David Kelts, CIPT, profile picture
Uploaded byDavid Kelts, CIPT
PPTX, PDF246 views

Identity Proofing to provision accurately

The document discusses identity proofing concepts for accurately provisioning credentials, including: - Establishing trusted identities requires ensuring "only you can be you" through identity proofing and authentication assurance levels, and ensuring "you are you" through privacy engineering and issuing credentials to the right person. - NIST 800-63 defines levels for identity assurance over time including at enrollment, over time through credential integrity and revocation, and at authentication through multi-factor authentication. - Identity proofing events establish a qualified, unique identity record through evidence qualification, data validation, document authentication, and multi-factor authentication. - Adding identity assurance to existing accounts can strengthen proofing by scanning identity documents, verifying the account holder's

Embed presentation

Download to read offline
Western Forum Identity Proofing… Identity Assurance Concepts for Accurate Credential Provisioning @DavidKelts November 7, 2017 @IdemiaGroup Western Forum
Western Forum More Attributes != Identity Proofing Service Providers want to provide higher value (risk) services to Users Level of Assurance (LOA) is a combination of Proofing and Authentication that mitigates risk If SP risk is lowered… they may not have to ask for all those additional identity attributes 2
Western Forum What must happen to Establish & Use Trusted Identities? Ensuring “only you can be you” • Authentication Assurance Level (AAL) = Usage • Simple Integration for Verifiers (Relying Parties) • Biometrics and MFA to Protect User Privacy Ensuring “you are you” • Identity Assurance Level (IAL) = Proofing • Privacy Engineering from the Ground Up • Issuing credentials to the RIGHT person Framework for Trust between all Parties • Identity and Trust Agreements • Legislation, Rules, and Policies of Operation • Comprehensive Business Model FrameworksIssuersVerifiers Start with an accurate provisioning process… then Simplify the integration for Relying Parties Protect the Privacy of individuals Secure the interoperability within the Ecosystem
Western Forum NIST 800-63 Defines “Levels” for Identity over Time •Enrollment Time •Identity Assurance Level •Credential Issuance Event Proofing •Over Time •Credential Integrity •Revocation & Validity •Usage Tracking/ Evaluation •Reputation Scoring •Location Detection Assurance •Transaction Time •Authentication Assurance Level •User Verification Authentication 800-63A 800-63B NIST ISO eIDAS IAL1 + AAL1 LOA2 Low IAL2 + AAL2 LOA3 Substantial IAL3 + AAL3 LOA4 High 4
Western Forum Balancing Authentication & Proofing gets you LOA 5 ©2016MorphoTrustUSA,LLC.Allrightsreserved.Noreproduction orrepublishingwithoutwrittenpermission
Western Forum Identity Proofing What happens in-person… an Identity Proofing Event? What steps are there in an Identity Proof and how does each step work? How can it translate to online or mobile actions? 6
Western Forum Qualified Record Valid Authentic Documented Real Unique Evidence •Single Identity •Valid Attributes •Scanned Images •Authenticatable Resolved Identity Proofing Event ⓴⓱@davidkelts Identity (Digital Subject) Authenticate Resolution • Determine Evidence is for a Single Legal Identity Evidence Qualification • Data Validation • Document Authentication Verification • Multi-Factor Authentication to Evidence 800-63A 7
Western Forum Resolved Identity Full Legal Name Date of Birth Place of Birth Sex Minimum Attributes for Legal Identity Resolution ⓴⓮@davidkelts Legal Identity Citizenship Address Over18 Over21 US Legal Presence Mobile Number Additional Attributes that activate Use Cases for a Legal Identity ⓴⓯@davidkelts Identity Resolution What attributes resolve to a Single Legal Identity? 8
Western Forum Attribute Valid Provenance Freshness Accuracy ⓴⓱@davidkelts https://pages.nist.gov/NISTIR-8112/ Data Validation What measurements determine attribute validity? Derived Sourced Authoritative Original 9
