This appendix is informative.
This appendix provides a non-exhaustive list of types of identity evidence grouped by strength.
The qualities and features of the different types of FAIR evidence vary based on how they are implemented. CSPs must evaluate and document the evidence types that it will accept based on the requirements provided in these guidelines.
Table 4. Fair evidence examples
Evidence | Proofing | Validation | Verification |
---|---|---|---|
Financial Account | KYC/CIP requirements | • Confirm signature on assertion is from intended origin | • Demonstrated possession via an AAL2 authentication event and an FAL2 federated assertion • User input of a microtransaction event of sufficient entropy |
Phone Account | Established and documented account opening practices | • Confirm presence of user account with MNO • Confirm signature on assertion is from expected source |
• Demonstrated possession through enrollment code • Demonstrated possession via an AAL2 authentication event and an FAL2 federated assertion |
Student ID Card | Student registration and enrollment practices | • Confirm signature on assertion is from expected source • Confirm physical security features and evaluate for tampering |
• Demonstrated possession via an AAL2 authentication event and an FAL2 federated assertion • Physical comparison to image on the ID • Biometric comparison to image on the ID |
Corporate ID Card | Onboarding and background screening practices | • Confirm signature on assertion is from expected source • Confirm physical security features and evaluate for tampering |
• Demonstrated possession via an AAL2 authentication event and an FAL2 federated assertion • Physical comparison to image on the ID • Biometric comparison to image on the ID |
Veteran ID card | VA identity verification, issuance and eligibility process | • Confirm signature on assertion is from expected source • Confirm physical security features and evaluate for tampering |
• Demonstrated possession via an AAL2 authentication event and an FAL2 federated assertion • Physical comparison to image on the ID • Biometric comparison to image on the ID |
SNAP Card with Facial Portrait | State defined eligibility and enrollment requirements | • Confirm signature on assertion is from expected source • Confirm physical security features and evaluate for tampering |
• Visual inspection of the card • Physical or biometric comparison to image on the ID |
\clearpage
Table 5. Strong evidence examples
Evidence | Proofing | Validation | Verification |
---|---|---|---|
Driver’s License or State ID (physical) | State issuance processes or the REAL ID Act | • Confirm physical security features through inspection | • Physical comparison of image on ID • Biometric comparison of the image on the ID • Biometric comparison to issuing source records |
Permanent Resident Card (issued prior to May 11, 2010) | DHS issuance and eligibility process | • Confirm physical security features through inspection | • Physical comparison of image on ID • Biometric comparison of the image on the ID • Biometric comparison to issuing source records |
U.S. Uniformed Services Privilege and Identification Card | DoD issuance and eligibility processes | • Confirm physical security features through inspection | • Visual comparison of image on ID • Biometric comparison of the image on the ID • Biometric comparison to issuing source records |
Native American Tribal Photo Identification Card | Local issuance and eligibility processes | • Confirm physical security features through inspection | • Visual comparison of image on ID • Biometric comparison of the image on the ID • Biometric comparison to issuing source records |
Veteran Health ID Card (VHIC) | VA identity verification, issuance and eligibility process | • Confirm physical security features and evaluate for tampering | • Visual comparison to image on the ID • Biometric comparison to image on the ID |
USCIS Security-Enhanced Travel Documents (I-571/I-327) | USCIS issuance and eligibility processes | • Confirm physical security features and evaluate for tampering | • Visual comparison to image on the ID • Biometric comparison to image on the ID |
\clearpage
Table 6. Superior evidence examples
Evidence | Proofing | Validation | Verification |
---|---|---|---|
Personal Identity Verification (PIV) Card | FIPS 201-3 identity verification and issuance processes | • Validation of stored PKI certificate • Revocation check if available |
• Authentication consistent with multi-factor cryptographic authenticators per SP 800-63B • Biometric comparison to image stored on ID or biometric stored on ID • Visual comparison of image on ID |
Personal Identity Verification-Interoperable (PIV-I) Card | FIPS 201-3 identity verification and issuance processes | • Validation of stored PKI certificate • Revocation check if available |
• Authentication consistent with multi-factor cryptographic authenticators per SP 800-63B • Biometric comparison to image or biometric stored on ID • Visual comparison of image on ID |
Common Access Card (CAC) | DoD identity verification and issuance process | • Validation of stored PKI certificate • CRL check if available |
• Authentication consistent with multi-factor cryptographic authenticators per SP 800-63B • Biometric comparison to image or biometric stored on ID • Visual comparison of image on ID |
US Passport | State Department passport issuance process | • Validation of stored PKI certificate • Revocation check if available |
• Visual comparison of image on ID on stored in ID • Biometric comparison to image stored on ID • Biometric comparisons to issuing source records |
International e-Passports | ICAO-compliant and/or State Department-approved | • Validation of stored PKI certificate • Revocation check if available |
• Visual comparison of image on ID on stored in ID • Biometric comparison to image on ID • Biometric comparisons to issuing source records |
Mobile Driver’s License (MDL) | State issuance processes, AAMVA guidance, or Real ID Act | • Validation of mobile security object • Revocation check if available |
• Authentication consistent with multi-factor cryptographic authenticators per SP 800-63B |
Digital Permanent Resident Card (Verifiable Credential) | DHS issuance and eligibility process | • Validation of stored verifiable credential • Revocation check if available |
• Authentication consistent with multi-factor cryptographic authenticators per SP 800-63B |
European Digital Identity Wallet (EUDI Wallet) Personal Identification (PID) Element | EC defined identity verification and issuance process; qualified issuer certified | • Validation of stored verifiable credential or mobile security object • Revocation check if available |
• Authentication consistent with multi-factor cryptographic authenticators per SP 800-63B |
Japan’s My Number Card | Japan’s defined identity verification and issuance process; qualified issuer certified | • Validation of stored verifiable credential • Revocation check if available |
• Authentication consistent with multi-factor cryptographic authenticators per SP 800-63B |