News and Blogs
|Posted by AYIN International, Inc. on November 28, 2015 at 9:45 PM|
AYIN International, Inc.
© 2013-2016 AYIN International, Inc. All Rights Reserved
Use Case Description
The core function of this Use Case provides insights and challanges within the remote identity proofing workflow and considers the impact of combining live Identity Managers, video conferencing, electronic docs/signatures, and attribute verification for stronger assurance. This Use Case is fundamentally aligned with physical face to face in-person identity proofing, however online and real-time capturing Claimants/Subscribers verbal and written statements, identification document images, oaths under penalty of perjury, attributes, and optional facial/voice biometrics.
1. Identity Manager collects a set of attributes for identity verification - (IM)
2. Claimant/Subscriber - (C)
3. Public Claimant/Subscriber - (PC)
4. Registration Authority/Credential Service Provider - (RA/CSP)
1. Claimant, who is distal (not in the physical presence) of RA and has an antecedent relationship with the RA, is given approval by RA to acquire a trusted credential.
2. Public Claimant is remote (not in the physical presence), and does not have an antecedent relationship with an RA and requires a trust credential.
1. Claimant/PC needing to initiate the process for acquiring a trust credential is not in the physical presence of the Identity Manager to present their attributes.
2. RA/CSP has a pre-authorized trust relationship with IM.
3. RA/CSP has issued to the Identity Manager (IM) attribute requirements for collection from the Claimant/PC.
4. IM and Claimant/PC perform the remote electronic identity proofing process to collect the Claimant/PC attributes which include accordance with 28 U.S.C. 1746 (declaration under penalty of perjury) and provisions in FBCA 18.104.22.168 authentication of Human Subscribers.
1. Claimant/PC initiates remote electronic identity proofing event via on-line appointment. If PC, payment for services options are necessary.
2. Identity Manager retrieves request. Identity Manager confirms payment receipt if service is for PC.
3. Identity Manager deploys attribute collection methodology which includes electronic document signing and identity verification processes performed during secure live interactive video conference event. Identity proofing event includes Claimant/PC opt- in/out procedure.
o It is contemplated that attribute collection methodology via video conference may interface with CSP platform to streamline trust credential enrollment processing and issuance.
o To augment high assurance identity proofing implementer may choose to include collection of biometric attributes in accordance with FIPS 201-1. Biometrics include but are not limited to facial and/or voice recognition which may be collected per secure live interactive video conference event.
1. Claimant/PC who is remote (not in the physical presence) of the RA/CSP securely submits their attributes to Identity Manager maintaining IDESG privacy standards.
2. Identity Manager submits Claimant/ PC’s attributes to RA/CSP for authentication, and digital identity trust credential is issued to Claimant/PC.
1. Claimant/PC submits fraudulent attributes.
2. Claimant/PC does not have required identification documents.
3. PC fails to make payment.
4. IM fails to allow Claimant/PC choice to opt-in/out
5. Claimant/PC attributes do not comply with RA/CSP authentication standards.
6. Communication transmission between Claimant/PC, IM, RA/CSP, disruptions.
7. Claimant/PC or Identity Manager does not have system or devices for implementation of attribute collection methodology.
8. Claimant/PC and/or Identity Manager inputs errors or create omissions in attribute collection.
9. Identity Manager does not have trusted relationship with RA/CSP.
References and Citations
1. NIST 800-63-1
2. Federal Bridge Certificate Authority
3. ANSI/NASPO IDPV
4. ISO/IEC WD1 29003 -- Information technology – Security techniques – Identity Proofing
5. FPKIPA – CPWG Antecedent, In-Person Task Group
6. FIPS 201-1
10. Privacy and Security Tiger Team Trusted Identity of Patients in Cyberspace Recommendations on Patient Identity Proofing and AuthN
11. Patent Nos. 7590852, 8190904
NSTIC Guiding Principles Considerations
Interoperability - Policy level interoperability is the ability for organizations to adopt common business policies and processes (e.g., liability, identity proofing, and vetting) related to the transmission, receipt, and acceptance of data between systems. Identity proofing (verifying the identity of an individual) and the quality of identity source documents have a profound impact on establishing trusted digital identities, but the Strategy does not prescribe how these processes and documents need to evolve.
