Introduction to Identity Wallets and & Identity Assurance Level
Identity Wallets
Like a digital purse, identity wallets allow you to store identity documents, like ID cards, driver licenses, social security details, all in one place on your smartphone or on the web. Most importantly, identity wallets allow you to reuse previously verified identities.
Identity wallets on the smartphone
Everytime you download and install the BlockID app, a new identity wallet is created for you using public key cryptography. A decentralized identifier along with the key pair constitute your identity wallet.PII information about the user is stored within the wallet and requires the user’s private key and biometrics to read data from the wallet. The private key is securely stored in the Secure enclave of the device. The public key is stored by relying parties.
When data from the wallet needs to be presented to a Relying party, the holder needs to present biometrics and consent to share data. When approved, the private key is presented as a credential to unlock the wallet and share data. The private key never leaves the device and hence it is minimized from compromise.
Identity Wallets for the Web
For enterprises looking to purely onboard their customers from a web based journey, 1Kosmos supports web wallets that are implicitly created during sign up. A decentralized identifier along with the public key, private key constitute your identity wallet. Web wallets are protected by password based or passwordless MFA methods. In addition, wallets require a user provided PIN to unlock the wallet.
Replacing passwords with Public Key cryptography
Public key cryptography reduces the threat from potential database breaches. Initiating the BlockID mobile, generates a public-private key pair on the user's authenticator (a physical device). The user's public key is stored by requesting websites/relying parties, but this alone is useless to an attacker. An attacker cannot derive the user's private key from the data stored on the server, which is required to complete authentication.
Identity Assurance Level (IAL)
Identity proofing of applicants without requiring them to physically meet in person with CSP personnel is an important but challenging capability. It is important in providing access to CSP services to a larger portion of the population and in reducing the costs to both the applicant and the CSP. It is challenging because many of the identity proofing methods available to the CSP in a face-to-face interaction, such as detailed inspection of evidence documents, are difficult to perform with comparable security when conducted remotely.
1Kosmos follows guidelines from NIST SP 800-63A for remote identity proofing attempt to strike a pragmatic balance between availability and convenient access to identity proofing services and security of the associated processes.
Automated Ways to get to IAL2
Several combinations of evidence quality are accepted at IAL2 as shown in the table below. IAL2 One piece of SUPERIOR or STRONG evidence depending on strength of original proof and validation occurs with the issuing source, or Two pieces of STRONG evidence, or One piece of STRONG evidence plus two (2) pieces of FAIR evidence
Type of Evidence | Strength | Notes |
---|---|---|
US Passport | SUPERIOR | Includes US Passport cards |
Foreign e-Passport | SUPERIOR | |
Personal Identity Verification (PIV) card | SUPERIOR | |
Common Access card (CAC) | SUPERIOR | |
Personal Identity Verification Interoperable (PIV-I) card | SUPERIOR | |
Transportation Worker Identification Credential (TWIC) | SUPERIOR | |
Permanent Resident Card | SUPERIOR | Issued on or after May 11, 2010 |
Native American Enhanced Tribal Card | SUPERIOR | |
REAL ID cards | STRONG+ | Includes REAL ID driver’s licenses and ID cards. REAL ID cards have a star printed in the upper right-hand corner. Card and personal information must be validated with appropriate DMV or AAMVA. |
Enhanced ID cards | STRONG+ | Includes Enhanced ID driver’s licenses and ID cards. Must be validated with appropriate DMV or AAMVA. |
U.S. Uniformed Services Privilege and Identification Card (U.S. Military ID) | STRONG+ | Includes Uniformed Services Dependent ID Cards. Must be validated with appropriate military issuing source. |
Permanent Resident Card | STRONG | Issued Prior to May 11, 2010 |
Native American Tribal Photo Identification Card | STRONG | |
Driver’s License or ID card (REAL ID non-compliant) | STRONG | |
School ID card | FAIR | Includes facial image photograph |
Utility account statement | FAIR | |
Credit/debit card and account statement | FAIR | |
Financial institution account statement | FAIR | |
US Social Security Card | WEAK | |
Original or certified copy of a birth certificate issued by a state, county, municipal authority or outlying possession of the United States bearing an official seal | WEAK |
1Kosmos provides journeys that allow users to get to IAL2 depending on the evidence collected from users.