Remote Electronic Identity Proofing Use Case

From IDESG Wiki
Revision as of 01:08, 15 July 2015 by J. Andrew Hatter (Talk | contribs) (References and Citations)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Use Case Metadata

Title

Remote Electronic Identity Proofing

Status

Use Case Lifecycle Status

Contributed Working Draft Committee Review Compilation Approval Publication
This use case has been approved in version 1.2. This page may have been updated since the 1.2 document was approved.

Use Case Description

The core function of this Use Case is to streamline the identity proofing process engaging live human interaction virtually via video conferencing. Additionally, this Use Case is fundamentally different and considers between physical face to face in-person identity proofing in contrast to a real-time virtual face to face in person identity proofing meeting using video conferencing that is recorded, to capture claimants/subscribers verbal and written statements, identification document images, oath based under penalty of perjury, attributes, and facial/voice biometrics.


  • A person with the claimed attributes exists, and those attributes are sufficient to uniquely identify a single person;
  • The Claimant/Subscriber whose token is registered is in fact the person who is entitled to the identity;
  • It is difficult for the Claimant/Subscriber to later repudiate the registration and dispute an authentication using their token.



Use Case Category: Remote Electronic Identity Proofing


Contributor: J. Andrew Hatter AYIN International, Inc.


Use Case Details

Actors:

  • Identity Manager - (IM)
  • Claimant/Subscriber - (C)
  • Public Claimant/Subscriber - (PC)
  • Registration Authority/Credential Service Provider - (RA/CSP)


Goals:

Goal 1) (C) Claimant, who is distal (not in the physical presence) of RA and has an antecedent relationship with the RA, is given approval by RA to acquire a trusted credential.

Goal 2) PC, who is remote (not in the physical presence) and does not have an antecedent relationship with an RA, requires a trust credential.


Assumptions:

  • (C) Claimant/PC needing to initiate process for acquiring trust credential, is in the physical presence of the IM to present attributes.
  • RA/CSP has a pre-authorized trust relationship with IM.
  • RA/CSP has issued to the IM a method for the collection of the required (C) Claimant/PC attributes.


Requirements: IM must have a trust relationship with RA/CSP. (C) Claimant/PC is distal or remote (not in the physical presence) of the IM System and device used in method for attribute collection, attestation, and digital signing. IP and (C) Claimant/PC process the collection of attributes via prescribed method to include accordance with 28 U.S.C. 1746 (declaration under penalty of perjury) and provisions in FBCA 3.2.3.1 authentication of Human Subscribers.


Process Flow: (C) Claimant/PC initiates remote electronic identity proofing event via on-line appointment. If PC, payment for services options are necessary. IM retrieves request. IM confirms payment receipt if service is for PC; however IM implements attribute collection methodology via video conferencing. It is contemplated that attribute collection methodology via video conference may interface with CSP platform to streamline trust credential enrollment processing and issuance. It is also contemplated to augment high assurance identity proofing to include collection of biometric attributes in accordance with FIPS 201-1


Success Scenario: (C) Claimant/PC who is remote (not in the physical presence) of the RA/CSP securely submits attributes to IM maintaining IDESG privacy standards. IM submits (C) Claimant/ PC’s attributes to RA/CSP for authentication, and digital identity trust credential is issued to (C) Claimant/PC.


Error Conditions: (C) Claimant/PC submits fraudulent attributes. (C) Claimant/PC does not have required identification documents. PC fails to make payment. (C) Claimant/PC attributes do not comply with RA/CSP authentication standards. Communication transmission between (C) Claimant/PC, IM, RA/CSP, disruptions. (C) Claimant/PC or IM does not have system or devices for implementation of attribute collection methodology. (C) Claimant/PC and/or IM inputs errors or creates omissions in attribute collection. IM does not have trusted relationship with RA/CSP.


