8. Create and Issue Level of Assurance 4 Credential
This use case describes the process for creating and issuing a credential at Level of Assurance 4 (LOA4).
A credential token meets LOA4 when it uses multiple factors for authentication (see Authentication Use Case), includes regular online checks that the credential is still valid, and includes a strong cryptographic module.
LOA4 tokens are exclusively hardware-based and are recognized as LOA4 strength only when paired with identity proofing at LOA4.
Pre-condition: An individual has the need for an LOA4 credential.
|A sponsor requests a credential for the individual.
Sponsor should be an official who can verify the individual’s need for a credential.
|The approval authority reviews the sponsor’s request. If the request is valid, it is approved.
Review and approval could require a background investigation.
|The CSP generates the credential token and digitally assigns it to the requested individual.|
|The registrar verifies the individual’s identity using biometric data, then delivers the token.|
|The registrar prompts the individual to activate the token and establish a memorized secret.|
|The individual verifies token functionality through a test system.|
Post-condition: Individual has an activated LOA4 credential ready for use.
Click here for a consolidated image of this use case.