Vlog: Introducing the 1Kosmos 1Key Biometric Security Key

Michael Cichon

Join Michael Cichon, CMO, and Mike Engle, CSO of 1Kosmos, as they introduce 1Key, a groundbreaking biometric authentication solution. Learn how 1Key eliminates passwords and mobile devices, offering secure, seamless access for environments like call centers and factories. Discover its compatibility with various workstations and compliance with FIDO standards, revolutionizing user authentication and identity verification.

Well, hello everybody. This is Michael Cichon, Chief Marketing Officer here at 1Kosmos. I’m joined today by Mike Engle, our Chief Strategy Officer. Mike, welcome to the vlog. I know it’s been a while. There’s a lot been happening. This is a very fast moving space. We have a new new thing to talk about. It’s called 1Key. What is 1Key?

Well, this is 1Key. It is a way to authenticate your users that opens up a whole new world of possibilities and usability and flexibility so let’s dive in on this thing.

Okay, well, we’ve talked a lot about passwordless authentication and now we have this 1Key thing so what does 1Key have to do with passwordless authentication and what is it used for?

Yeah, really simply way to put it, it’s a biometric authentication that you can use anywhere in the organization, so onto any workstation. So Mac, Windows, et cetera. And the idea is we’ve been dabbling with biometrics in the world. We have your face and thumb on phones now, it’s registered to your device. We’ve had smart cards, we’ve had mobile authenticators. Those things work great for some environments, but there’s many environments where you can’t use a phone, where hardware devices cannot be given to the individuals, and we can talk about those use cases. And so instead, imagine being able to walk up to a machine and have a touch ID face ID experience that doesn’t come with all of the registration challenges.

This is interesting. Okay, so let me get my head around this. We started whatever, two, three years ago, talking about using an app to authenticate on your mobile device. Mobile device scans a code, looks at you, recognizes you, and lets you in. Then we went to Atlas, then we went to browser, and now you’re introducing these new whatever use cases. So what are some of these environments that you’re talking about where you can’t use a mobile device?

Mobile device is great. We all trust and love our mobile, but there’s many environments where a mobile device does not work. For example, call centers. Would you want your call center agent when you call the bank to be able to have a mobile device to be able to… Typically they’re device free for obvious security reasons. And then there’s other environments where a mobile doesn’t work such as factory. You may have constraints, you may have legal reasons why you can’t use a mobile. And so there’s this, I don’t know, call it 20, 30% of end users out there that can’t, won’t shouldn’t use a mobile device. So for them, we’re proposing the 1Key as a way for you to be able to walk up to a machine, tap it with a thumb or finger, and you’re logged in.

Traditionally this has been possible where you could have your thumb registered somewhere. Biometrics aren’t new, but the usability has been challenging. So for example, if you get a new iPhone today, can you just pop your face or phone onto it without it doing anything and having it log you in, right? No, of course not. Imagine if you could. Imagine if you got the new iPhone and you just linked it back to your biometrics and you were all set up or you log in. That’s the experience that we’re creating today for those types of other environments.

Okay. So just to net it out briefly here, we’ve got a physical key. It’s got a biometric fingerprint reader on it. And how does this work? There’s other keys in the market. How does this work?

For the last couple of years we’ve been using keys that are linked to a person. For example, if I have a legacy key here and I am given this key and now it’s linked to me. The challenge with that is you now have one key per person. If I have 100,000 employees, I’m deploying 100,000 keys. And many of these keys could be given to somebody else so it doesn’t link back to a biometric. Even if it did, the biometric is typically linked to that legacy key so it still is a one-to-one mapping. Now what happens when you lose that? What’s your fallback? Well, you go through a lengthy process of getting a new key assigned to you, having it shipped to you. And in those days or weeks you’re falling back to bad practices. So this is something you can enroll anywhere and then use anywhere. And instead of one key per user, it’s one key per protected desktop.

Okay. All right. And the biometric, how is that tied to an identity or how is it identity-backed?

