1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Registering for Verizon Universal Identity Services
(UIS) Trust Elevation
2 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
UIS Credentials
• This discussion will focus on the non-PKI credentials that Verizon UIS offers
• Verizon offers three levels of assurance for the non-PKI authentication Credentials based on NIST 800-63:
– LOA 1
– LOA 2
– LOA3
• These credentials are ICAM approved under the Kantara Trust Framework
• The following demo will identify how a user is elevated to a higher level of assurance during the registration process
3 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Registration Workflows
Level 1
Level 2
Level 3
1. Legal Name, address, phone number, email 2. User name, password, pin 3. Security questions for help desk/online support 4. Generation of OTP to prove possession of device
1 2 3 4
5
6
5. Last 4 digits of SSN and month/year of birth.
6. KBA • 5 dynamic multiple choice questions • 4 must be answered correctly • 2 tries to answer questions correctly. • 2 of the questions are different on the second
try.
4 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Providing Profile Info (All Levels)
9190000000
5 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Providing User Info (All Levels)
6 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Providing Security Q/A Info (All Levels)
7 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Providing User OTP Info (All Levels)
✓
8 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Providing OTP (All Levels)
✓
✓
9 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
SMS OTP delivered to Phone (All Levels)
10 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Entering OTP (All Levels)
✓
✓
11 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
User now has an LOA 1 credential
12 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Providing Identity Q/A Info (Levels 2)
13 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
User now has an LOA 2 credential
14 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Providing Identity Q/A Info (Level 3 Only)
15 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Confirming Your Registration Level 3 Identity Proofing
natjeffers101
16 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
User now has an LOA 3 credential
17 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Profile Manager
18 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Moving Ahead
• This online identity verification process is currently only available for US citizens.
• Non US government privacy laws generally prohibit collection and use of data required to develop Knowledge Based Assessment (KBA) questions
• Verizon is exploring other methods of verifying identity and elevating assurance levels without the need for F2F which is costly and time consuming.
– Use of government issued (LOA 4) citizen ID cards in the EU – Other internationally recognized methods that comply with appropriate state and national
laws governing protection of personal data and privacy such as “Know Your Customer” in support of efforts such as Anti-Money Laundering (AML) compliance.
– Approaches in development
– OASIS Electronic Identity Credential Trust Elevation Methods
– OIX Attribute Working group
– EU ABC4Trust
– EU Stork
19 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Questions
Dale Rickards, CISSP, CISM Verizon Universal Identity Services, Head of Regulatory Affairs, Audit and Compliance [email protected] Office: +1.416.626.2435
Top Related