IdentityX Platform

Daon’s IdentityX is a multi-modal, vendor agnostic and future-proof identity services platform that addresses the full customer identity lifecycle. The key to trust in a digital identity is a unified, user-centric view of identity creation, use, and management. The IdentityX Platform provides the following core functions.

  • Identity Establishment through account origination and digital onboarding
  • Omni-Channel Multi-Factor Authentication via mobile, web, and call center authentication
  • Identity Recovery and other device and account lifecycle management functions

Identity establishment with IdentityX

Daon’s IdentityX Digital Onboarding product enables quick, accurate identity establishment for a range of purposes, including Anti-Money Laundering (AML) and Know Your Customer (KYC) checks. On mobile or for the web, IdentityX Onboarding enables: 

  • Collect end-user customer information
  • Scan identity documents
  • Take a selfie and compare face image against image scanned off identity document
  • Collect additional biographic and biometric information depending on customer and end-user preferences
  • Use collected information to perform AML and KYC checks against 3rd party systems
  • End-user receives a push notification to begin using the service, e.g. banking
  • End-user can use biometrics on that device to access their account moving forward (see omni-channel authentication below)
  • Biometrics can be used to help the end-user register additional or new devices (see Account Recovery below)

Benefits of IdentityX Onboarding

  • Reduces customer friction
    • Easier to register and lowers abandonment
  • Reduces cost
    • Less manual input and verification
    • No chasing of physical documentation from the customer
    • No storage and return of physical documentation
  • Speeds up time to revenue
    • Quicker activation of customer

The IdentityX platform offers omni-channel device and human authentication through:

Machine Learning: IdentityX Omni-Channel authentication allows customers to gather data over time to create and augment an end-user’s enrollment profile. Furthermore, multiple interactions with an end-user through various channels builds a confidence in the user’s identity and helps identify abnormal authentication scenarios which could be indications of fraud.

Mobile authentication

The IdentityX FIDO Certified Server, iOS FIDO Client SDK, and Android FIDO Client SDK provide device and human authentication via the mobile channel.

  • FIDO Certified
  • Leverages native matching capabilities
  • Includes embedded authenticators for face, voice, palm, and more
  • Performs passive and active liveness and quality assessment for face
  • Performs text-validation and audio replay detection for voice
  • Offers both match on client and match on server
  • Collects device signals that can be used for input into a risk engine on the server-side
  • Online or offline

Web authentication

Beyond mobile authentication, Daon offers authentication capabilities for the web channel to support PC based authentication or authentication on mobile devices without the requirement for installing native applications. IdentityX implements the W3C Web Authentication specification to support FIDO U2F tokens, security keys, and FIDO2 authenticators.

FIDO W3C stick
Keystroke Dynamics

Daon offers JavaScript libraries that can be leveraged by our customers to perform an additional passive authentication of an end-user based on the way that he or she types a phrase. Daon’s Keystroke Dynamics algorithm is used in conjunction with existing authentication methods (such as username and password) and provides a probabilistic score that can be used as an additional factor of authentication or can be used to determine if an additional step-up authentication is required.

Call Center Authentication

IdentityX allows Call Center visitors to be identified by their voice. The solution works over standard phone lines and cellular and does not require the customer to have an app installed on their device; however, it does require that the customer was previously registered in the IdentityX system.

CallCenter table

A user’s device(s) strongly binds the user to a relying party or service provider. Through cryptographic keys on the device, this strong binding supports multi-factor authentication based on the device, biometrics, and/or knowledge factors (PIN or passcode).

But what happens when a user loses his phone, has his phone stolen, or simply buys a new phone?

Original Registered Device Available

If the user has the original device, and it is still operational, then “trust” can be transferred. For example, the user can be authenticated on the old device and then present a QR Code which is scanned with the new device.

Original Registered Device NOT Available

If the user does not have the old device, this triggers an Account Recovery scenario - which can be a serious fraud vector for bad actors. In traditional systems, the user’s identity is first verified in one of three ways, each of which has it own problems:

AccountRecovery table

 

IdentityX Account Recovery Solution

IdentityX solves the Account Recovery process by offering customers the ability to authenticate a user through server-based biometrics. Using server-based biometrics, gathered during the original enrollment process or an account establishment process to authenticate the user, users can be authenticated via one or more methods -- face, voice, palm, or behavioral biometrics like keystroke dynamics. These can then be coupled with knowledge-based techniques to create a robust multi-factor account recovery process.