IdentityX ensures that only you can authorize your financial / business transactions or access your most important and personal information. Using your smart phone, IdentityX offers risk solutions and empowers you to securely establish your identity through a combination of encryption, PIN entry, location-based technology, and biometrics such as voice, face, and palm image matching. IdentityX is a fully mobile, private and cost effective solution that allows you to decide the level of security for each type of transaction - balancing convenience and security as you desire.
The move to digital interactions has been occurring since the web went mainstream. Whether it's online banking (both consumer and corporate), social networking, or logical access to our home and work computer systems, the evolution of a digital lifestyle has only accelerated in the 21st century. The need to securely and conveniently identify ourselves remotely has risen hand-in-hand with this movement. Unfortunately, our ability to satisfy this need has lagged behind other technologies - the threat and impact of identity theft has skyrocketed along with its frequency.
IdentityX's benefits of service include dramatically reducing fraud to previously unattainable levels unlike any competitive alternatives, such as passwords, PINS, or PKI. This solution empowers businesses to enable any transaction with any consumer at any time with immaterial cost and total confidence. Further, IdentityX is extremely timely, leveraging the increasingly ubiquitous nature of smart phones to provide identity authentication even as identity fraud is becoming more widespread and insidious.
IdentityX leverages software developed by Daon, a leading provider of identity assurance products that has been selected to protect hundreds of millions of identities around the globe. Daon provides the identity assurance platform for numerous commercial and government identity assurance programs, including the core backend platform for the recently awarded Indian Unique ID (UID) project, which involves a multi-modal solution as part of the largest biometric initiative in the world. Daon supports customers and system integrators in building enterprise solutions requiring the highest level of security, performance, scalability, reliability, and privacy. With the release of IdentityX, which is built on the foundation of its DaonEngine platform, Daon extends its award-winning biometric identity assurance software solutions and services into a broad range of markets.
The security of IdentityX is dynamically configured based on the type of transaction. This means that small transactions can be configured to emphasize convenience, such as requiring only a button press from the customer’s phone for purchases under $50. At the same time, riskier transactions (for example, online purchases over $500 or any cash withdrawals from an ATM) can be configured to require ever greater verification steps, from PIN to full biometric verification. This flexibility ensures that each Service Provider is able to balance risk and convenience to reflect the needs of their own customers.
IdentityX is comprised of both an application on a server (IdentityX Server) and an application on the customer’s mobile device (IdentityX Authenticator). When the customer initiates a transaction on the Service Provider’s website (e.g., transferring money through online banking), a request is made to the IdentityX Server for verification. Depending on the type/level of transaction and the configured verification methods associated with that transaction level, IdentityX Authenticator prompts the customer to enter identity verification data on their phone (i.e., some combination of biometrics and/or passwords), which may be used in conjunction with PKI-verified possession of the device itself and even the customer’s GPS location. This information is assessed by the IdentityX Server - successful verification will either result in the presentation of a one time password on the mobile device (which the customer can enter on the Service Provider’s website to authorize the transaction), or IdentityX can directly inform the Service Provider of successful authentication on the back end without further action from the customer. For additional detail on the IdentityX architecture, refer to our System Overview.
An important element of the solution is the out-of-band nature of IdentityX. In order to perform a verification, IdentityX reaches out to the registered phone of the individual. This means that even if someone acquired your username and password, when they attempted to perform an IdentityX-protected action, your registered phone would be required to close the loop on the transaction. If an attacker infects your computer with a trojan software virus and acquires your online banking credentials, they would still be unable to even begin an IdentityX transaction without your personal phone. Even if an insidious virus tried to change a valid transaction that you were making (for instance, when you were transferring $10 from savings to checking, it changed the transaction to transfer $5000 to an offshore account), the IdentityX authorization request includes the details of the transaction being requested for review, preventing even these so-called "man in the middle" attacks.
IdentityX even makes allowances for the use of older phones that cannot run applications. IdentityX can be configured to send a simple SMS message to a registered non-data-processing phone containing a One Time Password. When the customer enters this number on the Service Provider’s site, it demonstrates possession of the user’s registered phone. While this clearly cannot take the place of a full PIN / GPS / biometric authentication, it can be considered equivalent to a low risk transaction requiring simple acknowledgement on IdentityX. Both types of authentication add an out-of-band mechanism that requires possession of the registered phone to complete.
Finally, IdentityX also offers a streamlined, offline authentication tool for situations in which phone connections are unavailable, or in which the more robust IdentityX solution is not required. Refer to the section on IdentityX Lite for more information on this mathematical-algorithm-based One Time Password product.