Identity Proofing

Identity Proofing requires a specialised set of technologies that target the ability to identify a person against their legal identity. This includes identifying a person against their License or Passport. This is different to Access and Authentication technologies that identify a login to a user account. Identity Proofing can be integrated seamlessly into common Identity Access Management (IAM) solutions that exist. Most IAM solutions will not provide High Levels of Assurance (LoA) built in. This is because of the fact they are different technologies that are often unrelated. This is also because High LoA technologies require rigorous testing against international and national standards. TECH5 is fortunate to be one of the few international Tier 1 suppliers of such technologies.

The Guidelines provided by the Department of Home Affairs Australia

To get an understanding of the Australian guidelines for High Levels of Assurance (LoA) you will want to refer to the National Identity Proofing Guidelines provided by the Department of Home Affairs Australia.

Access and Authentication Systems are not the same thing

IAM systems, sometimes referred to as “Digital Identity” systems, do not always perform identity proofing and their purpose is often not the same. For example when comparing a Passport or License number to a license number at origin (state license authority) you may not be performing required checks to achieve the required levels of assurance. These deficiencies include and are not limited to;

  • You are not checking if the “user” is the “person” that owns the license
  • You are not checking if the person using the license is the person mentioned on the license (even if it is to check differences between identical twins)
  • You are not checking validity of the license document against its holder (this cannot simply be performed using Verifiable Credentials or digitally signed data – for example this is not fulfilled using tamper-proof encryption alone)

Pitfall of relying on data matching or data verification techniques

Data verification techniques rely on origin-sources of the information being signed, often by tamper-proof techniques. This does not mean to say that the data contained in the tamper-proof envelopes are accurate and provide any form of validity against the “user”. Note a “user” and a “person” are two different aspects. The user may not be the person that is being verified since Access and Authentication do not provide that level of verification. This is further compounded by various forms of Cyber attacks that could take place against the accuracy of the data at the source, at transit or at destination (e.g. user device). It is also important to ensure that tamper-proof techniques are also combined with other technologies such as (physical) document security technologies. This is also important to ensure legitimate and offline utilisations of identity documents continue to be maintained regardless. Offline and traditional forms of identity documents are essential for critical cyber resilience scenarios. In the case of identity technologies, going paperless for identity documents is in fact a security risk. It is wise to assume that we have security built into physical identity documents for a very good reason. Such security includes holograms (note that Holograms on physical documents are secure but digital versions of holograms can be replicated, the equivalent in the digital space is known as Cryptographs or Digital Seals – and these, unlike holograms, are not visually authenticated by humans, but by machines). This is why identity proofing requirements should be treated separately to Access and Authentication techniques – it is needless to say that a Passport or License is not the same as a Login. At TECH5 we recognised this need early-on with the additional need for inclusion and offline scenarios for all people.

The Data Sharing Pitfall – Towards Zero Data instead

Data sharing is not necessary. Government utilisations of citizen identity are vastly different to private business utilisations of digital identity. This ensures greater security without the need to share data. It is commonly assumed that data sharing is necessary or beneficial, however we now know otherwise. This approach is explained in what we call the Zero-Data approach to identity verification.

TECH5 Zero Data Digital Identity for National Identity Frameworks. Protect your nation with critical infrastructure planning and offline scenarios. No need for data sharing. Security for consent with data. Digital Identity data governance. High quality Privacy Enhancing Technology (PET).

Pitfall of using QR Codes

QR Codes have limited capability and rely on technologies that can be unpackaged and brute-force attacked. We have seen various attempts and standards in the Identity space focused on QR code implementations. These are repeatedly making the same cyber security mistakes, and such implementers quickly realise the limitations of QR codes and their security. As such, we have formed the unique and only offering on the market that minimises widespread QR Codes security gaps. We introduce the T5-IDEncode product that is specifically designed to secure both visual readers as well as Biometric templates from bad actors or fake identities. This is known as TECH5 Cryptograph or T5-IDencode for credential issuance.

TECH5 Cryptograph is the leading ‘digital seal’ and is not a QR Code. It closes the security gap of QR Codes.

TECH5 Products for Identity Proofing

  • TECH5 Digital ID, that also includes integrations to physical document verification, supporting most passports and licenses internationally: T5-Digital ID
  • TECH5 Cryptograph and Credentials Issuance (not to be confused with IAM, or authentication/login systems): T5-IDencode
  • For identity proofing integration to Authentication, Border Forces, IAM, Digital Identity, KYC, KYB, Logistics, TDIF, Special Forces, Law Enforcement, Verifiable Credentials, Wallets; we also have the emerging T5-Authenticate products
  • Video explaining use cases: Animation showing Digital ID with high Levels of Assurance (LoA) including physical access
  • Video of partnership with document security provider: Lanqart AG

Partnering with TECH5

TECH5 partners with many international and local Solution Integrators. If you are a solution provider we want to hear from you. Contact TECH5 Australia today.

Why Partner with TECH5

TECH5 is uniquely placed as one of the few TIER1 providers of next generation contactless identification technologies. Our contactless Face and Finger technologies are amongst the first accredited and fastest available. They permit the capability of identifying that a person is, who they say they are, seamlessly, using common mobile devices. Without the need for Access and Authentication. Critically without the need to share or propagate data. We call that Zero-Data identification, and best of all it works offline and permits the continued use of traditional identification documents – digitally. This enables peace of mind for critical infrastructure scenario planning. Protect the data, protect the infrastructure. Unique to TECH5. That’s why we are continuing to capture entire regions of the globe with our offerings.