The Business Challenge

Secure IT access for employees, contractors, and supply chain partners is mission critical, but passwords and disjointed authentication experiences create a haven for phishing, ransomware, and data breach. Productivity takes a hit, and service desk calls increase when passwords get lost or stolen.

1Kosmos enhances the security of employees through our non-phishable multi-factor authentication. This feature, combined with our identity verification, enables organizations to confidently phase out passwords while enabling phased implementation of all users to a consistent login experience.

Furthermore, 1Kosmos offers innovative identity proofing and authentication solutions for customer access. Our platform supports low-friction identity verification during user onboarding, thereby expediting customer acquisition while detecting synthetic or stolen identities.

The result: A digitally transformed new account origination workflow that reduces administrative overhead improves customer satisfaction and ensures new users are who they claim to be.

The 1Kosmos Advantage

Security Starts with Strong Verified Identities
Most logins assume identity, leaving IT and security teams hoping they’ve granted access to the legitimate user. 1Kosmos proves identity and provides flexibility to tailor the levels of identity assurance for different workers or groups of users.

For example, executives and workers with privileged access might require the highest assurance with liveness detection (ie, IAL2), whereas workers in routine office functions might only need to match their biometric to an employment photo on file or use a device-level biometric.

We support both drivers license and passport verification via app-based or appless enrollment and can verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.

The 1Kosmos BlockID platform is not only complaint-to NIST 800-63-3, but fully certified to that standard by Kantara.
Build Secure Authentication Through Verified Identity
After employment verification, organizations typically issue weak credentials such as user ID and password or some type of biometric that assumes identity on each use. The 1Kosmos approach to identity verification generates a verified credential and utilizes it as an artifact for passwordless MFA. The credential is used by the employee to access their endpoints any required applications.

Verified identity is matched to the user’s biometric captured at enrollment, and since the BlockID platform is certified to FIDO2 standards and bound to a public / private key pair, the biometric can’t be spoofed and their session can’t be compromised. Every access attempt physically verifies the healthcare provider's identity leaving no chance for impostors to login.

In a typical deployment, workers are given the option to login via their user ID and password or use 1Kosmos to go passwordless via a QR code placed on the same screen. This side-by-side deployment option accelerates adoption.

With 1Kosmos organizations deploy a single authentication platform where users can authenticate with a high authenticator assurance level via a QR Code.
Deploy What You Need, When You Need It
As a cloud-based identity provider, 1Kosmos BlockID comes with several exciting administration features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Microsoft Entra ID, Ping, Okta, and more.

Alternatively, by implementing our mobile SDK/API, you can securely integrate all functionality into your existing app or service. This approach eliminates silos created when managing multiple apps and services.
Address All of Your Authentication Needs
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.

The BlockID platform comes with several convenient features, such as password reset for legacy or incompatible business applications. The password reset feature utilizes user biometrics to ensure the validity of the request.

For mobile, Windows and Mac workers can authenticate via any of seven authentication methods including: device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and Mac TouchID.

BlockID also integrates via industry authentication standards such as OAuth, OIDC, SAML, and FIDO. It also offers legacy support via RADIUS and supports interoperability across Microsoft Entra ID, Mac, iOS, Android, Linux, and Unix operating systems.
Security Starts with Strong Verified Identities
Most logins assume identity, leaving IT and security teams hoping they’ve granted access to the legitimate user. 1Kosmos proves identity and provides flexibility to tailor the levels of identity assurance for different workers or groups of users.

For example, executives and workers with privileged access might require the highest assurance with liveness detection (ie, IAL2), whereas workers in routine office functions might only need to match their biometric to an employment photo on file or use a device-level biometric.

We support both drivers license and passport verification via app-based or appless enrollment and can verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.

