The Business Challenge
Demands by residents for digital government services has resulted in rampant identity fraud impeding digital transformation and costing taxpayers millions. Stopping fraud means blocking synthetic and stolen identities during the application process and securing resident accounts from phishing and social engineering attacks aimed at account takeover.
1Kosmos identity verification supports remote worker and resident onboarding, detecting and blocking stolen or synthetic identities during a customizable self-service registration workflow. Legitimate individuals receive a strong, identity-backed identity wallet that replaces passwords with modern biometric MFA that exceeds industry specifications.
During all steps in these processes, personally identifiable information (PII) in the reusable wallet is secured through a decentralized identity architecture using a private, permissioned blockchain that delivers the very highest level of security while giving users complete control over what information they share when accessing digital services.
The 1Kosmos Advantage
Detect Stolen and Synthetic Identities
1Kosmos digitally transforms identity enrollment for citizens and residents, so government agencies gain the security advantage they need to defend against fraudulent synthetic activities targeting services.During customer onboarding, 1Kosmos detects stolen and synthetic identity fraud through a user friendly self-service enrollment process utilizing many factors to prove identity. These include government issued IDs like a driver’s license, passport, or National ID card (for over 205 countries). Additionally, an API can be activated to verify the document's validity against issuing authorities.
The 1Kosmos CSP service can meet up to a NIST IAL2 and AAL2 anywhere, anytime and on any device with absolute zero human bias for both gender and race. Other lower levels of identity assurance, such as a banking account, telco account, email, social security number, and phone number can also be validated to build a verified identity.
A selfie, with a built-in liveness check, is captured and compared to the image captured during the document verification step. The selfie must match the captured image, increasing the level of assurance of the user's identity and can be used for biometric authentication.
Address All of Your Authentication Needs
The 1Kosmos BlockID platform offers several forms of built-in identity based authentication:
- Phishing-resistant identity based facial biometric, LiveID
- Device biometrics such as TouchID and FaceID, and Windows Hello
- Passkeys
- Time-based One-Time Password (TOTP)
- One-Time Password (OTP) and Offline Access OTP
- SMS and Email
- Push Notification
- FIDO2 Tokens
- Offline Access
- U2F – Universal Second Factors such as Universal Serial Bus (USB) and near-field communication (NFC)
The 1Kosmos platform is flexible and customizable, so agencies will be able to find the best authentication method that meets the unique needs of their diverse application ecosystem.
A User-Centric, Modern, and Privacy-Led, Managed Service
Demands by residents for digital government services has resulted in rampant identity fraud impeding digital transformation and costing taxpayers millions. Stopping fraud means blocking synthetic and stolen identities during the application process and securing resident accounts from phishing and social engineering attacks aimed at account takeover.1Kosmos’ Credential Service Provider (CSP) is a user-centric, modern, and privacy-led, managed service that performs identity verification at the time of enrollment and then authenticates identity at first and every access to enable agencies to focus scarce resources on the efficient delivery of services to the people who are entitled to receive them.
The 1Kosmos CSP managed service replaces slow, error prone manual processes and significantly reduces IT management and overhead costs. The result enables organizations to eliminate honeypots of data and to focus scarce resources on the efficient delivery of services to the people who are entitled to receive them.
Empower Citizens to Control Their Personal Information
1Kosmos places users in sole control of their own information by securing information via cryptographically paired public-private key architecture. For added security, 1Kosmos’ CSP utilizes a private and permissioned distributed ledger to decentralize data, eliminating administrative access to a centralized “honeypot” of information that hackers often target in data breach or ransomware attacks.The data captured during the document verification process is managed through the citizen’s digital identity wallet. The data is encrypted and stored in a distributed ledger, accessible only via a FIDO2 certified private-public key pair secured in the TPM / Secure Enclave of a device and under the sole control of the user via their biometric. User identity can be secured across multiple devices, and because there is no centralized user store, a decentralized approach ensures there is no honey pot of personally identifiable information (PII Data) to secure against the threat of data breach.
