The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3,...
-
Upload
dina-peters -
Category
Documents
-
view
213 -
download
0
Transcript of The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3,...
![Page 1: The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,](https://reader035.fdocuments.net/reader035/viewer/2022080222/56649cd95503460f949a2ced/html5/thumbnails/1.jpg)
The SAFE-BioPharma Identity Proofing Process
The SAFE-BioPharma Identity Proofing Process
Author of Record SWG (Digital Credentials)
October 3, 2012
Peter Alterman, Ph.D.
Chief Operating Officer, SAFE-BioPharma Association
![Page 2: The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,](https://reader035.fdocuments.net/reader035/viewer/2022080222/56649cd95503460f949a2ced/html5/thumbnails/2.jpg)
U.S. Government Standards / NIST SP 800-63-1
– Satisfies both Federal Bridge “Medium” requirements and FICAM Trust Framework LOA-3 Requirements for Identity Proofing
– Remote, online, compliant identity proofing using KBA– Extended proofing through Online Antecedent method ties applicant
back to a prior legal, in-person proofing event such as a mortgage application. Method approved by US Federal PKI Policy Authority.
2
![Page 3: The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,](https://reader035.fdocuments.net/reader035/viewer/2022080222/56649cd95503460f949a2ced/html5/thumbnails/3.jpg)
Steps 1 & 2
Identity Verification
User asserts identity information (Name, Address, Phone, SSN, DLN, DoB, Medical License Number, etc)
Verify the information provided through record checks either with the applicable agency or institution or through credit bureaus or similar databases
Confirm that Name, DoB, address and other personal information in records are consistent with the asserted information and sufficient to identify a unique individual.
3
![Page 4: The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,](https://reader035.fdocuments.net/reader035/viewer/2022080222/56649cd95503460f949a2ced/html5/thumbnails/4.jpg)
Steps 1 & 2
Verify that the identity elements provided by the user match those of a real, legal identity verified through trusted data sources.
Identify at least one antecedent record matching the minimum criteria for an In-Person Identity Proofing antecedent.
Verify that the identity elements provided by the user match those provided by a trusted data source.
4
![Page 5: The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,](https://reader035.fdocuments.net/reader035/viewer/2022080222/56649cd95503460f949a2ced/html5/thumbnails/5.jpg)
Steps 1 & 2
Verify that the users SSN exists in public records AND SSN is not deceased AND the last name matches the address
Public and Private database records are searched to verify the identity of the user, as well as community specific (SAFE for example) sources such as: – DEA Controlled Substance License Databases– State Medical License Databases
.
5
![Page 6: The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,](https://reader035.fdocuments.net/reader035/viewer/2022080222/56649cd95503460f949a2ced/html5/thumbnails/6.jpg)
Step 3
Identity Authentication Quiz
Generate a KBA quiz based on facts obtained about the user from the public and private databases
The KBA quiz consists of a series of random, multiple choice questions derived from “non-wallet” based data using public and private historical antecedent database records.
Advanced analytics are used to select questions from different domains and sources.
As a result, these questions have a high likelihood of only being correctly answered only by the proper individual.
6
![Page 7: The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,](https://reader035.fdocuments.net/reader035/viewer/2022080222/56649cd95503460f949a2ced/html5/thumbnails/7.jpg)
Step 3
KBA Configuration Customer Selection
Minimum Number of Questions displayed 5
Minimum Number of Reserved Questions 2
Minimum Number of multiple choice answers displayed per question 5
Minimum Number of correct Questions which must be answered correctly to pass
4
Maximum Number of attempts to correctly answer KBA 2
Maximum Timeout parameter 5 minutes
Example of KBA quiz parameters – which can be customized for the client:
7
![Page 8: The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,](https://reader035.fdocuments.net/reader035/viewer/2022080222/56649cd95503460f949a2ced/html5/thumbnails/8.jpg)
Step 4
Determine Risk
Provide an a “pass” or “fail” score based on the responses to the KBA questions based on the clients parameters
Return as part of the transaction:
– a unique transaction ID number, which ties back to the data used to verify the identity, the results of the verification process, and the results of the authentication quiz
– The date and time of the KBA Retain the The transaction ID number, the results of the verification process, and the results of the authentication process, the verification data sources as stated in the CP (10 1/2 years)
8
![Page 9: The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,](https://reader035.fdocuments.net/reader035/viewer/2022080222/56649cd95503460f949a2ced/html5/thumbnails/9.jpg)
NIST 800-63-1 Guideline
The Electronic Authentication Guideline standard states in 6.3.1 Requirements per Assurance Level
“In some contexts, agencies may choose to use additional knowledge based authentication methods to increase their confidence in the registration process. For example, an Applicant could be asked to supply non-public information on his or her past dealing with the agency that could help confirm the Applicant’s identity.”
Only LOA-1, LOA-2 and LOA-3 allow for remote identity proofing
9
![Page 10: The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,](https://reader035.fdocuments.net/reader035/viewer/2022080222/56649cd95503460f949a2ced/html5/thumbnails/10.jpg)
Remote Proofing via Enhanced KBA Advantages
Simplify the identity proofing process
Deliver a positive user experience
Enhance security by enabling scalable and easy-to-implement identity proofing
Reduce fraud and associated costs through an enhanced user verification process (e.g. data is validated against trusted sources)
Avoid privacy concerns that result when personal information is requested from users
10
![Page 11: The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,](https://reader035.fdocuments.net/reader035/viewer/2022080222/56649cd95503460f949a2ced/html5/thumbnails/11.jpg)
For Further Information
Peter Alterman, Chief Operating Officer: [email protected]
Gary Wilson, Head, Technical Programs and Operations: [email protected]
11