The 1Kosmos BlockID platform is not only complaint-to NIST 800-63-3, but fully certified to that standard by Kantara.
Build Secure Authentication Through Verified Identity
After employment verification, organizations typically issue weak credentials such as user ID and password or some type of biometric that assumes identity on each use. The 1Kosmos approach to identity verification generates a verified credential and utilizes it as an artifact for passwordless MFA. The credential is used by the employee to access their endpoints any required applications.

Verified identity is matched to the user’s biometric captured at enrollment, and since the BlockID platform is certified to FIDO2 standards and bound to a public / private key pair, the biometric can’t be spoofed and their session can’t be compromised. Every access attempt physically verifies the healthcare provider's identity leaving no chance for impostors to login.

In a typical deployment, workers are given the option to login via their user ID and password or use 1Kosmos to go passwordless via a QR code placed on the same screen. This side-by-side deployment option accelerates adoption.

With 1Kosmos organizations deploy a single authentication platform where users can authenticate with a high authenticator assurance level via a QR Code.
Deploy What You Need, When You Need It
As a cloud-based identity provider, 1Kosmos BlockID comes with several exciting administration features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Microsoft Entra ID, Ping, Okta, and more.

Alternatively, by implementing our mobile SDK/API, you can securely integrate all functionality into your existing app or service. This approach eliminates silos created when managing multiple apps and services.
Address All of Your Authentication Needs
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.

The BlockID platform comes with several convenient features, such as password reset for legacy or incompatible business applications. The password reset feature utilizes user biometrics to ensure the validity of the request.

For mobile, Windows and Mac workers can authenticate via any of seven authentication methods including: device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and Mac TouchID.

BlockID also integrates via industry authentication standards such as OAuth, OIDC, SAML, and FIDO. It also offers legacy support via RADIUS and supports interoperability across Microsoft Entra ID, Mac, iOS, Android, Linux, and Unix operating systems.
Automate Identity Verification to Reduce Synthetic Fraud
During customer onboarding, 1Kosmos detects stolen and synthetic identity fraud through a self-service, Know Your Customer (KYC) enrollment process.

Our identity proofing utilizes a user’s driver’s license, passport, or National ID to verify user identity and is completed within a few minutes with 99%+ identity proofing accuracy and 99%+ spoofing and counterfeit detection. Our solutions support document verification for over 205 countries. We can also verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.

The extracted data is used to build a convenient reusable digital wallet for frictionless biometric MFA and to give users control over their captured PII data.

The BlockID platform is certified to FIDO2, NIST 800-63-3 (by Kantara), UK DIATF, and iBeta ISO/IEC 30107-3 standards.
Address All of Your Authentication Needs
After identity verification, 1Kosmos BlockID provides an authentication platform to support biometric passwordless multi-factor authentication. Our Identity proofing provides flexible levels of identity assertion.

1Kosmos BlockID authentication methods are available through our SDK, and can be easily integrated into an existing mobile app or delivered through the 1Kosmos BlockID app, which can be white labeled.

Users will authenticate via any of our methods depending on the business need, the risk profile of the activity, and the security requirement for each access request. These methods include: device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Microsoft Entra ID, and Mac TouchID.
Empower Customer Managed Privacy
During enrollment, information collected from scanned credentials is encrypted, and (for the highest level of security) stored in a distributed ledger compliant to the W3C DID standard. As such, they are accessible only via a FIDO2 certified public/private key pair secured in the TPM/Secure Enclave of a device and under sole control of the user, typically via their live biometric selfie, made possible by our innovative LiveID feature.

Without the private key, data cannot be decrypted, accessed or shared. There is no central authority overseeing data access other than the user possessing the private key.

For deployments that will continue to need passwords, customers will ultimately forget their passwords and require a reset. The digital wallet has a convenient password reset feature that provides users a self-service reset option that can utilize biometrics to ensure the validity of the request.

