IdentityX Platform

Daon’s IdentityX is a multi-modal, vendor agnostic and future-proof identity services platform that addresses the full customer identity lifecycle. The key to trust in a digital identity is a unified, user-centric view of identity creation, use, and management. The IdentityX Platform provides the following core functions:

  • Identity Establishment through account origination and digital onboarding
  • Omni-Channel Multi-Factor Authentication via mobile, web, and call center authentication
  • Identity Recovery and other device and account lifecycle management functions

Identity establishment with IdentityX

Daon’s IdentityX Onboarding product enables quick, accurate identity establishment for a range of purposes, including Anti-Money Laundering (AML) and Know Your Customer (KYC) checks. Mobile SDKs for iOS and Android, and Javascript libraries for web, enable a clear and efficient onboarding workflow:

  • Collect end-user customer information
  • Scan identity documents
  • Take a selfie and compare face image against image scanned off identity document
  • Collect additional biographic and biometric information depending on customer and end-user preferences
  • Use collected information to perform AML and KYC checks against 3rd party systems
  • End-user receives a push notification to begin using the service, e.g. banking
  • End-user can use biometrics on that device to access their account moving forward (see omni-channel authentication below)
  • Biometrics can be used to help the end-user register additional or new devices (see Account Recovery below)

Benefits of IdentityX Onboarding

  • Reduces customer friction
    • Easier to register and lowers abandonment
  • Reduces cost
    • Less manual input and verification
    • No chasing of physical documentation from the customer
    • No storage and return of physical documentation
  • Speeds up time to revenue
    • Quicker activation of customer

IdentityX Omni-Channel Authentication

The IdentityX platform offers omni-channel device and human authentication through:

  • Mobile authentication
  • Web authentication
  • Call Center Authentication

Machine Learning: IdentityX Omni-Channel authentication allows customers to gather data over time to create and augment an end-user’s enrollment profile. Furthermore, multiple interactions with an end-user through various channels builds a confidence in the user’s identity and helps identify abnormal authentication scenarios which could be indications of fraud.

Mobile authentication

The IdentityX FIDO Certified Server, iOS FIDO Client SDK, and Android FIDO Client SDK provide device and human authentication via the mobile channel.

  • FIDO Certified
  • Leverages native matching capabilities
  • Includes embedded authenticators for face, voice, palm, and more
  • Performs passive and active liveness and quality assessment for face
  • Performs text-validation and audio replay detection for voice
  • Offers both match on client and match on server
  • Collects device signals that can be used for input into a risk engine on the server-side
  • Online or offline

Web authentication

Beyond mobile authentication, Daon offers authentication capabilities for the web channel to support PC based authentication or authentication on mobile devices without the requirement for installing native applications. IdentityX implements the W3C Web Authentication specification to support FIDO U2F tokens, security keys, and FIDO2 authenticators.

Daon offers JavaScript libraries that can be leveraged by our customers to perform an additional passive authentication of an end-user based on the way that he or she types a phrase. Daon’s Keystroke Dynamics algorithm is used in conjunction with existing authentication methods (such as username and password) and provides a probabilistic score that can be used as an additional factor of authentication or can be used to determine if an additional step-up authentication is required.

Call Center Authentication

IdentityX allows Call Center visitors to be identified by their voice. The solution works over standard phone lines and cellular and does not require the customer to have an app installed on their device; however, it does require that the customer was previously registered in the IdentityX system.

Function Feature/Benefit
Text Dependent Voice Authentication Is the person speaking the same person that enrolled?
Text Independent Voice Authentication A passive approach to authenticating a user as he or she speaks, typically used in scenarios where the end-user is in conversation with a customer service representative
Voice Quality Assessment Is the audio of sufficient quality, or should information be provided back to the user that they are speaking too soft of there is too much background noise?
Text Validation Did the user speak what they were prompted to say?
Voice Replay Detection Is the audio sample a playback of a recording of the user speaking?
Voice Sample Fingerprinting What type of audio is being received (i.e. plain old telephone, Voice over IP, LTE, etc.)?

Identity Recovery with IdentityX

A user’s device(s) strongly binds the user to a relying party or service provider. Through cryptographic keys on the device, this strong binding supports Multi-factor authentication based on the device, biometrics, and/or knowledge factors (PIN or passcode).

But what happens when a user loses his phone, has his phone stolen, or simply buys a new phone?

Original Registered Device Available

If the user has the original device, and it is still operational, then “trust” can be transferred. For example, the user can be authenticated on the old device and then present a QR Code which is scanned with the new device.

Original Registered Device NOT Available

If the user does not have the old device, this triggers an Account Recovery scenario - which can be a serious fraud vector for bad actors. In traditional systems, the user’s identity is first verified in one of three ways, each of which has it own problems:

Verification Channel Vulnerability
Call center Open to Social Engineering attacks

Based almost exclusively on knowledge
On-line / Mobile or Web Subject to Phishing

SIM Swap Fraud
In person authentication Expensive

Inconvenient

IdentityX Account Recovery Solution

IdentityX solves the Account Recovery process by offering customers the ability to authenticate a user through server-based biometrics. Using server-based biometrics, gathered during the original enrollment process or an account establishment process to authenticate the user, users can be authenticated via one or more methods -- face, voice, palm, or behavioral biometrics like keystroke dynamics. These can then be coupled with knowledge-based techniquest to create a robust multi-factor account recovery process.

Learn more about IdentityX Platform

For more information on IdentityX identity establishment, Omni-channel authentication and identity recovery, or to discuss your specific requirements for on boarding or account recovery, get in touch with us here.