Western Forum Post Issuance Authentication Authenticity of credentials at points of service Secure Credential Design Creates a feeling of authority that we all detect UV & IR Exposed Features Hardware and physical doc present Visual Inspection Document Authentication Determine that the Identity Evidence is Official and Untampered White Light Scan • Document Authentication • Data Extraction Advanced Pattern Recognition • Biometric Techniques Applied to Documents • Machine Learning of Unique Patterns • Detectable Security Features New white-light techniques enable Doc Auth APIs 10
Western Forum Comparing Identity Proofing Events What are the requirements for common identity proofs that Citizens go through? What IAL would these proofs achieve? How many documents do I need to achieve an IAL? (One Superior + Strong) or (Two Strong + One Adequate) + Identity Verified 11
Western Forum Know Your Customer •Not-Specified •Visual Data Validation to Presented Document •Unexpired Passport •PAN Card •Voter Identity Card •Unexpired Driving License •Others for Proof of Address •Authentication Not-Specified •Operator Visual  Proof of Legal Name  Commonly used Names  Proof of Perm Address o Collect Date of Birth o Collect a Unique Identifier from a Doc Requirements Resolution Qualification Verification ⓴⓱@davidkelts 12
Western Forum US DMV Standard •Processing to Ensure 1 Person = 1 Record •Operator Option to Pause, Stop, or Flag the Record •Validate Data •SSOLV (Name) •PDPS & CDLIS •EVVE (Birth) •Scan Multiple Documents •Anti-Forgery Efforts •Fraud Doc Training •Authentication Equipment •Operator Visual •Visual to Docs of Guardian if < Age of Consent •1 : Record Biometric •1 : Many Biometric •Background Checks  Proof of Legal Name  Commonly used Names  Proof of Perm Address  Proof of Date of Birth  Proof of Signature o Nationality & Legal Presence in US/State o Collect Front-Facing Photo Requirements Resolution Qualification Verification In-Person ⓴⓱@davidkelts 13
Western Forum Getting a Credential to the RIGHT Person Proofing at time of issuance Derived Identity to issue a new credential Adding Identity Assurance & Proofing Concepts to an Existing Credential (Account)
Western Forum Ensuring “you are you” Post Issuance - Biometric Binding Accurate, 30-second identity proofing Transfers IAL (Identity Assurance Level) of the Document to the citizen Applicant (with their DL) Quick Registration (Derived Identity) 2. Authenticate Document 3. Get Data 4. Live Person (biometric) Biometric & Demographic Verification at DMV DMV System of Record identity scoring Mobile identity ready for use • High Trust Identity • Strong Credential • Multi-Factor Authenticator 1.Mobile Number & Device
Western Forum Your Existing Accounts – the goal is to… Strengthen Proofing Concepts Validate Assurance Concepts Resolution •Determine single legal identity Evidence Qualification •Data Validation •Document Authentication Verification •Multi-Factor Authentication to the Identity Evidence Attribute Valid Provenance Freshness Accuracy 18 Strongly Authenticate your User first before adding Qualified Evidence
Western Forum Identity Assurance Level (IAL) 2 IAL 3 Add Identity Assurance to Your Accounts Scan Authentic Identity Documents Verify Identity of Account Holder Validate Identity Data you Hold Bind to another High IAL Account Proof the Individual Even after registration, Qualified Evidence can bring your accounts upward to NIST 800-63A Identity Assurance Levels APIs for User and ID Verification API Connections to Authoritative Sources for Data Validation KYC 19
Western Forum Key Additional Steps • Authenticate your User at your Highest Possible AAL before • Scan, upload, or snap a document • Webcam or selfie their face or capture a biometric (see hole in TouchID) • Accept data from one of their documents • Presentation Attack Detection • Evaluation of Risk Signals • Privacy: Beware of Outsourcing (GDPR) 20

More Related Content

PPTX
SC-900 Concepts of Security, Compliance, and Identity
byFredBrandonAuthorMCP
 
PDF
FIDO Certification Update (Korean Language)
byFIDO Alliance
 
DOC
Cryptography
byArjun Shukla
 
PDF
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
PDF
63 Requirements for CASB
byKyle Watson
 