It is expected that attributes gathered during identity proofing are sensitive information and deserving of privacy protections. In addition the Remote Electronic Identity Proofing Use Case recommends all actors refer to Fair Information Privacy Practice Principles (FIPPS), Consumer Privacy Bill of Rights (CPBR), Video Privacy Protection Act (VPPA, and the IDESG PEM for ongoing guidance as this Use Case is further developed and is not implementation specific. This Use Case presents possible privacy risk issues of Breach of Trust, Stigmatization, and Surveillance. These terms of risk are based on definitions from the “Taxonomy of Privacy” by Daniel Solove. Other than non-participation, to date there are no absolute solutions to prevent a breach of confidentiality. There are a variety of remedies that can be combined to offer a Claimant/Subscriber relief from harm as well as support deterring breach of trust events.
Breach of Trust
Breach of trust is cited as a breach of implicit or explicit trusted relationship, including a breach of a confidential relationship. The Federal Bridge Certificate Authority provision for PIV issuance states that a trust relationship between the Identity Manager and the Claimant/Subscriber can be based on an in-person antecedent identity proofing event and may suffice as meeting the in-person identity proofing requirement. Clarification on the trust relationship between the Identity Manager and the Claimant/Subscriber, which is based on an in-person antecedent identity proofing event, can be found in the “FBCA Supplementary Antecedent, In-Person Definition” document. The FBCA document cites an Antecedent event is an in-person identity proofing event that occurred previously and may suffice as meeting the in-person identity proofing requirements. The fundamental remote electronic identity capturing functions of this Use Case are video conference and electronic signatures/records wherein the remote electronic identity proofing event is recorded with the consent of the Claimant/Subscriber attesting to the genuine validity of their personal identifiable information under penalty of perjury. Additionally the Identity Manager performing the identity proofing event should have an established trust relationship with a RA or CSP. Breach of Trust may be deterred due to the video recorded tracking of the participants being the Claimant/Subscriber and Identity Manager. Remote electronic identity capturing functions, Opt out, tort of Breach of Confidentiality, Court Order Warrants, attestation under penalty of perjury, established trust relationships, and disclosure of using a Claimant/Subscriber s’ PII beyond its intended purpose are all components which may be combined to provide a Claimant/Subscriber relief from harm and be leveraged as a deterrent in mitigating breach of trust.
Stigmatization is cited as personal data is linked to an actual identity in such a way as to create a stigma. This Use Case illustrates a new viable and standardized methodology for remote electronic identity proofing. However inherent in any identity proofing event is the goal of attribute collection for the purpose of establishing identity. The way attributes are connected to a person is not the purpose and function of this Use Case. This Use Case is solely and fundamentally purposed for the collection of the attributes to subsequently establish identity and credential issuance by a CSP. Connection of attributes is inherent in their collection via identity proofing, however this Use Case is not purposed to connect the attributes to establish identity. Out of scope attribute collection activity such as selling attributes for profit, generalized profiling, exploitation, and other unauthorized activity that use a set of attributes in a negative and often unfair manner is prohibited and such activity is subject to regulatory penalties provisioned for Claimant/Subscriber s harmed by such activity.
Surveillance is cited as the collection or use, including tracking or monitoring of personal data that can create a chilling effect on behavior including free speech and/or freedom of association.
The VPPA cites in Section § 2703
(a) Required disclosure of customer communications or records:
A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.
(b) Contents of Wire or Electronic Communications in a Remote Computing Service:
A governmental entity may require a provider of remote computing service to disclose the contents of any wire or electronic communication to which this paragraph is made applicable by paragraph (2) of this subsection.
(A) Without required notice to the subscriber or customer, if the governmental entity obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction; or
(B) With prior notice from the governmental entity to the subscriber or customer if the governmental entity-
(i) Uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena; or
(ii) Obtains a court order for such disclosure under subsection (d) of this section; except that delayed notice may be given pursuant to section 2705 of this title.