rhaquaunt quaunt

Categories

Tags

Archives

Blogs » Technology » IAL3 compliant solution for sensitive access control environmen

IAL3 compliant solution for sensitive access control environmen

  • Posted by rhaquaunt quaunt Jan 30 Filed in Technology #Solution  #NIST IAL3  #identity proofing  25 views
    click to rate

    NIST 800-63A represents an important shift towards prioritizing stronger, phishing-resistant authentication mechanisms. It encourages Responsible Parties (RPs) to regularly assess threats, service impacts and user populations to select an ID&V mechanism which meets those criteria.

    Traditional proofing methods can be costly and ineffective for remote workforces. Trust Swiftly's hardware based, remote IAL3 verification solution enables compliance while saving money while meeting both security and business objectives simultaneously.

    IAL3 Identity Proofing

    Identity proofing processes establish whether a claimed digital identity corresponds with real world existence by collecting and comparing evidence against an authenticated image of an individual. NIST defines three assurance levels to determine how closely a verified digital identity matches with real world identification: minimal verification (IAL1), remote or physical presence verification (IAL2) and high-risk services that require an authorized representative's in person verification (IAL3).

    NIST's guidance allows CSPs to employ various strategies for strengthening IAL2 service provision. Mitek's HYPR solution, for instance, offers a fully compliant IAL2 experience that uses chat, video, facial recognition with liveness detection, document authentication, step-up reproofing based on risk and step reproofing as needed to provide continuous identity assurance and reduce fraud.

    NIST IAL3 verification techniques that detect fraudulent claims to identities made by malicious actors while simultaneously increasing user adoption, decreasing rejections of legitimate users and minimizing application departures. Meanwhile, IAL2 introduces proofing requirements, permitting CSPs to assert attributes supporting pseudonymous identities with verified attributes via Remote IAL3 enrollment identity proofing techniques to RPs in support of pseudonymous identities with validated attributes.

    NIST 800-63A IAL3

    IAL3 provides the highest level of identity verification, featuring physical in-person identification sessions and high-resolution biometric matching. It should only be reserved for transactions that involve sensitive personal data; lower IAL levels provide sufficient assurance for most transactional needs.

    Integrators using IDEMIA's Capture SDK to acquire facial images for comparison against reference images or using alternative provenance mechanisms can use IDEMIA's IAL3 platform as evidence, in addition to ID documents, photos and chat-based evidence. As shown below in Table 1, face-to-face video conversations must also include liveness detection.

    TrustSwiftly, the comprehensive identity verification solution from HYPR, helps organizations meet IAL3 compliance through chat, video, facial recognition with liveness detection and document authentication. Furthermore, step-up reproofing based on risk is supported while simultaneously bridging business and security objectives while decreasing attack surface area and eliminating passwords - leading to robust digital identity practices which reduce cyber liability insurance costs, password reset costs while improving user experience.

    IAL3 Compliant Solution

    NIST Digital Identity Guidelines include Identity Assurance Levels (IALs), which measure the degree of certainty with which a claimed digital identity matches up with real world identities. There are three levels of assurance provided by NIST's guidelines: IAL1 provides minimal verification; no linkage between real life identities is required. On the other hand, IAL2 mandates validated documents or evidence of possessing identity attributes while on level 3, rigorous in-person or supervised verification processes to provide maximum assurance levels.

    Modern identity platforms such as HYPR help organizations meet NIST 800-63A IAL3  standards and decrease the threat surface for phishing attacks and password resets by eliminating vulnerable password-based authentication methods. HYPR Affirm can assist organizations with meeting this standard via verification via chat, video, facial recognition with liveness detection capabilities and document authentication; step-up reproofing on risk bases allows further strengthening identity proofing processes while simultaneously decreasing attack surface.

    While IAL3 can reduce the threat of impersonation, it must be coupled with in-person or remote verification under direct oversight to minimize risks. IAL2 with strong biometric matching may suffice in many use cases.

    NIST IAL3 Requirements

    NIST has established Identity Assurance Levels (IALs), which serve as a framework for verifying digital identities. These levels range from IAL1 which permits self-asserted attributes up to and including IAL3 which requires in-person verification.


    IAL3 requires physical presence (either in-person or remotely supervised) to compare identity evidence against superior strength, including verified biometrics; similar to applying for a passport or upgrading your REAL ID card.

    TrustSwiftly provides companies with a comprehensive, passwordless authentication solution certified by FIDO that meets NIST requirements for both IAL3 and IAL2. In addition, step-up reproofing based on risk can minimize attack surface while providing continuous identity assurance beyond one point-in-time checks.

    TrustSwiftly utilizes chat, video, facial recognition with liveness detection and document authentication for NIST IAL3 level identity proofing.