PDF
RA TechED 2019 - SS16 - Security Where and Why do I start
byRockwell Automation
 
PPTX
ISA/IEC 62443: Intro and How To
byJim Gilsinn
 
PPTX
Cloud Access Security Brokers - CASB
bySamrat Das
 
SC-900 Concepts of Security, Compliance, and Identity
byFredBrandonAuthorMCP
 
FIDO Certification Update (Korean Language)
byFIDO Alliance
 
Cryptography
byArjun Shukla
 
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
63 Requirements for CASB
byKyle Watson
 
RA TechED 2019 - SS16 - Security Where and Why do I start
byRockwell Automation
 
ISA/IEC 62443: Intro and How To
byJim Gilsinn
 
Cloud Access Security Brokers - CASB
bySamrat Das
 

Recently uploaded

PDF
GTI Solution Overview.pdf useful for security solution
by33fastfast
 
PDF
Batman Forever album sličice.pdf panini album
byStefanFilipovic9
 
PDF
investor pitch - iapploud | independent music platform
byVenkat Subramanian
 
PDF
automobili.pdf panini album slicice ......
byStefanFilipovic9
 
PPTX
Creating content that converts into leads.
bySEONutri
 
PPTX
Social_Media_Good_or_Bad_B2Plus_Lesson.pptx
byJuliaRutkowska4
 
GTI Solution Overview.pdf useful for security solution
by33fastfast
 
Batman Forever album sličice.pdf panini album
byStefanFilipovic9
 
investor pitch - iapploud | independent music platform
byVenkat Subramanian
 
automobili.pdf panini album slicice ......
byStefanFilipovic9
 
Creating content that converts into leads.
bySEONutri
 
Social_Media_Good_or_Bad_B2Plus_Lesson.pptx
byJuliaRutkowska4
 

Featured

PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
PDF
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
PDF
Everything You Need To Know About ChatGPT
byExpeed Software
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
PDF
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
PPTX
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
PDF
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
PDF
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
PDF
Skeleton Culture Code
bySkeleton Technologies
 
PDF
Getting into the tech field. what next
byTessa Mero
 
PDF
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
PDF
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
Everything You Need To Know About ChatGPT
byExpeed Software
 
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
Skeleton Culture Code
bySkeleton Technologies
 
