ETSI’s identity proofing standard is becoming more crucial in the world of deepfakes

Earlier this year, the European Telecommunications Standards Institute (ETSI) published an updated version of its standard for remote identity proofing.

ETSI’s TS 119 461 v2.1.1 standard is arriving just as identity proofing is becoming more crucial in the digital world, according to Nick Pope, chair of the ETSI Technical Committee Electronic Signatures and Trust Infrastructures (TC ESI).

“Our work centers around linking real-world people or organizations to identities as represented in the digital domain and this link is provided through identity proofing,” says Pope. “This is becoming more and more important with advances in cloud computing and AI, where the link between the real-world person who can be held accountable in court and what’s going on in the digital domain is becoming more and more difficult.”

Pope spoke at a webinar dedicated to the updated standard, organized by digital identity company Signicat. The event explained how identity proofing is being harmonized across the EU and how the standard is being implemented and connected to eIDAS and the EU’s Anti-Money Laundering Regulation (AMLR).

Identity proofing is the process of verifying that a person’s declared identity is real and authentic.

“Whether you’re using a physical person in present or remote identification using biometrics, and whether you have it overseen by a person or is purely dependent on technology, all of these are covered in the framework,” says Pope.

The updated standard is one of the most important in the European identity area as its scope is identity proofing for trust services, according to Jon Ølnes, tribe lead and product manager for Signing and Trust Services at Signicat. It is also a foundation for the European Banking Authority guidelines for remote onboarding to financial services and for the European Committee for Standardization (CEN) work on onboarding standards to the European Digital Identity (EUDI) Wallet.

“The problem is actually normalizing identity proofing for Europe. That’s the goal,” he says.

Ølnes describes the new standard as a compromise. Several years ago, remote identity proofing was difficult because of the differences in national rules.

“In one short word – chaos,” he adds.

The arrival of the EIDAS 2.0  led to a thorough revision of the standard. Representatives from Signicat and its recent acquisition Inverid demonstrated during the webinar how this standard works.

The duo performed ETSI-compliant remote identity proofing with two alternatives: Optical scanning of an identity document and reading of the chip of an identity document for remote identity proofing.

“ETSI defines the identity proofing process in a very structured way: collect the evidence, validate it, bind it to the applicant and issue an auditable result,” says Silvia Lafuente, tribe lead at Signicat. “These building blocks can be combined into different use cases.”

Lafuente explained that during a remote identity proofing process, the legitimate holder of the document, called the applicant, must be reliably linked to authoritative evidence, such as an ID card or passport. ETSI has several requirements for this process, including capturing a high-quality facial image, which will become a biometric anchor used to bind the document’s attributes to a person.

The next step is automated face matching, followed by security checks, such as liveness checks, presentation attack detection (PAD) and injection attack detection.

“ETSI actually gives several standards to serve as guidelines to achieve all this,” she notes.

Bob Hulsebosch, compliance officer at Inverid, discussed how to provide identity document certification services for numerous eIDAS trust service providers and financial institutions.

The process is performed by reading a chip from an ID document through a mobile app and NFC, followed by confirming that the chip and the data on it are authentic. To verify the document holder, a facial image from the chip is compared with a selfie picture.

ETSI plans to continue working on other standards, including those related to identity. The organization is also working closely with international groups building ISO standards, user communities and providers, according to Pope.

“We’re just starting a three-year program of standards supporting the digital identity wallet,” says Pope. “We’ve got a number of standards just coming up for approval at the end of this month, and have a further two years of testing and enhancing these standards.”

Article Topics

biometrics  |  digital identity  |  ETSI  |  ETSI TS 119 461  |  identity proofing  |  remote identity proofing  |  Signicat  |  standards