Presentation is loading. Please wait.

Presentation is loading. Please wait.

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

Similar presentations


Presentation on theme: "The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,"— Presentation transcript:

1 The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer, SAFE-BioPharma Association

2 U.S. Government Standards / NIST SP –Satisfies both Federal Bridge “Medium” requirements and FICAM Trust Framework LOA-3 Requirements for Identity Proofing –Remote, online, compliant identity proofing using KBA –Extended proofing through Online Antecedent method ties applicant back to a prior legal, in-person proofing event such as a mortgage application. Method approved by US Federal PKI Policy Authority. 2

3 Steps 1 & 2 Identity Verification User asserts identity information (Name, Address, Phone, SSN, DLN, DoB, Medical License Number, etc) Verify the information provided through record checks either with the applicable agency or institution or through credit bureaus or similar databases Confirm that Name, DoB, address and other personal information in records are consistent with the asserted information and sufficient to identify a unique individual. 3

4 Steps 1 & 2 Verify that the identity elements provided by the user match those of a real, legal identity verified through trusted data sources. Identify at least one antecedent record matching the minimum criteria for an In-Person Identity Proofing antecedent. Verify that the identity elements provided by the user match those provided by a trusted data source. 4

5 Steps 1 & 2 Verify that the users SSN exists in public records AND SSN is not deceased AND the last name matches the address Public and Private database records are searched to verify the identity of the user, as well as community specific (SAFE for example) sources such as: –DEA Controlled Substance License Databases –State Medical License Databases. 5

6 Step 3 Identity Authentication Quiz Generate a KBA quiz based on facts obtained about the user from the public and private databases The KBA quiz consists of a series of random, multiple choice questions derived from “non-wallet” based data using public and private historical antecedent database records. Advanced analytics are used to select questions from different domains and sources. As a result, these questions have a high likelihood of only being correctly answered only by the proper individual. 6

7 Step 3 KBA ConfigurationCustomer Selection Minimum Number of Questions displayed5 Minimum Number of Reserved Questions2 Minimum Number of multiple choice answers displayed per question5 Minimum Number of correct Questions which must be answered correctly to pass 4 Maximum Number of attempts to correctly answer KBA2 Maximum Timeout parameter5 minutes Example of KBA quiz parameters – which can be customized for the client: 7

8 Step 4 Determine Risk Provide an a “pass” or “fail” score based on the responses to the KBA questions based on the clients parameters Return as part of the transaction: –a unique transaction ID number, which ties back to the data used to verify the identity, the results of the verification process, and the results of the authentication quiz –The date and time of the KBA Retain the The transaction ID number, the results of the verification process, and the results of the authentication process, the verification data sources as stated in the CP (10 1/2 years) 8

9 NIST Guideline The Electronic Authentication Guideline standard states in Requirements per Assurance Level “ In some contexts, agencies may choose to use additional knowledge based authentication methods to increase their confidence in the registration process. For example, an Applicant could be asked to supply non-public information on his or her past dealing with the agency that could help confirm the Applicant’s identity.” Only LOA-1, LOA-2 and LOA-3 allow for remote identity proofing 9

10 Remote Proofing via Enhanced KBA Advantages Simplify the identity proofing process Deliver a positive user experience Enhance security by enabling scalable and easy-to-implement identity proofing Reduce fraud and associated costs through an enhanced user verification process (e.g. data is validated against trusted sources) Avoid privacy concerns that result when personal information is requested from users 10

11 For Further Information Peter Alterman, Chief Operating Officer: biopharma.org Gary Wilson, Head, Technical Programs and Operations: 11


Download ppt "The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,"

Similar presentations


Ads by Google