The NIST 800-63A Digital Identity Guidelines provide an invaluable way of creating secure federated identities. Their extensive identity proofing and phishing-resistant authentication is crucial.
IAL3 Identity Proofing Process was designed to prevent attacks involving evidence falsification and theft from happening, with on-site attended sessions featuring CSP representatives performing stringent verification processes.
Document Verification
Attaining an NIST IAL3 verification requires more than biometric comparison; it also necessitates a thorough identity verification process which verifies multiple attributes at various strength levels (from weak to superior), something TrustSwiftly delivers.
As opposed to many DIY solutions, ours requires only a laptop and the TrustSwiftly app – this takes away supply chain management, hardware configuration and physical security auditing burdens, enabling secure businesses to deploy IAL3 quickly with minimal overheads while attaining the same level of cybersecurity as highly protected government agencies.
HYPR’s IAL3 certified passwordless authentication and ID verification solution assists organizations with meeting FedRAMP high standards by strengthening authentication journey with chat, video, facial recognition with liveness detection, document authentication and document authentication. This increases customer experience while decreasing cyber liability insurance costs and operational expenses through reduced password resets; ultimately reducing attack surface area.
Biometric Comparison
NIST 800-63A IAL3 standards set rigorous requirements for identity proofing, authentication and federation – such as multi-factor authentication with antiphishing features such as Passkey support; hardware-backed authenticators that meet these specifications; as well as an efficient verification process with multiple layers.
Identity proofing links an applicant to their strongest piece of validated evidence through physical or biometric comparison. At an in-person proofing session, a CSP-trained operator compares live applicant’s facial image against that on any piece of ID evidence collected; this comparison can take place either physically in front of them or remotely (as long as all federation rules are observed).
CSPs may also utilize non-biometric oversight pathways that employ chat, video, document authentication, facial recognition with liveness detection and facial recognition with liveness detection to verify an applicant. This method is ideal when biometric verification cannot be used due to privacy concerns; furthermore the verification should include challenge response verification as well as KBV question verification where possible.
Liveness Detection
IAL3 verification provides the highest level of assurance by verifying claimed identity attributes correspond to real world identities. It prevents highly scalable attacks like evidence falsification, theft or repudiation as well as SIM swaps and MFA bypasses by linking biometrics securely with digital identities.
An IAL3 compliant solution can use chat, video and facial recognition with liveness detection to verify identity while performing document authentication and step-up reproofing based on risk. This reduces attack surface by restricting hackers’ entry points; and also lowers cyber liability insurance premiums and operational costs by decreasing password reset requests.
Implementation of Identity Proofing Agent (IPA3) in physical locations similar to how security guards review ID before admitting people into certain offices is another means of reaching IAL3. An IAL3 identity proofing agent would use an app on a secure device (e.g. an iPad in a kiosk stand) with Trust Swiftly installed so as to conduct verification sessions quickly and efficiently.
Step-Up Reproofing
As part of IAL3 requirements, an agent needs to be present during proofing sessions in person or remotely – Trust Swiftly’s turnkey kiosk provides the ideal solution. By connecting it to either an app or no code page that accesses Trust Swiftly solution and begins proofing process immediately, an agent can record sessions and check various proofs, including biometric ones.
OTPs or SMSs may not provide enough security. A security guard reviewing ID before admittance into some offices would provide comparable assurance. Furthermore, using such verification can reduce costs significantly as opposed to deploying an entire kiosk and ensures the person being verified is present, which can help prevent socially engineered attacks while decreasing cyber liability for CSPs who adopt such processes.