1 / 11

The SAFE-BioPharma Identity Proofing Process

The SAFE-BioPharma Identity Proofing Process. Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer, SAFE-BioPharma Association. U.S. Government Standards / NIST SP 800-63-1.

shiri
Télécharger la présentation

The SAFE-BioPharma Identity Proofing Process

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer, SAFE-BioPharma Association

  2. U.S. Government Standards / NIST SP 800-63-1 • Satisfies both Federal Bridge “Medium” requirements and FICAM Trust Framework LOA-3 Requirements for Identity Proofing • Remote, online, compliant identity proofing using KBA • Extended proofing through Online Antecedent method ties applicant back to a prior legal, in-person proofing event such as a mortgage application. Method approved by US Federal PKI Policy Authority.

  3. Steps 1 & 2 Identity Verification • User asserts identity information (Name, Address, Phone, SSN, DLN, DoB, Medical License Number, etc) • Verify the information provided through record checks either with the applicable agency or institution or through credit bureaus or similar databases • Confirm that Name, DoB, address and other personal information in records are consistent with the asserted information and sufficient to identify a unique individual.

  4. Steps 1 & 2 • Verify that the identity elements provided by the user match those of a real, legal identity verified through trusted data sources. • Identify at least one antecedent record matching the minimum criteria for an In-Person Identity Proofing antecedent. • Verify that the identity elements provided by the user match those provided by a trusted data source.

  5. Steps 1 & 2 • Verify that the users SSN exists in public records AND SSN is not deceased AND the last name matches the address • Public and Private database records are searched to verify the identity of the user, as well as community specific (SAFE for example) sources such as: • DEA Controlled Substance License Databases • State Medical License Databases • .

  6. Step 3 Identity Authentication Quiz • Generate a KBA quiz based on facts obtained about the user from the public and private databases • The KBA quiz consists of a series of random, multiple choice questions derived from “non-wallet” based data using public and private historical antecedent database records. • Advanced analytics are used to select questions from different domains and sources. • As a result, these questions have a high likelihood of only being correctly answered only by the proper individual.

  7. Step 3 Example of KBA quiz parameters – which can be customized for the client:

  8. Step 4 Determine Risk • Provide an a “pass” or “fail” score based on the responses to the KBA questions based on the clients parameters • Return as part of the transaction: • a unique transaction ID number, which ties back to the data used to verify the identity, the results of the verification process, and the results of the authentication quiz • The date and time of the KBA • Retain the The transaction ID number, the results of the verification process, and the results of the authentication process, the verification data sources as stated in the CP (10 1/2 years)

  9. NIST 800-63-1 Guideline • The Electronic Authentication Guideline standard states in 6.3.1 Requirements per Assurance Level “In some contexts, agencies may choose to use additional knowledge based authentication methods to increase their confidence in the registration process. For example, an Applicant could be asked to supply non-public information on his or her past dealing with the agency that could help confirm the Applicant’s identity.” • Only LOA-1, LOA-2 and LOA-3 allow for remote identity proofing

  10. Remote Proofing via Enhanced KBA Advantages • Simplify the identity proofing process • Deliver a positive user experience • Enhance security by enabling scalable and easy-to-implement identity proofing • Reduce fraud and associated costs through an enhanced user verification process (e.g. data is validated against trusted sources) • Avoid privacy concerns that result when personal information is requested from users

  11. For Further Information • Peter Alterman, Chief Operating Officer: PAlterman@safe-biopharma.org • Gary Wilson, Head, Technical Programs and Operations: Gwilson@safe-biopharma.org

More Related