The Business Challenge
Until recently, employee verification (e.g., I9 in the United States) and remote workers for the most part affected a minority of workers.
This all changed as the pandemic unfolded in 2020 when all employees and contractors required touchless, remote onboarding. Among the many security and technology issues that surfaced, two in particular focused on worker identity:
- Organizations are responsible for verifying worker eligibility, but simply producing a driver’s license and passport remotely, for example, hardly satisfies the legal requirement to verify the identity of the individual presenting them. With workers unable to present themselves in person, how can organizations verify their likeness to their credentials and consequently the worker’s identity?
- After hiring, how can a business be certain the employee or contractor they hired is actually the person onboarding and logging into their systems? In a physical office a “stand in” would be hard to pull off, but remotely, how could identity be verified during provisioning and authenticated during each login?
Now, in the post-pandemic world it’s clear to many that the manual and, in many cases, haphazard work processes used as the COVID-19 crisis unfolded are not sustainable. The trend to remote staffing that began long before the pandemic requires support from IT / Identity Access Management systems that improve both efficiency and security while preserving privacy.
The BlockID Advantage
Automated remote onboarding eliminates administrative workload and secures PII data
Our automated self-service user enrollment enables workers to scan their biometric, match it to government, telco, banking, and/or corporate credentials, and then verify the validity of those credentials. The result is a NIST 800-63-3 certified identity with flexible levels of identity assurance — up to certified identity assurance level 2 (IAL2) — and a FIDO2 certified biometric authentication credential. All of this only takes a few minutes, but the benefits are substantial.
Organizations automatically satisfy employee employment verification requirements without additional workload. Employees preserve the confidentiality of their documents and information as there are no extraneous copies left on email servers or faxed hard copies floating around the office. Their information is stored safely to W3C DID standards, accessible only by them, and sharable only with their permission.
LiveID biometric matching defies spoofing and ensures a real person is on the other side of the digital connection.
To overcome facial spoofing through the use of a photo, video, mask, or a different substitute for the actual face of a legitimate person, we’ve developed “LiveID”, which is essentially a short selfie video. This is matched to the image on a scanned credential, the photo on a driver’s license or a passport, for example, to verify a likeness.
LiveID is a real biometric, not just the phone’s interpretation of someone’s face or finger. This means that any time LiveID is used, it is compared to the biometric captured during the enrollment process.
After enrollment, a liveness test is performed each time a user needs access to online services. When the live test doesn’t match the test performed during the enrollment process, the authentication fails. The liveness is also used to verify compromised TouchID and FaceID forms of device biometrics.
The 1Kosmos BlockID platform offers several forms of built in identity based authentication to secure your remote workforce:
Users will utilize their trusted mobile device for daily authentication and step-up authentication for physical, logical, or even offline access. As a result, each access event is associated with a real, verified identity. (the bullets can be an image to the left)
- “LiveID” advanced biometric authentication
- Device biometrics such as TouchID and FaceID
- Time-based One-Time Password (TOTP)
- One-Time Password (OTP) and Offline Access OTP
- SMS and Email
- Push Notification
- FIDO2 Tokens
- Offline Access
- U2F – Universal Second Factors such as Universal Serial Bus (USB) and near-field communication (NFC)
The 1Kosmos BlockID platform is a flexible and customizable platform, so you’ll be able to find the best adaptive authentication method that meets the unique needs of your diverse application ecosystem.