.
The sheer number and variability of authentication methods created complexity around Identity and Access Management, added management and overhead costs, and frustrated users. But still, password-based attacks continue to cost billions in losses from data breach, ransomware and fraud targeting both businesses and individuals.
The BlockID Advantage
FIDO2 and NIST 800-63-3 certifications provide the highest level of digital biometric identity and authentication assurance with superior interoperability
In an approach truly suited to the times, we use the Trusted Platform Module / Secure Enclave of a device (what you have) and a live biometric (what you are) to perform next generation multi-factor authentication. In terminology familiar for Strong Customer Authentication, the device becomes the “possession element” and the biometric the “inherence element”.
The off line equivalent would be presenting yourself and a credential such as a driver’s license for identification. For the online word, the device simply stands in as the license, and the biometric as you.
Because our platform is FIDO2 and NIST 800-63-3 certified, it provides certified identity assurance level 2 (IAL2) and certified authentication assurance level 2 (AAL2) and offers a high degree of interoperability via a robust API and SDK.
Our solutions integrate easily with just about any operating system, SSO gateway or web-enabled system, enabling organizations to go passwordless with flexible levels of identity assurance on any target system and eliminate the need for 3rd party 2FA, one-time codes, and other external authentication systems / devices.
LiveID defies spoofing and goes beyond device-level biometrics to verify individuals
To overcome facial spoofing through the use of a photo, video, mask, or a different substitute for the actual face of a legitimate person, we’ve developed “LiveID”, which is essentially a short selfie video. This is matched to the image on a scanned credential … the photo on a driver’s license or a passport, for example … to verify a likeness.
LiveID is a real biometric, not just the phone’s interpretation of someone’s face or finger. This means that any time LiveID is used, it is compared to the biometric captured during the enrollment process.
We call this a liveness test and it is performed to verify if the biometric traits of an individual are from a living person rather than an artificial or lifeless person.
After enrollment, a liveness test is performed each time a user needs access to online services. When the live test doesn’t match the test performed during the enrollment process, the authentication fails. The liveness is also used to verify compromised TouchID and FaceID forms of device biometrics.
BlockID augments any mobile or web application and can even work in an appless mode on the user handset
We provide multiple ways for users to authenticate:
- The 1Kosmos Mobile App: Our mobile app is available on Apple Store and Google Play and is typically downloaded when users scan a QR code sent to them via email or SMS message. Once installed, enrollment takes just a few minutes for the user to be ready for passwordless authentication.
- Whitelabel Mobile App: The 1Kosmos Mobile App is readily brandable! Organizations can display their logo and tailor the appearance to support their brand guidelines.
- Embedded via SDK into Existing App: We provide API / SDK integration to easily add our biometric authentication to existing mobile applications.
- App-less Authentication: Using only a FIDO2 enabled mobile device, our App-less Authentication requires no app download to perform biometric authentication. This is ideal for any organization that prefers a zero-code footprint on end-user devices.
- Lost / Stolen Device Recovery: We support the BIP39 standard for recovery in the event a device gets lost, stolen or damaged. This entails the use of a mnemonic phrase consisting of 12 recovery words that are used to regenerate the Private-Public key pair.