The Business Challenge
Until recently, employee verification (e.g., I9) and provisioning of online services for remote workers was for the most part an afterthought affecting a minority of workers.
This all changed as the pandemic unfolded in 2020 when all employees and contractors required touchless, remote onboarding. Among the many security and technology issues that surfaced, two in particular focused on worker identity:
- Organizations are responsible for verifying worker eligibility, but simply producing a driver’s license and passport remotely, for example, hardly satisfies the legal requirement to verify the identity of the individual presenting them. With workers unable to present themselves in person, how can organizations verify their likeness to their credentials and consequently the worker’s identity?
- After hiring, how can a business be certain the employee or contractor they hired is actually the person onboarding and logging into their systems? In a physical office a “stand in” would be hard to pull off, but remotely, how could identity be verified during provisioning and authenticated during each login?
Now, in the post-pandemic world it’s clear to many that the manual and, in many cases, haphazard work processes used as the COVID-19 crisis unfolded are not sustainable. The trend to remote staffing that began long before the pandemic requires support from IT / Identity Access Management systems that improve both efficiency and security while preserving privacy.
The BlockID Advantage
Automated remote onboarding eliminates administrative workload and manual errors
Our self service user enrollment enables workers to scan their biometric, match it to government, teleco, banking, and / or corporate credentials, and then verify the validity of those credentials. The result is a NIST 800-63-3 certified identity with flexible levels of identity assurance — up to certified Identity assurance level 2 (IAL2) — and a FIDO2 certified biometric authentication credential. All of this takes a few minutes, but the benefits are substantial.
Organizations automatically satisfy employee employment verification requirements without additional workload. Employees preserve the confidentiality of their documents and information. There are no extraneous copies left on email servers or faxed hard copies floating around the office. Their information is stored safely to W3C DID standards, accessible only by them, sharable only with their permission.
Information scanned from their documents is safely and securely transferred to the HR information system, on user approval.
LiveID defies spoofing and goes beyond device-level biometrics to verify individuals
Enrollment for existing employees is usually easier than for new employees because they’ve already gone through some form of legacy identity proofing. For them, a biometric scan or “LiveID”, which is essentially a short selfie video, gets binded to a corporate credential (e.g., Microsoft Active Directory). The end result is similar — a FIDO2 biometric credential.
To authenticate a user a liveness test is performed each time a user needs access to online services. We call this a liveness test because it verifies that the biometric traits of an individual are from a living person rather than an artificial or lifeless person.
The liveness test is also used to overcome any attempt at facial spoofing through the use of a photo, video, mask, or a different substitute for the actual face of a legitimate person.
LiveID is a real biometric, not just the phone’s interpretation of someone’s face or finger. This means that any time LiveID is used, it is compared to the biometric captured during the enrollment process.
LiveID binds the live selfie with a FIDO2 certified encrypted private-public key pair to form a next generation multi-factor authentication solution
Our approach to privacy and security helps ensure anyone accessing systems or data is validated with strong FIDO2 authentication. Because biometric authentication is easy to use, every user and every access attempt can be verified with minimal friction.
We use the Trusted Platform Module / Secure Enclave of a device (what you have) and a live biometric (what you are) to perform next generation multi-factor authentication. In terminology familiar for Strong Customer Authentication, the device becomes the “possession element” and the biometric the “inherence element”. We provide certified authentication assurance level 2 (AAL2).
Our solutions offer a high degree of interoperability via API / SDK and are easily integrated with just about any operating system, SSO gateway or web-enabled system, enabling organizations to go passwordless with flexible levels of identity assurance on any target system and eliminate the need for 3rd party 2FA, one-time codes and other external authentication devices.