7. Create and Issue Level of Assurance 3 Credential
This use case describes the process for creating and issuing a credential at Level of Assurance 3 (LOA3).
A credential token meets LOA3 when it uses multiple factors for authentication (see Authentication Use Case), includes regular online checks that the credential is still valid, and includes strong cryptography.
LOA3 credentials can be either hardware or software tokens and are recognized as LOA3 strength when paired with identity proofing at LOA3 or LOA4.
Pre-condition: An individual has the need for an LOA3 credential.
|A sponsor requests a credential for the individual.
Sponsor should be an official who can verify the individual’s need for a credential.
|The approval authority reviews the sponsor’s request. If the request is valid, it is approved.|
|The CSP generates the credential token and assigns it to the individual.
Issuer could be a person or a system.
|The CSP securely issues token to the individual.
Delivery could occur through encrypted email, secure mail, or an authorized in person issuer.
|The individual is prompted to activate the token and establish a memorized secret.
This will later be used to authenticate the individual. It is commonly a PIN or password.
|The individual verifies token functionality through a test system.|
Post-condition: Individual has an activated LOA3 credential ready for use.
Click here for a consolidated image of this use case.