For your most demanding authentication scenarios, you need a hardware credential holder ("token" or "wallet") that provides 3+ factor authentication and that thoroughly protects the private key.
The Pocket HSM never lets the private key(s) out, and won't even let them be used unless the holder inputs a PIN and a fingerprint. The keypad and fingerprint reader reside right on the Pocket HSM, and the information never leaves the device. This means the holder's fingerprint is never transmitted over a network or into a connected computer, precluding any man-in-the-middle capturing of this very private and very important information.
With the Osmium operating system running in your users' tokens, you know that nothing can intrude upon the normal operation of the token. Osmium only knows how to encrypt, decrypt, and take input from on-token input devices such as keypad and fingerprint reader.
Our partners in the QE Alliance provide a complete range of identity, identity management operations, and Identity Quality Assurance programs to assure you than people are who they say they are. That's especially important in the age of identity federation, where people from your suppliers, distributors, consultants, contractors, customers and many other remote extended groups will have access to your network and digital assets.
Working with our partners in the QE Alliance we can provide the complete range of identity services, including face-to-face enrollment.