Getting into the tech field. what next
byTessa Mero
 
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 

Identity Proofing to provision accurately

  • 1.
    Western Forum Identity Proofing… IdentityAssurance Concepts for Accurate Credential Provisioning @DavidKelts November 7, 2017 @IdemiaGroup Western Forum
  • 2.
    Western Forum More Attributes!= Identity Proofing Service Providers want to provide higher value (risk) services to Users Level of Assurance (LOA) is a combination of Proofing and Authentication that mitigates risk If SP risk is lowered… they may not have to ask for all those additional identity attributes 2
  • 3.
    Western Forum What musthappen to Establish & Use Trusted Identities? Ensuring “only you can be you” • Authentication Assurance Level (AAL) = Usage • Simple Integration for Verifiers (Relying Parties) • Biometrics and MFA to Protect User Privacy Ensuring “you are you” • Identity Assurance Level (IAL) = Proofing • Privacy Engineering from the Ground Up • Issuing credentials to the RIGHT person Framework for Trust between all Parties • Identity and Trust Agreements • Legislation, Rules, and Policies of Operation • Comprehensive Business Model FrameworksIssuersVerifiers Start with an accurate provisioning process… then Simplify the integration for Relying Parties Protect the Privacy of individuals Secure the interoperability within the Ecosystem
  • 4.
    Western Forum NIST 800-63Defines “Levels” for Identity over Time •Enrollment Time •Identity Assurance Level •Credential Issuance Event Proofing •Over Time •Credential Integrity •Revocation & Validity •Usage Tracking/ Evaluation •Reputation Scoring •Location Detection Assurance •Transaction Time •Authentication Assurance Level •User Verification Authentication 800-63A 800-63B NIST ISO eIDAS IAL1 + AAL1 LOA2 Low IAL2 + AAL2 LOA3 Substantial IAL3 + AAL3 LOA4 High 4
  • 5.
    Western Forum Balancing Authentication& Proofing gets you LOA 5 ©2016MorphoTrustUSA,LLC.Allrightsreserved.Noreproduction orrepublishingwithoutwrittenpermission
  • 6.
    Western Forum Identity Proofing Whathappens in-person… an Identity Proofing Event? What steps are there in an Identity Proof and how does each step work? How can it translate to online or mobile actions? 6
  • 7.
    Western Forum Qualified Record ValidAuthentic Documented Real Unique Evidence •Single Identity •Valid Attributes •Scanned Images •Authenticatable Resolved Identity Proofing Event ⓴⓱@davidkelts Identity (Digital Subject) Authenticate Resolution • Determine Evidence is for a Single Legal Identity Evidence Qualification • Data Validation • Document Authentication Verification • Multi-Factor Authentication to Evidence 800-63A 7
  • 8.
    Western Forum Resolved Identity Full Legal Name Dateof Birth Place of Birth Sex Minimum Attributes for Legal Identity Resolution ⓴⓮@davidkelts Legal Identity Citizenship Address Over18 Over21 US Legal Presence Mobile Number Additional Attributes that activate Use Cases for a Legal Identity ⓴⓯@davidkelts Identity Resolution What attributes resolve to a Single Legal Identity? 8
  • 9.
    Western Forum Attribute Valid Provenance Freshness Accuracy ⓴⓱@davidkelts https://pages.nist.gov/NISTIR-8112/ DataValidation What measurements determine attribute validity? Derived Sourced Authoritative Original 9
  • 10.
    Western Forum Post IssuanceAuthentication Authenticity of credentials at points of service Secure Credential Design Creates a feeling of authority that we all detect UV & IR Exposed Features Hardware and physical doc present Visual Inspection Document Authentication Determine that the Identity Evidence is Official and Untampered White Light Scan • Document Authentication • Data Extraction Advanced Pattern Recognition • Biometric Techniques Applied to Documents • Machine Learning of Unique Patterns • Detectable Security Features New white-light techniques enable Doc Auth APIs 10
