Identity Proofing

This article lists the identity proofing requirements to resolve, validate, and verify any claimed digital identity and any user-supplied identity evidence. The requirements ensure that the claimed identity is the actual real-life identity of the subject attempting to enroll with the Credential Service Provider (CSP) and not an impostor. This ensures that scalable attacks affecting a large population of enrolled individuals require greater time and cost than the value of the resources the system is protecting. Criminals looking to attack a system must go through resolution that distinguishes the requestor, validation of the supplied documentation, and verification that it is linked to a real person.

Identity proofing for Identity Resolution, Validation and Verification

Identity Proofing – Resolution

The goal of identity resolution is to distinguish a user from a given population in the identity proofing cycle. There are plenty of factors that can be used at this step, but effective identity validation should take the least amount of information needed before singling out an individual amongst a group of users. Unique documentation is used in this process as well as knowledge-based verification to connect a claimed digital identity to an existing real life identity. Identity evidence supplied at this stage should be unique to the applicant.

Identity Validation

The purpose of identity validation is to collect the appropriate documentation from a claimant before verifying and confirming it against an existing database. The identity evidence supplied can fall on a scale of strength – from weak to superior. Superior pieces of evidence identify the individual and can be quickly cross checked against secure databases, whereas weak pieces are unverifiable and don’t distinguish a claimant from a user base whatsoever. Depending on the Identity Assurance Level (IAL) and Authenticator Assurance Level (AAL), user evidence must fall under the appropriate strength categories. The highest levels will not accept weak evidence and require superior, verifiable information. Weak documentation also includes any information that can’t be checked for tampering, such as a blurry ID photo.

Identity Verification

After collection and validation of the identity evidence supplied is complete, the final step is to confirm that the claimed digital identity is linked to the real-life existence of the subject. The strongest evidence is supported and reinforced by existing records and databases that can be easily cross-checked. The supplied evidence should match existing records and confirm the legitimacy of the applicant. Knowledge-based verification questions are allowed at this step, but they must be supported by validated identity evidence and may not have answers which stay the same (e.g. what was your first car?). These precautions ensure that all data supplied is trusted, valid and easily verifiable, which creates trust in the application process as well as the local user base.

Identity and access management certifications

Blockchain Data Privacy Concerns

While blockchain data privacy features can be leveraged to protect consumers such as enabling self-sovereign identity, blockchain technology poses massive security issues to users who are unaware of the technology’s risks. If designed and executed well, however, blockchain can create a complex and completely private network of computers around the world. Blockchain currently faces problems with consumer privacy and safety that have to be worked out before it can become the computational norm. Some of these issues include:

Blockchain data privacy concerns by Identity Management Institute

Public Ledgers and Blockchain Data Privacy

While the public ledger was a core aspect of Bitcoin’s success (anyone could verify transaction records thought the self-perpetuating blockchain) the feature posed and continues to pose problems for Bitcoin (BTC) and all coins that use this method. While the ability for any user to look at every transaction on the blockchain was good for verification, it quickly became a tool for tracking people and their spending habits. Police and criminals can use the blockchain to find people through use of their digital assets. This is where consumer data can get breached. Learn more about blockchain security.

Centralized Blockchains

Consumer data isn’t only accessed and used by outside individuals, however. A fully centralized blockchain would award the owner/creator full control over the users’ data. Blockchains like Cardano (ADA) are fully decentralized, meaning the community controls the project and no one individual or group controls the blockchain. On the other hand, a nationally centralized blockchain would be a dystopian nightmare for any citizens living under it. The first country to implement something like this will most likely be China. Considering the Chinese Communist Party has already implemented a highly monitored and Chinese-exclusive internet and now its own national digital currency, it wouldn’t be unlikely. If Chinese citizens were to be forced to use the blockchain, it would threaten the self-sovereign identity that other blockchains could offer.

However, blockchain and technology built on top of it have revolutionized what privacy means in the field of economics. Bitcoin proved its concept when the coin was used as a P2P (peer-to-peer) cash-sending system like PayPal or Venmo as well as online marketplaces. Sellers of illicit goods on dark web marketplaces like The Silk Road quickly took up BTC for its decentralization and privacy from authority figures. Monero (XMR) takes the technology even further with its use of stealth addresses. By creating encrypted, one-time addresses used to denote interactions between users on the ledger instead of their real wallet addresses, complete consumer privacy can be achieved. This level of security reaches between the user and the network, other users, and any outside onlookers.

One typical area of concern with blockchain data privacy is around digital currency wallets and users’ lack of awareness of data privacy risks such as when renaming the wallet to something personal such as a password which can be visible to everyone on the public blockchain.

Finally, knowledge and control over personal data is the most important blockchain feature for implementing complete consumer privacy and security. As big tech companies continue to monopolize the personal data of internet users, alternatives are invented to protect user data. Where blockchain technology provides absolute security to a networks transactions by writing on immutable data, the Tor project serves as a complimentary web browser that gives total privacy. It does this by sending users through multiple virtual networks before finally landing on the website. However, it is significantly slower than most other web browsers because of this redirecting as well as its indexing. If Tor worked with blockchain tech, users could comfortably leave mainstream browsers that sell their data and censor their search results. Tor could also connect to blockchain-powered ecosystems like digital supply chains to create a safe and knowledgeable shopping experience on the web. This combination of security and privacy would make the perfect space for consumers to safely interact–free from any centralization, users can achieve full privacy and security in their transactions.