PingOne Recognize

IDV Bridge introduction

The PingOne Recognize identity verification (IDV) Bridge enables our customers to silently enroll users into PingOne Recognize with a picture of the user that has been collected from another source. We call this the "IDV Bridge" because it is often a bridge between the IDV process where customers collect a selfie during onboarding, and allows PingOne Recognize to authenticate that you are still dealing with the same person.

Use Cases

Typically clients use this solution in one of two ways:

  1. Bulk upload of selfies - clients have collected a significant number of "selfies" or identity documents, typically during an onboarding or Know Your Customer (KYC) process and want to use these selfies to passively enroll these users into the PingOne Recognize system to then support ongoing facial biometric authentication and prove the genuine presence of that user.

  2. Single user selfie upload - clients connect the IDV Bridge solution to an existing selfie capture step in their onboarding flow, enrolling users into PingOne Recognize without having to add an additional step to the process, yet still allowing them to again authenticate.

Identity Documents - Note PingOne Recognize customers have successfully used identity documents to enroll customers with IDV Bridge, but enrollment rates are typically lower than when using a portrait or selfie only.

For best results, customer images should be submitted in a cropped format as to exclude the rest of the document where possible.

Benefits

  • Rapid Biometric Adoption: Organizations can rapidly increase biometric adoption rates by automating backend enrollment of new and existing users without requiring additional enrollment.

  • End-to-End Identity Lifecycle: Combines identity verification and authentication, eliminating weak points like usernames, passwords, or SMS OTPs.

  • Future-Proof Scalability: The IDV Bridge is vendor-agnostic, allowing integration with multiple IDV providers to meet diverse customer needs, regardless of size or scope.

  • Privacy-Preserving: Minimizes risks associated with storing personally identifiable information (PII) through PingOne Recognize' unique privacy-preserving technology.

  • Cost Reduction: Enhances operational efficiency while lowering authentication costs.

  • User-Based Pricing: PingOne Recognize charges based on users. Unlike transaction-based IDV models, this offers a more cost-effective solution preferred by many financial institutions.

  • Image-Agnostic: PingOne Recognize can leverage images from either the existing IDV provider or a previous biometric authentication provider that the organization was using.

Deployment options

Customers can leverage the PingOne Recognize IDV Bridge technology in two ways:

  • IDV Bridge On-Premise - built on component known as "PingOne Recognize Agent" which customers install in their own infrastructure.

  • IDV Bridge SaaS - customers can enroll selfies via our publicly available API.

PingOne Recognize client state for Mobile SDK

PingOne Recognize authentication via Mobile SDK is multi-factor by design - we are authenticating both the possession of the device and that the user is present when capturing their selfie.

In relation to IDV Bridge, the client state is generated and used as temporary key to allow a new device to be activated, provided the user successfully authenticates via a selfie during this flow.

The client state needs to be securely stored after IDV Bridge enrollment to allow for a user to activate a new device.