Zetes project @Brussels, Belgium (2021). Identity proofing consists in verifying for a given level of assurance that a person, who is claiming an identity, is indeed the correct person. This identity proofing process can be performed manually by a human operator, either on site (through physical presence) or online (remotely through videoconference), but also automatically (e.g. fully automated online or in a controlled environment).
At the European level, the European Telecommunications Standards Institute (ETSI) is working on technical specification ETSI TS 119 46 to lay the foundations on a new identity proofing standard, whose aim is to be applicable in areas such as the issuance of electronic identity (eID) and Know Your Customer (KYC) processes, with several person types considered: natural person, legal person, and natural person representing a legal person.
One of the objectives of this specification is to provide controls against two main identity proofing threats:
- Falsified evidence: A person claims an incorrect identity using forged evidence;
- Identity theft: A person uses valid evidence associated with another person.
Therefore, implementing identity proofing requires a risk-based and outcome-based approach where requirements can be tuned up to a desired level of assurance (i.e. degree of certainty) of the result, depending on the context (e.g. purpose of the identity proofing, regulatory environment, acceptable risk regarding the result of the process).
In this project, my tasks are related to the analysis of technical specification ETSI TS 119 46 so as to investigate what parts of the identity proofing process are already developed and available at Zetes (and therefore could be reused), how the missing parts can be implemented in practice and what are the possible impacts of the implementation on the existing products and solutions.