Since there is no user store and no centralized storage of user information, there is no honeypot of personally identifiable information to secure against the threat of data breach. This improves an organization’s compliance.
Deploy What You Need to Meet Customer Expectations
Many people believe that passwordless customer authentication is difficult to deploy. Others just want to migrate from their antiquated 2FA systems and go passwordless gradually to stay with customer expectations. Still, others have some passwordless capabilities but want to improve security because there are gaps in their current deployment.

A result of our flexible architecture is an ability to meet the needs of most any workflow. As new mandates, regulations or even integrations come to market (e.g., open banking) as an example, the 1Kosmos API framework can help organizations quickly adapt and integrate, providing a future proof platform.

As a cloud-based identity provider, BlockID comes with several features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Microsoft Entra ID, Ping, Okta, ForgeRock, and more.

1Kosmos BlockID APIs comply with the strictest GDPR, SOC2, and ISO 27001 certification standards for the handling and retention of sensitive data, so you can connect customers to anything you need for strong customer engagement.
Automate Identity Verification to Reduce Synthetic Fraud
During customer onboarding, 1Kosmos detects stolen and synthetic identity fraud through a self-service, Know Your Customer (KYC) enrollment process.

Our identity proofing utilizes a user’s driver’s license, passport, or National ID to verify user identity and is completed within a few minutes with 99%+ identity proofing accuracy and 99%+ spoofing and counterfeit detection. Our solutions support document verification for over 205 countries. We can also verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.

The extracted data is used to build a convenient reusable digital wallet for frictionless biometric MFA and to give users control over their captured PII data.

The BlockID platform is certified to FIDO2, NIST 800-63-3 (by Kantara), UK DIATF, and iBeta ISO/IEC 30107-3 standards.
Address All of Your Authentication Needs
After identity verification, 1Kosmos BlockID provides an authentication platform to support biometric passwordless multi-factor authentication. Our Identity proofing provides flexible levels of identity assertion.

1Kosmos BlockID authentication methods are available through our SDK, and can be easily integrated into an existing mobile app or delivered through the 1Kosmos BlockID app, which can be white labeled.

Users will authenticate via any of our methods depending on the business need, the risk profile of the activity, and the security requirement for each access request. These methods include: device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Microsoft Entra ID, and Mac TouchID.
Empower Customer Managed Privacy
During enrollment, information collected from scanned credentials is encrypted, and (for the highest level of security) stored in a distributed ledger compliant to the W3C DID standard. As such, they are accessible only via a FIDO2 certified public/private key pair secured in the TPM/Secure Enclave of a device and under sole control of the user, typically via their live biometric selfie, made possible by our innovative LiveID feature.

Without the private key, data cannot be decrypted, accessed or shared. There is no central authority overseeing data access other than the user possessing the private key.

For deployments that will continue to need passwords, customers will ultimately forget their passwords and require a reset. The digital wallet has a convenient password reset feature that provides users a self-service reset option that can utilize biometrics to ensure the validity of the request.

Since there is no user store and no centralized storage of user information, there is no honeypot of personally identifiable information to secure against the threat of data breach. This improves an organization’s compliance.
Deploy What You Need to Meet Customer Expectations
Many people believe that passwordless customer authentication is difficult to deploy. Others just want to migrate from their antiquated 2FA systems and go passwordless gradually to stay with customer expectations. Still, others have some passwordless capabilities but want to improve security because there are gaps in their current deployment.

A result of our flexible architecture is an ability to meet the needs of most any workflow. As new mandates, regulations or even integrations come to market (e.g., open banking) as an example, the 1Kosmos API framework can help organizations quickly adapt and integrate, providing a future proof platform.

As a cloud-based identity provider, BlockID comes with several features. The administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Microsoft Entra ID, Ping, Okta, ForgeRock, and more.

1Kosmos BlockID APIs comply with the strictest GDPR, SOC2, and ISO 27001 certification standards for the handling and retention of sensitive data, so you can connect customers to anything you need for strong customer engagement.

Contact us for a demo!