  • 11.
    Western Forum Comparing IdentityProofing Events What are the requirements for common identity proofs that Citizens go through? What IAL would these proofs achieve? How many documents do I need to achieve an IAL? (One Superior + Strong) or (Two Strong + One Adequate) + Identity Verified 11
  • 12.
    Western Forum Know YourCustomer •Not-Specified •Visual Data Validation to Presented Document •Unexpired Passport •PAN Card •Voter Identity Card •Unexpired Driving License •Others for Proof of Address •Authentication Not-Specified •Operator Visual  Proof of Legal Name  Commonly used Names  Proof of Perm Address o Collect Date of Birth o Collect a Unique Identifier from a Doc Requirements Resolution Qualification Verification ⓴⓱@davidkelts 12
  • 13.
    Western Forum US DMVStandard •Processing to Ensure 1 Person = 1 Record •Operator Option to Pause, Stop, or Flag the Record •Validate Data •SSOLV (Name) •PDPS & CDLIS •EVVE (Birth) •Scan Multiple Documents •Anti-Forgery Efforts •Fraud Doc Training •Authentication Equipment •Operator Visual •Visual to Docs of Guardian if < Age of Consent •1 : Record Biometric •1 : Many Biometric •Background Checks  Proof of Legal Name  Commonly used Names  Proof of Perm Address  Proof of Date of Birth  Proof of Signature o Nationality & Legal Presence in US/State o Collect Front-Facing Photo Requirements Resolution Qualification Verification In-Person ⓴⓱@davidkelts 13
  • 14.
    Western Forum Getting aCredential to the RIGHT Person Proofing at time of issuance Derived Identity to issue a new credential Adding Identity Assurance & Proofing Concepts to an Existing Credential (Account)
  • 15.
    Western Forum Ensuring “youare you” Post Issuance - Biometric Binding Accurate, 30-second identity proofing Transfers IAL (Identity Assurance Level) of the Document to the citizen Applicant (with their DL) Quick Registration (Derived Identity) 2. Authenticate Document 3. Get Data 4. Live Person (biometric) Biometric & Demographic Verification at DMV DMV System of Record identity scoring Mobile identity ready for use • High Trust Identity • Strong Credential • Multi-Factor Authenticator 1.Mobile Number & Device
  • 16.
    Western Forum Your ExistingAccounts – the goal is to… Strengthen Proofing Concepts Validate Assurance Concepts Resolution •Determine single legal identity Evidence Qualification •Data Validation •Document Authentication Verification •Multi-Factor Authentication to the Identity Evidence Attribute Valid Provenance Freshness Accuracy 18 Strongly Authenticate your User first before adding Qualified Evidence
  • 17.
    Western Forum IdentityAssurance Level (IAL) 2 IAL 3 Add Identity Assurance to Your Accounts Scan Authentic Identity Documents Verify Identity of Account Holder Validate Identity Data you Hold Bind to another High IAL Account Proof the Individual Even after registration, Qualified Evidence can bring your accounts upward to NIST 800-63A Identity Assurance Levels APIs for User and ID Verification API Connections to Authoritative Sources for Data Validation KYC 19
  • 18.
    Western Forum Key AdditionalSteps • Authenticate your User at your Highest Possible AAL before • Scan, upload, or snap a document • Webcam or selfie their face or capture a biometric (see hole in TouchID) • Accept data from one of their documents • Presentation Attack Detection • Evaluation of Risk Signals • Privacy: Beware of Outsourcing (GDPR) 20