Detect Stolen and Synthetic Identities
1Kosmos digitally transforms identity enrollment for citizens and residents, so government agencies gain the security advantage they need to defend against fraudulent synthetic activities targeting services.During customer onboarding, 1Kosmos detects stolen and synthetic identity fraud through a user friendly self-service enrollment process utilizing many factors to prove identity. These include government issued IDs like a driver’s license, passport, or National ID card (for over 205 countries). Additionally, an API can be activated to verify the document's validity against issuing authorities.
The 1Kosmos CSP service can meet up to a NIST IAL2 and AAL2 anywhere, anytime and on any device with absolute zero human bias for both gender and race. Other lower levels of identity assurance, such as a banking account, telco account, email, social security number, and phone number can also be validated to build a verified identity.
A selfie, with a built-in liveness check, is captured and compared to the image captured during the document verification step. The selfie must match the captured image, increasing the level of assurance of the user's identity and can be used for biometric authentication.
Address All of Your Authentication Needs
The 1Kosmos BlockID platform offers several forms of built-in identity based authentication:
- Phishing-resistant identity based facial biometric, LiveID
- Device biometrics such as TouchID and FaceID, and Windows Hello
- Passkeys
- Time-based One-Time Password (TOTP)
- One-Time Password (OTP) and Offline Access OTP
- SMS and Email
- Push Notification
- FIDO2 Tokens
- Offline Access
- U2F – Universal Second Factors such as Universal Serial Bus (USB) and near-field communication (NFC)
The 1Kosmos platform is flexible and customizable, so agencies will be able to find the best authentication method that meets the unique needs of their diverse application ecosystem.
A User-Centric, Modern, and Privacy-Led, Managed Service
Demands by residents for digital government services has resulted in rampant identity fraud impeding digital transformation and costing taxpayers millions. Stopping fraud means blocking synthetic and stolen identities during the application process and securing resident accounts from phishing and social engineering attacks aimed at account takeover.1Kosmos’ Credential Service Provider (CSP) is a user-centric, modern, and privacy-led, managed service that performs identity verification at the time of enrollment and then authenticates identity at first and every access to enable agencies to focus scarce resources on the efficient delivery of services to the people who are entitled to receive them.
The 1Kosmos CSP managed service replaces slow, error prone manual processes and significantly reduces IT management and overhead costs. The result enables organizations to eliminate honeypots of data and to focus scarce resources on the efficient delivery of services to the people who are entitled to receive them.
Empower Citizens to Control Their Personal Information
1Kosmos places users in sole control of their own information by securing information via cryptographically paired public-private key architecture. For added security, 1Kosmos’ CSP utilizes a private and permissioned distributed ledger to decentralize data, eliminating administrative access to a centralized “honeypot” of information that hackers often target in data breach or ransomware attacks.The data captured during the document verification process is managed through the citizen’s digital identity wallet. The data is encrypted and stored in a distributed ledger, accessible only via a FIDO2 certified private-public key pair secured in the TPM / Secure Enclave of a device and under the sole control of the user via their biometric. User identity can be secured across multiple devices, and because there is no centralized user store, a decentralized approach ensures there is no honey pot of personally identifiable information (PII Data) to secure against the threat of data breach.
Strengthen Security with Verified Identity
Most logins assume identity, leaving IT and security teams hoping they’ve granted access to the legitimate user. 1Kosmos proves identity and provides flexibility to tailor the levels of identity assurance for different workers or groups of users.For example, executives and workers with privileged access might require the highest assurance with liveness detection (ie, IAL2), whereas workers in routine office functions might only need to match their biometric to an employment photo on file or use a device-level biometric.
We support both drivers license and passport verification via app-based or appless enrollment and can verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.
The 1Kosmos BlockID platform is not only complaint-to NIST 800-63-3, but fully certified to that standard by Kantara.
Build Secure Authentication Through Verified Identity
After employment verification, organizations typically issue weak credentials such as user ID and password or some type of biometric that assumes identity on each use. The 1Kosmos approach to identity verification generates a verified credential and utilizes it as an artifact for passwordless MFA. The credential is used by the healthcare employee to access their endpoints any required applications.Verified identity is matched to the user’s biometric captured at enrollment, and since the BlockID platform is certified to FIDO2 standards and bound to a public / private key pair, the biometric can’t be spoofed and their session can’t be compromised. Every access attempt physically verifies the healthcare provider's identity leaving no chance for impostors to login.
