1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Registering for Verizon Universal Identity Services

(UIS) Trust Elevation

2 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

UIS Credentials

•  This discussion will focus on the non-PKI credentials that Verizon UIS offers

•  Verizon offers three levels of assurance for the non-PKI authentication Credentials based on NIST 800-63:

–  LOA 1

–  LOA 2

–  LOA3

•  These credentials are ICAM approved under the Kantara Trust Framework

•  The following demo will identify how a user is elevated to a higher level of assurance during the registration process

3 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Registration Workflows

Level 1

Level 2

Level 3

1.  Legal Name, address, phone number, email 2.  User name, password, pin 3.  Security questions for help desk/online support 4.  Generation of OTP to prove possession of device

1 2 3 4

5

6

5.  Last 4 digits of SSN and month/year of birth.

6.  KBA •  5 dynamic multiple choice questions •  4 must be answered correctly •  2 tries to answer questions correctly. •  2 of the questions are different on the second

try.

4 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Providing Profile Info (All Levels)

9190000000

5 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Providing User Info (All Levels)

6 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Providing Security Q/A Info (All Levels)

7 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Providing User OTP Info (All Levels)

✓

8 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Providing OTP (All Levels)

✓

✓

9 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

SMS OTP delivered to Phone (All Levels)

10 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Entering OTP (All Levels)

✓

✓

11 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

User now has an LOA 1 credential

12 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Providing Identity Q/A Info (Levels 2)

13 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

User now has an LOA 2 credential

14 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Providing Identity Q/A Info (Level 3 Only)

15 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Confirming Your Registration Level 3 Identity Proofing

natjeffers101

16 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

User now has an LOA 3 credential

17 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Profile Manager

18 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Moving Ahead

•  This online identity verification process is currently only available for US citizens.

•  Non US government privacy laws generally prohibit collection and use of data required to develop Knowledge Based Assessment (KBA) questions

•  Verizon is exploring other methods of verifying identity and elevating assurance levels without the need for F2F which is costly and time consuming.

–  Use of government issued (LOA 4) citizen ID cards in the EU –  Other internationally recognized methods that comply with appropriate state and national

laws governing protection of personal data and privacy such as “Know Your Customer” in support of efforts such as Anti-Money Laundering (AML) compliance.

–  Approaches in development

–  OASIS Electronic Identity Credential Trust Elevation Methods

–  OIX Attribute Working group

–  EU ABC4Trust

–  EU Stork

19 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Questions

Dale Rickards, CISSP, CISM Verizon Universal Identity Services, Head of Regulatory Affairs, Audit and Compliance dale.rickards@rogers.com Office: +1.416.626.2435