Editor's Notes

  • #3 Let’s spend some time on WHY we’re here and why we want to add identity “proofing” A Service Provider must add BOTH identity proofing AND authentication in order to move up the LOA scale and provide “riskier” services.
  • #4 Standardization at all these levels will drive the value up easily to People and the Relying Parties of an mDL. Vendors will make it Easy to Use Start with an accurate provisioning process… then Simplify the integration for Relying Parties Protect the Privacy of individuals Secure the interoperability within the Ecosystem Documents in the Wallet, Usage across Online, NFC, Requests Secure Provisioning - Fabric Ecosystem to System of Record User Authentication through Fido or AppleID Authentication Platform Consent Model must be Accounted For Online Usage supported through Optical Scanning or AppAuth
  • #5 Discuss NIST IAL and AAL, In-between these two things are Identity Assurance, which we’ll discuss in this presentation. (click) There is a lot that can be done in this middle area! And remember that Proofing and Authentication must BOTH be added at the same time to move up the LOA charts and provide “riskier” services to your customer.
  • #6 Adding proofing can restore the balance, and achieve LOA. We need to balance proofing and authentication if we really want to make any strides in online Identity assurance. Strong or in-person proofing PLUS strong authentication is the missing link in our ID ecosystem today and we are as focused as ever to partner with you in filling the gap. Use an example here: Touch ID not tied at all to who the person really is… but it is an additional authentication factor.
  • #7 Let’s look at how you can add identity proofing (in the form of identity assurance) to YOUR accounts. Multiple methods and multiple steps. The slides that follow will build a picture of what proofing is, compare proofing sources, and suggest how you could implement these recommendations to “add proofing” (add identity assurance) So let’s step back and examine what happens during an Identity Proofing Event, in order to clarify the things that can be done after the fact.
  • #8 But let’s break that proofing flow down further. Three main steps: Resolve, Qualify the gathered Evidence, and Verify the user against that evidence (speak about each one). Identity Resolution: ensure you are referring to a single, legal, specific identity distinguishable from all others. You are permitted to use KBA to disambiguate during identity resolution Evidence Qualification: BOTH authenticate the evidence presented by the Digital Subject and validate the data gathered from those docs (preferably at the source) Identity Verification: ensure that the person present is the rightful owner of the documents and the identity End result: a resolved, qualified record of a single legal identity. The qualities that you see listed here are added by each of these steps in the proofing process.
  • #9 There is a minimum set of identity attributes that you would need to determine that a single identity is distinct from all others in history. That is resolution. Note that you may need to demonstrate a chain of custody of attributes like Name and Sex For lots of other use cases that a single, legal identity might engage in, you have additional attributes that you would gather. Contact information, citizenship, residency, and some calculated attributes used for specific transactions to fulfill legal obligations You will see that identity proofs are targeting these attributes…. Gathering them AND validating them AND ensuring they are a coherent set for the person present
  • #10 Three “qualities” (or metadata) about an attribute that will determine how VALID the attribute is. Provenance: Authoritativeness of the Source of the Identity Attribute Freshness: How new or how recent the validation of that attribute was Accuracy: self-explanatory
  • #11 Many concepts are used to physically authenticate a document – determine that it is authoritative and not-tampered Layout and Design – a feeling of being official (and difficult to reproduce) Hidden or Obscure features – electronic security features UV or IR light sources – require moderately specialized equipment Mobile apps and workstations that detect the above plus patterns (click) In the world of scanning, snapshotting, or photographing an identity document, you’re now restricted to white light (but you can get high quality scans) MorphoTrust has taken some of the techniques used in biometrics – pattern matching, deep-learning, neural networks – and applied them to document authentication If you can get a high quality scan, you can look for patterns or deliberate security features THIS has given rise to the possibility of APIs that you can call in order to authenticate a document that you scanned or a user uploaded
  • #12 Now that we know what proofing is – the 3 main steps of resolution, evidence qualification, and verification – let’s analyze real-world proofing events Each of the following processes has their own set of requirements for the 3 steps, along with that minimum sets of data to be collected, validated, and stored
  • #13 The bank (entity) must publish and follow a Customer Identification Program (CIP) – that’s rule #1 of KYC There are a few target pieces of data, with validation of only 2 of them There are not requiremnets for resolution or specified for verification. Operator visual check is assumed. Banks, of course, could implement more accurate policy. So. Isn’t KYC really just an Identity Verification with a Data Gathering? I’m unconvinced that it is a proofing event, or that tying your identities to a KYC process is going to achieve any additional proofing value on the IAL chart. There is some assurance. Not of legal identity, just a way of locating that digital subject’s funds.
  • #14 Across the country, this is an unpublished standard of what our DMVs do. Many of them increased their processes to this level during 2005 – 2010 after Real ID was passed, to make this baseline common. Additional validated data fields Processing to ensure resolution – which happens within the states own sources of data and ALSO across state lines as best as possible. Commercial drivers checked across states formally. They are clearly trying to implement an IAL3 identity proof – and the list of required documentation typically is fulfilled by 2 or more other identity documents. Documentation of every checkmarked data item on that list, as well as validation against the source (part of qualification).
  • #17 I’m going to talk about a few ways to use these Identity Proofing concepts to accurately provision a credential to the right citizen. It’s incumbent upon the Issuing Authority to do this accurately so that the ecosystem can function.
  • #18 Mobile Users expect on-demand access to their apps. And the DMVs don’t want to add to their in-person service burden… but we MUST retain trust levels and proofing standards. In our model, it’s 30-second Derived Identity. The phone can tell if the license is authentic, 1-to-1 face recognition with DMVs replaces a person deciding you are the person on the driver license. With that online eID created, we can now login and transact with a high degree of trust that people are who they claim to me. We can also invoke face recognition on the device as a means of enhancing trust at anytime (is the eID holder in control of their phone right this second)
  • #20 (clicks) Steps or options developing in the marketplace to allow you to add identity assurance concepts to an existing account Bind: This is easier than you would think (programmer’s point of view) because you just ask your user to log into the higher IAL account, and bind your account to it (hold a refresh token). Be sure to mention the miiCard NSTIC pilot POC of binding to a high IAL open ID account as a way of earning that proofing/assurance value.