The Business Challenge
As citizen and resident services move online, agencies face the challenge of balancing fraud controls with customer experience. Constituents expect speed, security, and privacy online and do not want to be treated like cybercriminals.
After identity verification and enrollment, users are typically issued weak credentials such as usernames and passwords or weak MFA. 1Kosmos provides an authentication platform that provides flexible levels of identity assertion with methods that support the risk and needs of any government agency.
1Kosmos prioritizes user flexibility by offering coexistence deployment options; we recognize the reality that certain users may be unable to switch to a stronger credential immediately and allow users to transition to safer and phishing resistant MFA at their own pace.
The 1Kosmos Advantage
Implement a Single Multi-Factor Authentication Platform
The 1Kosmos BlockID platform offers several forms of built-in identity based authentication:
- Phishing-resistant identity based facial biometric, LiveID
- Device biometrics such as TouchID and FaceID, and Windows Hello
- Passkeys
- Time-based One-Time Password (TOTP)
- One-Time Password (OTP) and Offline Access OTP
- SMS and Email
- Push Notification
- FIDO2 Tokens
- Offline Access
- U2F – Universal Second Factors such as Universal Serial Bus (USB) and near-field communication (NFC)
The 1Kosmos platform is flexible and customizable, so agencies will be able to find the best authentication method that meets the unique needs of their diverse application ecosystem.
Build Secure Non-Phishable Authentication Through Verified Identity
The 1Kosmos platforms FIDO2, Kantara (based on NIST 800-63-3), and UKDIATF certifications provide the highest level of digital biometric identity and authentication assurance. As 1Kosmos is built based on standards, we have an architectural advantage with superior interoperability.
1Kosmos utilizes the Trusted Platform Module / Secure Enclave of a device (what you have) and a live biometric (what you are) to perform multi-factor authentication. In terminology familiar for strong authentication, the device becomes the “possession element” and the biometric the “inherence element.”
The 1Kosmos platform performs a series of checks to prevent biometric-based attacks. 1Kosmos LiveID can perform both “active” liveness (requiring the user to perform randomized expressions) and “passive” liveness, one without the user’s involvement plus the LiveID SDK protects against camera manipulation to prevent an injection attack.
Ensure the Privacy and Security of Citizen and Resident Biometrics.
The 1Kosmos platform leverages a private and permissioned distributed back end which utilizes advanced encryption to protect biometric data, both during transmission and at rest, preventing unauthorized access.
Furthermore, 1Kosmos adheres to stringent regulatory compliance, aligning with standards formed by GDPR and CCPA, to maintain the highest levels biometric of protection data.
Regular audits and penetration testing are conducted to identify and mitigate potential vulnerabilities, ensuring that the security measures are always current and effective. By implementing comprehensive security practices, 1Kosmos ensures that user biometrics are kept private and secure.
Utilize a Platform that Complies with Industry-Standard Certifications.
1Kosmos has achieved notable industry certifications that underscore its commitment to security and trust for identity proofing and authentication solutions.
A subset of those certifications for the 1Kosmos’s platform includes:
- FIDO2
- iBeta ISO/IEC 30107-3
- Kantara certified to NIST 800-63-3; and
- ISO 30107-3 compliant
1Kosmos meets specific criteria for secure authentication and identity verification. These certifications are a testament to 1Kosmos’s dedication to providing secure and reliable digital identity solutions.
Additionally, the 1Kosmos platform and the CSP are aligned to US Federal requirements, including the Privacy Act, Section 508, EO13985 (multi-language), EO14028, OMB M19-17, OMB M22-09, NIST 800 series, as well as FedRAMP and FIPS.