The combination of biometrics and cryptography linked to an identity profile enable a bulletproof security layer. Utilizing blockchain we provide an immutable audit trail of every transaction.
Built on Hyperledger Fabric, Digid uses a private, permission blockchain to record every transaction. This provides a distributed, immutable, auditable transaction history on a solid data persistence layer.
Use of strong PKI cryptography eliminates the need for passwords, one-time generated passcodes, or any other type of shared secret that is vulnerable to hijackers. Digid uses a private key that is stored securely by the end user hardware and is used to digitally sign and authenticate transactions. Keys can also be rotated as needed based on security requirements.
Every transaction includes a one-time token (OTT) that is generated by the Digid network after the user is authenticated. The token is verified by the relying party before approving the transaction as an extra layer of security.
Because Digid can verify a known identity of a user it becomes nearly impossible to attempt to takeover an account. Digid uses various methods of security, starting with secure onboarding that includes phone/email verification, biometrics, liveness checks, device and location signals, document verification, and historical transaction history (reputation) to verify user identities. Even if a hacker were to intercept an SMS OTP (ie. SIM swap), or simply phish the necessary information on the internet to claim to be a valid user, Digid would not trust the claim given the aforementioned layered security checks. Ongoing authentication includes verifying possession of a private key on a user’s device that is stored in secure hardware (DID authentication) and is cryptographically linked to their identity. Only a valid user in possession of the device with the correct key can access the service making it extremely difficult to takeover the account.
Digid does not rely on SMS one-time passcodes as a primary authentication mechanism. Because Digid uses cryptography and complex biometrics (e.g. liveness checks) to verify the identity claim of a user a SIM Swap would be unsuccessful at taking over an account.