The Business Challenge
The Zero Trust security model views trust as a vulnerability and strives to re-establish trust in users and devices through authentication and continuous monitoring of each access attempt, with custom security policies that protect every application.
Among the many elements of zero trust, verifying identity arguably lies at the core because while understanding what access is being requested, where the system is located, when the user needs access, and perhaps most fundamentally why, the access request starts with the login. When the login is secured to prevent unauthorized access, all that follows becomes more manageable.
1Kosmos BlockID Workforce takes a holistic approach to securing logins. At enrollment and depending on the needs of the business / roles, users can quickly and easily be identity-proofed at various levels of identity assertion. Their live biometric is scanned and matched to government, telecom, banking, and / or corporate credentials.
From that point forward, authentication via their biometric matches a live biometric to the one captured at enrollment. This includes a liveness test to eliminate any attempt at facial spoofing. Ultimately, only the user via their biometric match has access and control of their access credentials, eliminating passwords and user stores to minimize threats from email phishing, insider account takeover, and password-based brute force attacks.
The BlockID Advantage
User biometrics are verified and matched to the identity proofed at enrollment each time, every time
Our solutions support a TouchID, FaceID, or Live ID, which is essentially a short selfie video. This is matched to the image on a credential scanned at enrollment, for example, the photo on a driver’s license or a passport, used to initially verify a likeness. Because our platform is FIDO2 and NIST 800-63-3 certified, it provides certified identity assurance level 2 (IAL2).
We use real biometrics, not just the phone’s interpretation. This means that any time LiveID is used, it is compared to the biometric captured during the enrollment process. We do this to verify that the biometric traits of an individual each time they request access matches the test performed during the enrollment process.
This does not require any new hardware at the edge.
LiveID binds the live selfie with a FIDO2 certified encrypted private-public key pair to form a next generation multi-factor authentication solution
Our approach to privacy and security helps ensure anyone accessing systems or data is validated with strong FIDO2 authentication. Because biometric authentication is easy to use, every user and every access attempt can be verified with minimal friction.
We use the Trusted Platform Module / Secure Enclave of a device (what you have) and a live biometric (what you are) to perform next generation multi-factor authentication. In terminology familiar for Strong Customer Authentication, the device becomes the “possession element” and the biometric the “inherence element”. We provide certified authentication assurance level 2 (AAL2).
Our solutions offer a high degree of interoperability via API / SDK and are easily integrated with just about any operating system, SSO gateway or web-enabled system, enabling organizations to go passwordless with flexible levels of identity assurance on any target system and eliminate the need for 3rd party 2FA, one-time codes, and other external authentication devices.
Easy to use QR codes and support across mobile and desktop simplify passwordless access across systems
Organizations pursuing a zero trust strategy need to eliminate passwords, and they need to achieve user adoption. The larger and more distributed the workforce, the harder the challenge.
Users generally like biometric authentication because it’s quick and easy. But, for many it’s also new so we allow it to be phased in through the use of a QR code placed alongside the traditional user id and password on their login page. This provides a convenient option to log in using the QR and biometrics or the traditional way using their credentials.
We support biometric authentication via our mobile app, without the app using our “app-less authentication” capability, and via the built-in FIDO-compliant capabilities of existing smartphones, laptops, and desktops.