Remotely Attested Enrollment Procedures
Enrollment procedures that involve algorithmic gathering of evidence of identity produce the strongest credentials available without having to arrange face-to-face sessions with an Attestation Officer. The Vital Records department supports four types of remote attestation procedures. Each requires that the enrollee be able to simultaneously engage in a telephone or voip call and an Internet session. Read about each to determine which one meets your organization's Identity Quality requirements.
A ReliableID™ /A session is initiated and controlled by a Tabelio Officer as the initiating party of a telephone or voip call to the enrollee. Prior to the ReliableID™ /A session, the Tabelio Officer has been provided with a paper telephone directory or other satisfactory evidence that a particular telephone number or voip address is associated with the enrollee.
Other information about the enrollee that will help the Tabelio Officer guide the session is provided to the Tabelio Officer in advance by means of a web form that is filled in by the enrollee or in documents provided by the principal relying party (sponsoring party)
The Tabelio Officer has a CheckPoint or Lexus-Nexus or other PII corroboration service screen in front of him or her during the session. At the appointed time, the Tabelio Officer brings up the Tabelio remote enrollment screen from the ReliableID server and initiates the session. The Tabelio Officer then places a call to the published telephone number of the enrollee.
Once connected, the Tabelio Officer switches to the screen of the PII corroboration service and asks the enrollee to answer three or more questions from the PII corroboration service. The number of questions in excess of three depends upon the accuracy and level of confidence with which the enrollee answers, in the judgment of the Tabelio Officer. With the prior consent of the enrollee, the entire session is recorded.
ReliableID/A then generates new control number and voice prompt. The Tabelio Officer – as well as the telephone and user screen – prompts instruct the enrollee to recite the new control number into the telephone or voip microphone; the process is then repeated once. Provided the voice capture is of sufficient quality, the enrollee is informed that he or she may be asked later to recite a different control number to authenticate himself or herself in a transaction subsequent to enrollment. A key pair is then generated and its public key is signed. The user is then prompted to load the certificate and private key into his or her token or computer. ReliableID/AV provides a level of identity assurance that is appropriate for medium risk situations.
A ReliableID™ /AV session is identical to a ReliableID/A session except that the user's webcam and microphone are used to capture a video of the session. Your enrollee will need a webcam or other connected digital camera for this procedure.
Even if you don't have a camera attached to your computer, you can obtain the ReliableID Type VO digital identity certificate, an OpenID credential that is usable immediately
Copyright © 2005-2015 The City of Osmio