During the enrollment process, BlockID creates a credential safe and the private key always stays with the user. The enrollment consists of triangulating a given claim with a multitude of company or government-issued documents as well as sources of truth, including biometrics like a liveness test or voice recording. Each enrolled document is validated in the background. For example, the enrollment of a driver's license is validated as soon as we've queried the database of the American Association of Motor Vehicle Administrators. For passports, we verify it against with the issuing country. Therefore, we’re able to verify that those documents are valid, and not stolen or lost.
By enrolling a driver’s license and a passport, for example, we are able to validate the user’s first and last name, address, date of birth, and ensure, to the extent possible, that the photos on both documents actually match. Of course, a perfect match is impossible, since the photo on a driver’s license is taken at the DMV whereas the photo on a passport requires that an ID photo be taken. But is that sufficient? We do not believe it is. This is why we add an extra source of truth to our ID proofing process: a liveness test.
A liveness test is performed to verify if the biometric traits of an individual are from a living person rather than an artificial or lifeless person. This biometric feature is essential because, ultimately, facial spoofing which is the task of creating false facial verification by using a photo, video, mask, or a different substitute for an authorized person's face is not too difficult if someone really wants to impersonate you. Each time a user needs to authenticate, a liveness test is required. If it doesn’t match the liveness test performed during the enrollment process, the authentication fails. The liveness is also used to verify compromised TouchID and FaceID forms of device biometrics.
And, in addition to enrolling those 3 attributes, 1Kosmos accesses even more sources of validation. For example, we use a passport’s chip to validate the fact that the passport scanned during the enrollment process matches digitally signed data. We can also use external sources of truth like a credit card, a bank account or a loyalty program to reach the highest level of identity assurance per the NIST 800-63-3 guidelines, or IAL3.
BlockID uses biometric authentication as a security process that relies solely on the unique biological characteristics of a user to verify that he is who he says he is. Our biometric authentication technology compares biometric data capture to stored, confirmed authentic data in the BlockID Blockchain Ecosystem.
The biometric identifier BlockID leverages for authentication is a liveness test to eliminate any risk of facial spoofing, which is the task of creating false facial verification by using a photo, video, mask or a different substitute for an authorized person's face.
Biometric authentication offers superior fraud detection because it relies on biometric data that is unique to an individual. A liveness test offers the added benefit of requiring users to capture a live video of themselves, which has a frightening effect on criminals who's rather not share their face with the company they are targeting.
BlockID's authentication process reaches the highest level of authentication assurance per the NIST 800-63-3 guidelines, or AAL3
The verification process leverages the attributes BlockID triangulates during the enrollment phase (government-issued ID's, user's biometrics, among others) as well as verifiable credentials (in their digital form) users can share with third-parties and with explicit consent.
What is a verifiable credential? It is a credential that was issued by a trusted authority for, and only for, the user. It is a tamper-evident credential that has authorship that can be cryptographically verified.
Schematically, issuers create verifiable credentials, users can store some of them, and verifiers ask for proof based upon them. When identity needs to be verified, the user chooses those credentials that must be verified. As previously mentioned, the verification process involves data the user initially enrolled in BlockID, verifiable credentials in their digital form through API calls, or a mix of both.
The BlockID verification process eliminates all tedious back-and-forth communication between verifiers and issuers, since the verifier no longer has to contact the issuer to confirm the credential, thus eliminating data verification costs in the process. This mechanism infers that the user remains in control and keeps ownership over his or her identity, by electing what they want to disclose, and to whom they want to disclose it.
Our verification process is fully W3C compliant. It means that the digital credentials we leverage respond to a specific standard and format and go through a secure and vetted verification process, so they can’t be shared or leveraged to commit fraud. Moreover, they respect a robust privacy strategy, so they can comply with regulatory requirements across legal jurisdictions. Finally, the attestations that verifiable credentials make are backed by the Decentralized Identifiers (DIDs), a technology that enables verifiable, decentralized digital identity.
1Kosmos BlockID brings advanced biometrics authentication and liveness detection to identify and authenticate users in a reliable, secure and fast way, and reach IAL3 and AAL3 levels per the NIST 800-63-3 guidelines.
Private Blockchain Ecosystem
Our Blockchain ecosystem creates a permanent, immutable record that is invulnerable to tampering. This is why we use this technology to store Biometrics data and make your BlockID-powered ecosystem unhackable.
1Kosmos leverages a Distributed Ledger to securely store users’ identity information, with access controlled by the user (GDPR compliant) as well as a layer of privacy built around Ethereum to execute smart contracts. This is the BlockID Private Blockchain ecosystem.
Each user’s information is encrypted using their own unique cryptographic key pairs, with their private key stored securely on their own mobile devices. That means there are literally thousands of separate and unique encryption keys and mobile devices protecting the identity data, which makes it impervious to hacking (W3C compliant).
BlockID solutions automatically and seamlessly handle all interactions with the Blockchain — no Blockchain knowledge or expertise is required by anyone on your team to enjoy all of its benefits. It couldn’t be any easier.
“Cybercrime is a daily threat to every organization and government across the globe...These Verizon solutions (powered by 1Kosmos BlockID) offer a significant step forward in cybersecurity protection.”
Alex Schlager, Executive Director and Chief Product Officer of security services at Verizon Business