News and Blogs
|Posted by AYIN International, Inc. on November 28, 2015 at 9:45 PM|
AYIN International, Inc.
© 2013-2016 AYIN International, Inc. All Rights Reserved
Use Case Description
The core function of this Use Case provides insights and challanges within the remote identity proofing workflow and considers the impact of combining live Identity Managers, video conferencing, electronic docs/signatures, and attribute verification for stronger assurance. This Use Case is fundamentally aligned with physical face to face in-person identity proofing, however online and real-time capturing Claimants/Subscribers verbal and written statements, identification document images, oaths under penalty of perjury, attributes, and optional facial/voice biometrics.
1. Identity Manager collects a set of attributes for identity verification - (IM)
2. Claimant/Subscriber - (C)
3. Public Claimant/Subscriber - (PC)
4. Registration Authority/Credential Service Provider - (RA/CSP)
1. Claimant, who is distal (not in the physical presence) of RA and has an antecedent relationship with the RA, is given approval by RA to acquire a trusted credential.
2. Public Claimant is remote (not in the physical presence), and does not have an antecedent relationship with an RA and requires a trust credential.
1. Claimant/PC needing to initiate the process for acquiring a trust credential is not in the physical presence of the Identity Manager to present their attributes.
2. RA/CSP has a pre-authorized trust relationship with IM.
3. RA/CSP has issued to the Identity Manager (IM) attribute requirements for collection from the Claimant/PC.
4. IM and Claimant/PC perform the remote electronic identity proofing process to collect the Claimant/PC attributes which include accordance with 28 U.S.C. 1746 (declaration under penalty of perjury) and provisions in FBCA 126.96.36.199 authentication of Human Subscribers.
1. Claimant/PC initiates remote electronic identity proofing event via on-line appointment. If PC, payment for services options are necessary.
2. Identity Manager retrieves request. Identity Manager confirms payment receipt if service is for PC.
3. Identity Manager deploys attribute collection methodology which includes electronic document signing and identity verification processes performed during secure live interactive video conference event. Identity proofing event includes Claimant/PC opt- in/out procedure.
o It is contemplated that attribute collection methodology via video conference may interface with CSP platform to streamline trust credential enrollment processing and issuance.
o To augment high assurance identity proofing implementer may choose to include collection of biometric attributes in accordance with FIPS 201-1. Biometrics include but are not limited to facial and/or voice recognition which may be collected per secure live interactive video conference event.
1. Claimant/PC who is remote (not in the physical presence) of the RA/CSP securely submits their attributes to Identity Manager maintaining IDESG privacy standards.
2. Identity Manager submits Claimant/ PC’s attributes to RA/CSP for authentication, and digital identity trust credential is issued to Claimant/PC.
1. Claimant/PC submits fraudulent attributes.
2. Claimant/PC does not have required identification documents.
3. PC fails to make payment.
4. IM fails to allow Claimant/PC choice to opt-in/out
5. Claimant/PC attributes do not comply with RA/CSP authentication standards.
6. Communication transmission between Claimant/PC, IM, RA/CSP, disruptions.
7. Claimant/PC or Identity Manager does not have system or devices for implementation of attribute collection methodology.
8. Claimant/PC and/or Identity Manager inputs errors or create omissions in attribute collection.
9. Identity Manager does not have trusted relationship with RA/CSP.
References and Citations
1. NIST 800-63-1
2. Federal Bridge Certificate Authority
3. ANSI/NASPO IDPV
4. ISO/IEC WD1 29003 -- Information technology – Security techniques – Identity Proofing
5. FPKIPA – CPWG Antecedent, In-Person Task Group
6. FIPS 201-1
10. Privacy and Security Tiger Team Trusted Identity of Patients in Cyberspace Recommendations on Patient Identity Proofing and AuthN
11. Patent Nos. 7590852, 8190904
NSTIC Guiding Principles Considerations
Interoperability - Policy level interoperability is the ability for organizations to adopt common business policies and processes (e.g., liability, identity proofing, and vetting) related to the transmission, receipt, and acceptance of data between systems. Identity proofing (verifying the identity of an individual) and the quality of identity source documents have a profound impact on establishing trusted digital identities, but the Strategy does not prescribe how these processes and documents need to evolve.
It is expected that attributes gathered during identity proofing are sensitive information and deserving of privacy protections. In addition the Remote Electronic Identity Proofing Use Case recommends all actors refer to Fair Information Privacy Practice Principles (FIPPS), Consumer Privacy Bill of Rights (CPBR), Video Privacy Protection Act (VPPA, and the IDESG PEM for ongoing guidance as this Use Case is further developed and is not implementation specific. This Use Case presents possible privacy risk issues of Breach of Trust, Stigmatization, and Surveillance. These terms of risk are based on definitions from the “Taxonomy of Privacy” by Daniel Solove. Other than non-participation, to date there are no absolute solutions to prevent a breach of confidentiality. There are a variety of remedies that can be combined to offer a Claimant/Subscriber relief from harm as well as support deterring breach of trust events.