Privacy Considerations:

It is expected that attributes gathered during identity proofing are sensitive information and deserving of privacy protections. In addition the Remote Electronic Identity Proofing Use Case recommends all actors refer to Fair Information Privacy Practice Principles (FIPPS), Consumer Privacy Bill of Rights (CPBR), Video Privacy Protection Act (VPPA, and the IDESG PEM for ongoing guidance as this Use Case is further developed and is not implementation specific. The NPO cited this Use Case presents possible privacy risk issues of Breach of Trust, Stigmatization, and Surveillance. These terms of risk are based on definitions from the “Taxonomy of Privacy” by Daniel Solove. Other than non-participation, to date there are no absolute solutions to prevent a breach of confidentiality. There are a variety of remedies that can be combined to offer an applicant relief from harm as well as support deterring breach of trust events.

Breach of Trust – Is cited as a breach of implicit or explicit trusted relationship, including a breach of a confidential relationship. The Federal Bridge Certificate Authority provision for PIV issuance that a trust relationship between the Trusted Agent and the applicant can be based on an in-person antecedent identity proofing event and may suffice as meeting the in-person identity proofing requirement. Clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent identity proofing event, can be found in the “FBCA Supplementary Antecedent, In-Person Definition” document. The FBCA document cites an Antecedent event is an in-person identity proofing event that occurred previously and may suffice as meeting the in-person identity proofing requirements. The fundamental remote electronic identity capturing functions of this Use Case are video conference and electronic signatures/records wherein the remote electronic identity proofing event is recorded with the consent of the applicant attesting to the genuine validity of their personal identifiable information under penalty of perjury. Additionally the Trusted Agent performing the identity proofing event should have an established trust relationship with a RA or CSP. Breach of Trust may be deterred due to the video recorded tracking of the participants being the applicant and trusted identity proofer. Remote electronic identity capturing functions, Opt out, tort of Breach of Confidentiality, Court Order Warrants, attestation under penalty of perjury, established trust relationships, and disclosure of using an applicants’ PII beyond its intended purpose are all components which may be combined to provide an applicant relief from harm and be leveraged as a deterrent in mitigating breach of trust.

Stigmatization – Is cited as personal data is linked to an actual identity in such a way as to create a stigma. This Use Case illustrates a new viable and standardized methodology for remote electronic identity proofing. However inherent in any identity proofing event is the goal of attribute collection for the purpose of establishing identity. The way attributes are connected to a person is not the purpose and function of this Use Case. This Use Case is solely and fundamentally purposed for the collection of the attributes to subsequently establish identity and credential issuance by a CSP. Connection of attributes is inherent in their collection via identity proofing, however this Use Case is not purposed to connect the attributes to establish identity. Out of scope attribute collection activity such as selling attributes for profit, generalized profiling, exploitation, and other unauthorized activity that use a set of attributes in a negative and often unfair manner is prohibited and such activity is subject to regulatory penalties provisioned for applicants harmed by such activity.

Surveillance – Is cited as the collection or use, including tracking or monitoring of personal data that can create a chilling effect on behavior including free speech and/or freedom of association.

The VPPA cites in Section § 2703

(a). Required disclosure of customer communications or records,

A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.

(b). Contents of Wire or Electronic Communications in a Remote Computing Service.-

(1) A governmental entity may require a provider of remote computing service to disclose the contents of any wire or electronic communication to which this paragraph is made applicable by paragraph (2) of this subsection-

(A) without required notice to the subscriber or customer, if the governmental entity obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction; or

(B) with prior notice from the governmental entity to the subscriber or customer if the governmental entity-

(i) uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena; or

(ii) obtains a court order for such disclosure under subsection (d) of this section; except that delayed notice may be given pursuant to section 2705 of this title.

Relationships

References and Citations

  • NIST 800-63-1
  • Federal Bridge Certificate Authority
  • ANSI/NASPO IDPV v6.2 2015
  • ISO/IEC WD1 29003 -- Information technology – Security techniques – Identity Proofing
  • FPKIPA – CPWG Antecedent, In-Person Task Group
  • FIPS 201-1
  • FIPPS
  • CPBR
  • VPPA
  • Privacy and Security Tiger Team Trusted Identity of Patients in Cyberspace Recommendations on Patient Identity Proofing and AuthN
  • Patent Nos. 7590852,8190904