The flexibility built into the 1Kosmos platform enables security teams to deploy authentication methods that match the associated risk, meaning, practitioners can authenticate via device biometrics, push message, email/SMS/Token, 3rd party hardware token, Microsoft Entra ID, or user biometric.
Give Admins and DevOps the Tools They Need
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.NIST 800-63-3, UK DIATF, FIDO2, ISO27001, and iBeta ISO/IEC 30107-3 are contemporary technical standards designed to ensure security and interoperability for biometric authentication and passwordless access. 1Kosmos is certified to these standards and our solution has passed rigorous testing to validate our development is to the highest quality standards.
As a cloud-based identity provider, BlockID comes with several exciting administration features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Microsoft Entra ID, Ping, Okta, and more.
Address All of Your Authentication Needs
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.The BlockID platform comes with several convenient features, such as password reset for legacy or incompatible business applications. The password reset feature utilizes user biometrics to ensure the validity of the request.
For mobile, Windows and Mac workers can authenticate via any of seven authentication methods including device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, and Microsoft Entra ID.
BlockID also integrates via industry authentication standards such as OAuth, OIDC, SAML, and FIDO. It also offers legacy support via RADIUS and supports interoperability across Windows, Microsoft Entra ID, iOS, Android, Linux, and Unix operating systems.
Strengthen Security with Verified Identity
Most logins assume identity, leaving IT and security teams hoping they’ve granted access to the legitimate user. 1Kosmos proves identity and provides flexibility to tailor the levels of identity assurance for different workers or groups of users.For example, executives and workers with privileged access might require the highest assurance with liveness detection (ie, IAL2), whereas workers in routine office functions might only need to match their biometric to an employment photo on file or use a device-level biometric.
We support both drivers license and passport verification via app-based or appless enrollment and can verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.
The 1Kosmos BlockID platform is not only complaint-to NIST 800-63-3, but fully certified to that standard by Kantara.
Build Secure Authentication Through Verified Identity
After employment verification, organizations typically issue weak credentials such as user ID and password or some type of biometric that assumes identity on each use. The 1Kosmos approach to identity verification generates a verified credential and utilizes it as an artifact for passwordless MFA. The credential is used by the healthcare employee to access their endpoints any required applications.Verified identity is matched to the user’s biometric captured at enrollment, and since the BlockID platform is certified to FIDO2 standards and bound to a public / private key pair, the biometric can’t be spoofed and their session can’t be compromised. Every access attempt physically verifies the healthcare provider's identity leaving no chance for impostors to login.
The flexibility built into the 1Kosmos platform enables security teams to deploy authentication methods that match the associated risk, meaning, practitioners can authenticate via device biometrics, push message, email/SMS/Token, 3rd party hardware token, Microsoft Entra ID, or user biometric.
Give Admins and DevOps the Tools They Need
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.NIST 800-63-3, UK DIATF, FIDO2, ISO27001, and iBeta ISO/IEC 30107-3 are contemporary technical standards designed to ensure security and interoperability for biometric authentication and passwordless access. 1Kosmos is certified to these standards and our solution has passed rigorous testing to validate our development is to the highest quality standards.
As a cloud-based identity provider, BlockID comes with several exciting administration features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Microsoft Entra ID, Ping, Okta, and more.
Address All of Your Authentication Needs
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.The BlockID platform comes with several convenient features, such as password reset for legacy or incompatible business applications. The password reset feature utilizes user biometrics to ensure the validity of the request.
For mobile, Windows and Mac workers can authenticate via any of seven authentication methods including device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, and Microsoft Entra ID.
BlockID also integrates via industry authentication standards such as OAuth, OIDC, SAML, and FIDO. It also offers legacy support via RADIUS and supports interoperability across Windows, Microsoft Entra ID, iOS, Android, Linux, and Unix operating systems.