Breach of Trust
Breach of trust is cited as a breach of implicit or explicit trusted relationship, including a breach of a confidential relationship. The Federal Bridge Certificate Authority provision for PIV issuance states that a trust relationship between the Identity Manager and the Claimant/Subscriber can be based on an in-person antecedent identity proofing event and may suffice as meeting the in-person identity proofing requirement. Clarification on the trust relationship between the Identity Manager and the Claimant/Subscriber, which is based on an in-person antecedent identity proofing event, can be found in the “FBCA Supplementary Antecedent, In-Person Definition” document. The FBCA document cites an Antecedent event is an in-person identity proofing event that occurred previously and may suffice as meeting the in-person identity proofing requirements. The fundamental remote electronic identity capturing functions of this Use Case are video conference and electronic signatures/records wherein the remote electronic identity proofing event is recorded with the consent of the Claimant/Subscriber attesting to the genuine validity of their personal identifiable information under penalty of perjury. Additionally the Identity Manager performing the identity proofing event should have an established trust relationship with a RA or CSP. Breach of Trust may be deterred due to the video recorded tracking of the participants being the Claimant/Subscriber and Identity Manager. Remote electronic identity capturing functions, Opt out, tort of Breach of Confidentiality, Court Order Warrants, attestation under penalty of perjury, established trust relationships, and disclosure of using a Claimant/Subscriber s’ PII beyond its intended purpose are all components which may be combined to provide a Claimant/Subscriber relief from harm and be leveraged as a deterrent in mitigating breach of trust.
Stigmatization is cited as personal data is linked to an actual identity in such a way as to create a stigma. This Use Case illustrates a new viable and standardized methodology for remote electronic identity proofing. However inherent in any identity proofing event is the goal of attribute collection for the purpose of establishing identity. The way attributes are connected to a person is not the purpose and function of this Use Case. This Use Case is solely and fundamentally purposed for the collection of the attributes to subsequently establish identity and credential issuance by a CSP. Connection of attributes is inherent in their collection via identity proofing, however this Use Case is not purposed to connect the attributes to establish identity. Out of scope attribute collection activity such as selling attributes for profit, generalized profiling, exploitation, and other unauthorized activity that use a set of attributes in a negative and often unfair manner is prohibited and such activity is subject to regulatory penalties provisioned for Claimant/Subscriber s harmed by such activity.
Surveillance is cited as the collection or use, including tracking or monitoring of personal data that can create a chilling effect on behavior including free speech and/or freedom of association.
The VPPA cites in Section § 2703
(a) Required disclosure of customer communications or records:
A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.
(b) Contents of Wire or Electronic Communications in a Remote Computing Service:
A governmental entity may require a provider of remote computing service to disclose the contents of any wire or electronic communication to which this paragraph is made applicable by paragraph (2) of this subsection.
(A) Without required notice to the subscriber or customer, if the governmental entity obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction; or
(B) With prior notice from the governmental entity to the subscriber or customer if the governmental entity-
(i) Uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena; or
(ii) Obtains a court order for such disclosure under subsection (d) of this section; except that delayed notice may be given pursuant to section 2705 of this title.
|Posted by AYIN International, Inc. on November 7, 2013 at 3:30 AM|
FT. LEE, NJ (NOVEMBER 6, 2013) -- AYIN International, Inc., an innovator of internet-based remote electronic notarization and non-notarial services, has been approved as an Identity Proofing Component member of the SAFE-BioPharma Trust Framework.
As a result, trust credential providers using AYIN International's identity proofing service can be assured that the identities asserted for credentialing satisfy NIST LOA-3 proofing requirements.
Trust Framework Providers develop and maintain policies and practices used by identity credential issuers. Approval by a Trust Framework means that identity credentials associated with that Trust Framework can be trusted at specified levels. SAFE-BioPharma is one of four US Government approved Trust Framework Providers, and AYIN International is one of three trust framework-approved Identity Component members in the US.
Starting in 2014, the AYIN International's Persona Trust™ division is planning to offer remote electronic identity-proofing services to companies using the SAFE-BioPharma global identity management and digital signature standard. The SAFE-BioPharma® standard is used throughout the biopharmaceutical and healthcare industries to facilitate secure, trusted electronic information exchanges and legally binding digital signatures for electronic documents.
For more information on the SAFE-BioPharma standard for digital identity and digital signatures used in life science and healthcare settings, visit http://www.safe-biopharma.org.
About AYIN International Inc.
AYIN International, Inc. is the only U.S. based company to hold two patents and several pending utility applications for leveraging the power of the office of Notary Public and its evolving internet engagement for identity proofing and asserting high assurance for multi-factor based digital identity. The company is a voting member of IDESG Standards Coordination Committee for the National Strategy for Trusted Identities in Cyberspace initiative. For more information visit www.ayininternationalinc.com or contact: Curtis Patton SVP Business Dev. [email protected]
|Posted by AYIN International, Inc. on December 30, 2011 at 3:55 AM|
VIRGINIA APPROVES REMOTE ELECTRONIC NOTARIZATION!
What does this mean for the future of notarization! A chance which will afford the Notaries Public of this country to finally have the opportunity to join the rest of the world in taking advantage of the many opportunities offered by the internet.
In July 2012 all eyes will be on the State of Virginia as it will become the first in the U.S. to offer remote electronic notarization services in accordance with AYIN International, Inc. patented method.
This milestone in a new era for notarization hopes to establish a model which other states will adopt. Aside from the efficiency factors of saving money, time, additional benefits such as enhanced accountability, convenience, and online service integration are also net effects which both Notaries Public and signers will enjoy.
AYIN International, Inc. will be offering licensing opportunities as well as rolling a suite of preferred notary transactions (PNT™ ranging from real estate closing, legal, financing, and government notarizations.
Governor Bob McDonnell, Del. Kathy Byrons, and State Senator John Edwards along with the entire Virginia legislature, and the supporting constituents all deserve kudos, encomiums, and lionizations for their work in bringing Notaries this wonderful opportunity.
It has always been our position at AYIN International, Inc. that Notaries Public are needed on the internet NOW! This legislation will now make this remote electronic notarization a reality.