Understanding digital identity acceptance, proofing, and assurance

Digital identity acceptance, identity proofing, and identity assurance are terms commonly used in the field of identity management and security. While they are related concepts, they have distinct meanings.

Identity acceptance is about recognizing an identity within a given context, identity proofing is the process of verifying that identity, and identity assurance involves providing confidence in the validity and trustworthiness of that identity.

Identity proofing

Identity proofing is the process of verifying that an individual or entity is who they claim to be. This involves collecting and validating identity information, such as government-issued identification, biometrics, or other credentials. Identity proofing can occur at different levels of assurance, ranging from basic checks to highly rigorous verification processes. Methods may include document verification (e.g. driver’s license, passport), knowledge-based authentication (e.g. security questions), biometric verification (e.g. fingerprints, facial recognition), or online identity verification (e.g. using digital certificates). Additionally, using online methods to verify identity can include video calls, as well as remote biometric verification.

Businesses, especially those in regulated industries like banking and finance, use identity proofing to verify the identities of customers as part of their KYC procedures. This helps prevent money laundering, fraud, and other illegal activities.

Identity acceptance

Identity acceptance refers to the process by which an organization acknowledges and agrees to recognize the identity of an individual or entity. This step typically occurs after identity proofing and involves accepting the previously-established credentials presented by the individual. For example, when a user logs in to a service using a username and password, the service accepts this identity based on the validity of the credentials. In federated and reusable identity models, the service provider accepting a given credential has established the trustworthiness of that particular type of credential.

The importance of identity acceptance includes security, user experience and compliance. In regards to security, it helps ensure that only authenticated and authorized individuals or entities gain access to sensitive information and resources, reducing the risk of unauthorized access. It also streamlines the process of accessing services by reliably recognizing and accepting valid identities, improving user satisfaction. Additionally, it helps organizations adhere to regulatory requirements and standards for identity management and access control.

Individuals may need to prove their identity to access certain online services, such as banking, healthcare portals, or government websites.

Identity assurance

Identity assurance refers to the confidence level in the accuracy and authenticity of an individual’s or entity’s asserted identity after identity proofing has been completed. It measures the reliability of the identity proofing process and the degree of confidence in the verified identity. Identity assurance is typically categorized into different levels of certainty, often based on standards such as those from the National Institute of Standards and Technology (NIST).

Organizations may employ continuous monitoring systems to detect and prevent identity theft or unauthorized access attempts. These systems can analyze user behavior, location data, and other factors to ensure that the identity being used is consistent and not compromised.

How the three work together

Whether it’s accepting, verifying, or assuring identities, identity acceptance, identity proofing, and identity assurance all play roles in ensuring the security, integrity, and trustworthiness of digital identities.

Each concept involves considerations of risk management. Identity acceptance, proofing, and assurance are all aimed at mitigating the risk of unauthorized access, fraud, and other security threats associated with identity-related activities.

Also, they all contribute to building trust in digital interactions. Identity acceptance, proofing, and assurance help establish confidence among users, organizations, and systems that identities are legitimate, valid, and secure, thereby facilitating smooth and secure transactions.

The identity assurance level (IAL) required for a given application typically informs the identity proofing methods that must be used.

In regards to lifecycle management of identities, they are interconnected. Identity acceptance initiates the process by recognizing an identity within a given context. Identity proofing validates that identity, and identity assurance ensures its ongoing integrity and trustworthiness throughout its lifecycle.

Compliance with regulatory requirements and industry standards often requires addressing aspects of identity acceptance, proofing, and assurance. Regulations such as GDPR, HIPAA, and others may mandate specific measures to ensure the security and privacy of identities, which may encompass these concepts.

Article Topics

digital identity  |  IAL2  |  identity acceptance  |  identity assurance  |  identity management  |  identity proofing  |  identity verification  |  reusable digital ID  |  standards