rhaquaunt quaunt

Categories

Tags

Archives

Blogs » Technology » Building trusted digital services with NIST 800-63A IAL3

Building trusted digital services with NIST 800-63A IAL3

  • Posted by rhaquaunt quaunt 2 hours ago Filed in Technology #NIST IAL3  #solution  #identity proofing  2 views
    click to rate

    NIST has established Identity Assurance Levels (IAL), Authenticator Assurance Levels (AAL), and Federation Assurance Levels (FAL), to measure how confidently parties relying upon assertions can trust their contents.

    Although onsite attended IAL3 pathways are technically possible, their implementation requires significant investments in personnel, hardware logistics, and security auditing; for most businesses this option simply isn't cost or complexity effective.

    IAL3 compliant solution

    NIST 800-63A revision 4 was designed to reflect current threats and technologies, emphasizing risk evaluation while still balancing security with user experience. Furthermore, this version does away with "levels of assurance", permitting organizations to choose their identity proofing requirements based on business needs and risk tolerance.

    TrustSwiftly offers an IAL3 compliant solution, including chat, video, facial recognition with liveness detection and document authentication. Furthermore, step-up reproofing based on risk allows continuous identity verification beyond one point in time - helping reduce cybersecurity liability while decreasing password resets and increasing productivity.

    Privacy: When collecting personally identifiable information (PII), only what is necessary to resolve to a unique identity record should be collected, including essential attributes needed for data queries and pseudonymity in federated transactions. This approach reduces identity theft risks while lessening burden on RPs. RESOURCES: Processes should be easily accessible to various user types while being automated wherever possible or needing less personal data in order to work correctly.

    IAL3 identity proofing

    The IAL3 Identity Proofing Process represents the highest level of NIST IAL3 verification and requires on-site attendance as well as remote supervision for proofing identity evidence from potential witnesses, helping RPs avoid fraud or any potential dangers to their wellbeing. Discover all the details about IAL3 identity proofing by clicking here or visiting our website.

    Facial recognition technology requires that a live image of the user be captured during each session and may include facial recognition, fingerprint scanning or other biometric capture methods. Document authentication services also use advanced features to detect counterfeit documents from their source - which helps combat advanced threats like AI deepfakes which have outshone traditional security protections.

    The NIST 800-63A IAL3 can be used to authenticate a range of credentials and devices, with multiple forms of proofing and identity verification techniques to increase adoption, minimise rejection of legitimate users, reduce application departures, and deter attackers who seek to scale attacks. Furthermore, it offers the option of sending out confirmation codes through mail as further deterrence against attacks that try to scale.

    IAL3 authentication

    NIST has defined IAL3 authentication as the highest level of identity assurance. This form of identification relies heavily on biometrics, rigorous evidence validation, reauthentication processes that guarantee phishing resistance, as well as satisfying requirements outlined in Section 4.3.1 for authenticators having non-exportable private keys and providing verifier impersonation resistance.

    IAL3 is an in-person attended process that requires enrollees to appear before an authorized representative for verification, using top facial verification technologies and correlating live images with multiple identity documents. While expensive, resource-intensive and only recommended for high stakes transactions, this national identity-proofing infrastructure will bring this level of assurance closer to users - soon IAL3 will even be available at many post offices, giving citizens fast and secure identity proofing capabilities.

    IAL3 verification

    Verifying identity for IAL3 requires providing robust evidence, including multiple government-issued documents that must be securely bound with biometrics of an enrollee - this binding ensures that only they own their credential, helping protect against SIM swaps, MFA bypasses and other attacks. Top solutions also feature advanced liveness detection to confirm whether an enrollee was present during proofing session.


    At the IAL1 level, digital services don't need to map claimed identities to real identities - making this the least stringent level and ideal for low-risk services like social media accounts.

    At IAL2, CSPs must be able to verify the real-world existence of an identity claimed, associating its attributes with it and verifying via remote or in-person proofing methods (remote/in-person proofing includes biometrics) such as Mitek's platform which scans/verifies government issued documents like passports/driver's licenses against live face recognition images captured via Mitek's face recognition system.