NIST 800-63A provides a framework with three assurance levels, each setting increasingly stringent requirements – mapping claimed identity attributes to real identities, validating attributes, and restricting scalable attacks.
CSPs may offer multiple verification pathways that are tailored to the use cases, populations and threat environment of an online service. CSPs should communicate the pathway used by their assertion and APIs when communicating to RPs.
High-Assurance Chain of Custody
Modern businesses possess and process sensitive content – from client data to proprietary documents – which must remain protected against threats and unwarranted access, in addition to complying with regulatory compliance standards and managing reputational risks. A strong chain of custody (CoC) ensures this protection while supporting regulatory compliance efforts and maintaining an upstanding business.
An effective Chain of Custody involves documenting all aspects of an asset’s journey from its inception to final disposition, from physical movement and review of digital information through to security measures to prevent tampering or any forms of breach; while also providing accountability through clearly identified roles and signoffs.
TrustSwiftly provides an NIST 800-63A IAL3 verification solution, strengthening authentication journeys via chat, video, facial recognition with liveness detection and document authentication. IAL3 compares an individual’s claimed digital identity against government-verified documentation and biometrics to reduce impersonation fraud, SIM swapping attacks and SIM swapping attacks; providing highly secure in-person verification process to reduce cyber liability insurance costs as well as operational expenses by decreasing password resets.
Supervised Remote Identity Proofing (SRIP)
NIST IAL3 verification is the highest assurance level offered by NIST Identity Verification guidance and involves in-person inspection and comparison with evidence presented as strong piece(s). This helps ensure there is high confidence that those providing proof actually exist in real life and protects against more sophisticated attacks like falsifying evidence, theft and repudiation.
Conventional IAL3 identity proofing involves costly, slow and inflexible in-person sessions that are impractical for remote workers due to cost, slowness and security risks. Thankfully, new generation IAL3 compliant solution offer safe, secure and highly scalable identity proofing processes over the Internet with remote but supervised process akin to how a guard may review your information prior to admitting you into some office buildings.
Trust Swiftly’s IAL3 compliant solutions employ document verification, liveness detection biometrics and cryptographic authentication for an excellent user experience and to meet NIST requirements for IAL3. They’re FedRAMP High compliant and traceable back to Kantara for added assurance.
High-Fidelity Biometric Capture
Biometrics can be extremely effective at detecting impersonation; however, many of the most popular methods rely on physical characteristics which are susceptible to compromise due to fatigue, footwear or health concerns of an individual. Gait analysis relies on walking patterns while fingerprints provide visual representations of data while voice recognition relies on soundwaves which may be created artificially by artificial means.
Verifying identity at an IAL3 level requires direct, on-site interaction and comparison between an enrollee’s biometric characteristics and the most compelling piece(s) of validated evidence to identify them at either STRONG or SUPERIOR strength. Typically this involves conducting physical or biometric comparisons of living people against images contained in high level ID&V evidence such as facial images.
TrustSwiftly provides a scalable solution to meet IAL3 standards with secure and efficient chat, video chatting, facial recognition with liveness detection and document authentication services that meet these criteria for increased assurance and lower cyber liability insurance costs via less password resets.
IAL3 Compliant
IAL3 is the highest level of NIST compliance for identity verification, helping reduce impersonation and fraud. IAL3 differs from its lower levels by requiring direct observation during identity-proofing sessions, document validation against authoritative sources, biometric comparison with claimed digital identities, SIM swap protection via binding multiple biometric modalities (face, fingerprints and dual iris) with an enrolled credential, SIM swap protection via binding multiple biometric modalities (face fingerprints dual iris etc) together into a robust set.
TrustSwiftly provides a scalable solution that meets the IAL3 requirements of NIST SP 800-63A, including step-up reproofing based on risk, in-person or remote credential issuance, facial image capture with liveness detection support and support for various ID&V evidence types with validation strengths ranging from weak to superior validation strengths.
TrustSwiftly’s remote yet supervised identity proofing process eliminates OTPs and SMS-based authentication methods vulnerable to attack, as well as helping organizations reduce cyber liability insurance premiums and operational costs by decreasing password reset requests.