The Business Challenge
Multi-factor authentication has long been the approach to shore up the vulnerabilities in password-based authentication.
The obvious rationale being that if the shared secret known as the password gets compromised, asking the user to authenticate by providing two pieces of evidence in the form of what they know, what they have, or what they are will be sufficient proof of identity.
And so entered a long series of innovations such as one time codes sent via email or text, hardware and software tokens, and push messages.
The limitations of some of these such as SMS and email is that they can be intercepted through well known security loopholes like SIM jacking and business email compromise. Users found one time codes, push notifications, and U2F keys a less than thrilling experience. But still, password-based attacks continue to cost billions in losses from data breaches, ransomware and fraud targeting both businesses and individuals.
The BlockID Advantage
FIDO2 and NIST 800-63-3 certifications provide the highest level of digital biometric identity and authentication assurance with superior interoperability
We use the Trusted Platform Module / Secure Enclave of a device (what you have) and a live biometric (what you are) to perform multi-factor authentication. In terminology familiar for Strong Customer Authentication, the device becomes the “possession element” and the biometric the “inherence element”.
The offline equivalent would be presenting yourself and a credential such as a driver’s license for identification. For the online word, the device simply stands in as the license, and the biometric as you.
Because our platform is FIDO2 and NIST 800-63-3 certified, it provides certified identity assurance level 2 (IAL2) and certified authentication assurance level 2 (AAL2) and offers a high degree of interoperability via a robust API and SDK.
The 1Kosmos BlockID platform offers several forms of built-in identity based authentication:
Users will utilize their trusted mobile device for daily authentication and step-up authentication for physical, logical, or even offline access. As a result, each access event is associated with a real, verified identity. (the bullets can be an image to the left)
- “LiveID” advanced biometric authentication
- Device biometrics such as TouchID and FaceID
- Time-based One-Time Password (TOTP)
- One-Time Password (OTP) and Offline Access OTP
- SMS and Email
- Push Notification
- FIDO2 Tokens
- Offline Access
- U2F – Universal Second Factors such as Universal Serial Bus (USB) and near-field communication (NFC)
The 1Kosmos BlockID platform is a flexible and customizable platform, so you’ll be able to find the best adaptive authentication method that meets the unique needs of your diverse application ecosystem.
LiveID biometric matching defies spoofing and ensures a real person is on the other side of the digital connection.
To overcome facial spoofing through the use of a photo, video, mask, or a different substitute for the actual face of a legitimate person, we’ve developed “LiveID”, which is essentially a short selfie video. This is matched to the image on a scanned credential, the photo on a driver’s license or a passport, for example, to verify a likeness.
LiveID is a real biometric, not just the phone’s interpretation of someone’s face or finger. This means that any time LiveID is used, it is compared to the biometric captured during the enrollment process.
After enrollment, a liveness test is performed each time a user needs access to online services. When the live test doesn’t match the test performed during the enrollment process, the authentication fails. The liveness is also used to verify compromised TouchID and FaceID forms of device biometrics.
BlockID augments any mobile or web application and can even be implemented in an appless workflow
We provide multiple ways for organizations to deploy our solution:
- The 1Kosmos Mobile App: Our mobile app is available on Apple Store and Google Play and is the interface for users when authenticating with our authentication methods and enrolling their identity.
- White label Mobile App: The 1Kosmos Mobile App is readily brandable. Organizations can display their logo and tailor the appearance to support their brand guidelines.
- Embedded via SDK into Existing App: We provide SDK integration to easily add our solution into existing mobile applications.
- Appless Authentication: Support for FIDO2 enabled devices means no app download to perform biometric authentication.