The Business Challenge

Socially engineered ransomware attacks targeting weak identity verification processes at the IT service desk are causing major operational disruption and catastrophic losses across the globe. Manager approvals, antiquated two-factor authentication, and knowledge-based verification are failing. The growing use of deepfakes is amplifying the risk.

1Kosmos thwarts social engineering during account recovery and password reset using real biometrics with liveness detection that are certified to the ISO/IEC 30107-1 and ISO/IEC 30107-3 specifications for presentation attack detection (PAD) level 2. The self-service process takes under a minute using validated credentials and advanced facial matching, or any of a wide range of identity verification methods tuned to business risk.

The result is a convenient and fast identity verification process delivering high-assurance trust that the person requesting IT services is who they claim to be. With over 99.9% accuracy, this significantly outperforms antiquated two-factor authentication and manual reviews. It reduces the risk of account takeover and ransomware from agents inadvertently handing account credentials over to a hacker hiding behind a socially engineered identity.

The 1Kosmos Advantage

Identity Verification Live Biometrics Privacy by Design Integrations Deployment
Modernize Identity Verification With a Self Service Workflow

Modernizing identity proofing before account recovery is essential. Doing so in a convenient, efficient, and repeatable way that minimizes manual oversight is where 1Kosmos excels.

Our self-service workflow alleviates administrative overhead, validating identity with over 99.9% accuracy using government-issued credentials from over 150 countries. Users scan their credential (e.g., Driver’s License), which can then be validated against the issuing body. Using advanced biometrics, a facial match can be performed.

All information collected during this process is encrypted end-to-end and can be retained in a distributed ledger under sole control by the user. Alternatively, information can be deleted after validation is complete, without any personally identifiable information ever leaving the scanning device.

The 1Kosmos platform also supports agent-assisted verification up to certified NIST Identity Assurance Level 3 (IAL 3), if required.

Leverage Live Biometrics Certified to PAD 2

LiveID gives organizations the highest level of assurance for the identity to ensure that the user is real, human, and who they claim to be.

LiveID typically leverages the front-facing camera on a mobile device (selfie camera), or desktop camera. It records a short video of the user. When the selfie is captured, 1Kosmos performs a built-in (passive) liveness check. The selfie captured is compared to the image captured during the document verification step or to the image previously captured upon initial registration.

The 1Kosmos platform is certified to FIDO2, NIST 800-63-3 full service (ie, identity verification and authentication), and to ISO/IEC 30107-1 and ISO/IEC 30107-3 certifications for presentation attack detection level 2 (PAD 2).

This supports up to certified identity assurance level 2 (IAL2) and certified authentication assurance level 2 (AAL2) and offers a high degree of interoperability via a robust API and SDK.

Empower Users to Control Their Personal Information

With 1Kosmos, any data captured during identity verification is encrypted end-to-end, and, if retained is stored in the form of a digital identity wallet via a private, permissioned ledger accessible only via a FIDO2 certified private-public key pair.

This eliminates all administrative access to personal identifiable information (PII) and avoids centralized “honeypots” of user data that are often targeted by hackers.

It places users in sole control of their own information through cryptographically paired public-private key architecture and gives them a convenient way to authenticate into additional services and to present reusable verified credentials, such as qualifications, certifications, academic degrees, and authorities.

Readily Integrate Identity Verification Into Apps, Applications, and Environments

1Kosmos identity verification workflows can be triggered from various business applications either through direct pre-built connectors, API integrations, or workflow orchestration templates.

For example, with respect to virtual meetings, a workflow can be triggered before or during a meeting invite via a verification requirement. A user would click a link and then be directed to capture a selfie video and scan a driver’s license.

On successful completion, a verified credential token is created, and the user can join the meeting after the user directory (e.g., Entra ID) detects the verified credential token.

A few common live deployments include the following:

Human Resources/Human Capital Management: ADP Workforce Now, Oracle HCM Cloud, SAP SuccessFactors, Ultimate Kronos Group (UKG), and Workday.

Messaging Platforms: Discord, Google Chat, Mattermost, Microsoft Teams, RingCentral, and Slack.

Conferencing Systems: Google Meet, Microsoft Teams, RingCentral, and Webex.

Deploy Within Hours Stand Alone or Integrated with SSO

The 1Kosmos platform requires no custom coding, special firewall rules or complex security configurations. Identity verification is straightforward to deploy—either as a standalone solution or integrated with most common Single Sign On (SSO) such as Microsoft Entra ID, PingOkta, and more.

The administration portal provides easy access to the configuration and management of the platform, including 50 out-of-the-box application program interfaces (APIs) and a robust Sales Development Kit (SDK) that complies with GDPR, SOC2 and ISO 27001 certification standards for handling and retention of sensitive data.

Contact Us For More Information!

Insights
Learn how Indisputable Digital Identities are Created with Biometrics and a Blockchain