Yeah, so obviously my fingerprints are unique to me. My face is unique to me, my eyes and iris so it leverages best in class biometric verification. So at the time of enrollment, I just need to verify my identity, that could be done in person remotely and then I register one, two, three fingerprints. And then those are kept inside my organization. And the fingerprints themselves don’t actually go anywhere. They’re templatized, basically turned into math and that is sent somewhere, kept in the company servers for authentication later. So walk up to a machine, verify who I am, enroll and I’m done. Now I go to any one of 20,000 workstations or kiosks or whatever it would be, do that same process, tap and I’m logged in.

Okay. So the registration process, you said you verify your identity, that can be any number of things, right? You can self-attest your identity. You can prove it with a driver’s license, passport. However much rigor you want behind that identity proofing, you can apply it and then you tie that to the fingerprint, the biometric?

That’s right. Yeah. So for your existing employees, we kind of trust our existing authentication today. Let’s say I have username/password, MFA, I have all this legacy stuff, it’s okay. We know the bad guys are working on hacking that, but companies trust that many times a day across their thousands of employees. So what we do is we’ll take that and convert them to this modern enroll once, use anywhere experience, and then you can throw away the password.

Got it.

So there’s a way to migrate existing users and when you need to, you could of course put them through an identity verification process. So that’s typically for new hires or just if you want to test the authenticity of a person for whatever the reason would be.

Got it. Got it, got it. So I understand this is a FIDO compliant key. Is that correct?

The authentication is FIDO. The big news in FIDO in the last year or two has been pass keys. They’ve rebranded the whole FIDO experience as pass keys and now there’s roaming pass keys versus device bound, right? And so think about this as a roaming pass key that works anywhere in the organization only. So one of the challenges with roaming pass keys out in the consumer world is my pass key can roam anywhere that my Apple ID is used or my one password account. Of course, we wouldn’t want that for the enterprise. You wouldn’t want to share your pass key with another employee or a family member so this is a controlled roaming FIDO authenticator that works anywhere inside the organization.

Okay. All right. And can you just run through again the differences? How is this different than the existing keys? We know it’s got a biometric reader on it, but aside from that.

Yeah, exactly. Again, let’s call out one very well known and reliable product like a YubiKey or FEITIAN. There’s a couple of them out on the internet. Again, those are given to you and they’re linked to you. So you can’t… If you lose it, you’re in trouble and there’s a lot more cost to that model. Imagine if you had a call center, their transient workers, if you had to give every one of them a hardware device that’s linked to them. First of all you have a management nightmare. So enroll once, use, then as long as they have that key, they can use it. But it’s also based on username/password and then those legacy devices would do their thing so they’re typically MFA only. Ours is a single touch experience bound to the user that they can just basically tap their thumb or finger on any device and they’re logged in. Highly trusted, highly secure. So there’s quite a number of benefits to this model.

Okay, and it’s up to 10 fingerprints per user?

Yeah, it’s really unlimited, but you’ll probably run out after 10.

If you cut your finger or you’ve got a band-aid on it, or maybe you broke your… I don’t know, then you can use your other digits. That’s the point.

Exactly.

And it’s interoperable. You take this from machine to machine?

You could, yeah. So these are almost, call them almost disposable. They are linked to the organization. So you couldn’t just go grab one off the internet, plug it into your company device and use it. It’s linked to the organization and this acts as an encryption, as a privacy device that can then work with the user’s biometrics in a safe way and allow login into Mac or Windows.

Okay, great. All right, so Passwordless biometric authentication. We no longer need a mobile device. Any restricted. So your manufacturing workers, your call center workers, anywhere where phones aren’t allowed. Maybe California, sometimes you can’t require people to use a mobile phone, right? I guess any of those environments, the 1Key is for them.

Exactly. You nailed it.

This is very cool. Appreciate your time, Mike. This is a very exciting… one of many very exciting developments that we have here at 1Kosmos so thanks for taking time today.

Thanks for having me. See you soon.

FIDO2 Authentication with 1Kosmos
Read More
Meet the Author

Michael Cichon

CMO of 1Kosmos

Michael is a Silicon Valley veteran with over two decades of experience marketing B2B SaaS solutions for startups and publicly traded companies. Prior to joining 1Kosmos, Michael held VP of Digital and Content Marketing roles at both Agari and ThreatMetrix.