Assurance

["Michael R. Gettes" <>]

This is exactly my intent to have the face of the actor, the picture on the 
ID and the photo of the actor in the ID-Proof app to further verify 
especially when they have university issued ID.

/mrg

On May 30, 2012, at 15:04, Dunker, Mary wrote:

> If an institution issues photo ID cards and keeps those photos in a data 
> base, perhaps the verifying party could compare the stored photo with the 
> video image. Virginia Tech may be interested in exploring video options for 
> remote proofing, and appreciate this discussion.
> 
> Mary
> 
> 
> -----------------------------------------------------------------
> Mary Dunker
> Director, Secure Enterprise Technology Initiatives
> Virginia Tech Information Technology
> 1700 Pratt Drive
> Blacksburg, VA 24060
> 540-231-9327
> 
>  
> --------------------------------------------------------------------
> 
> 
> -----Original Message-----
> From: 
> 
>  
> [mailto:]
>  On Behalf Of Michael R. Gettes
> Sent: Wednesday, May 30, 2012 2:58 PM
> To: 
> <>
> Subject: Re: [Assurance] Remote proofing?
> 
> aren't we all assuming a perfect world where the world we need is "good 
> enough"?  and, have you tried to present an ID via video conf?  Frankly, it 
> looks pretty good.  Additionally, I have the problem of dealing with people 
> from other countries so Notary is problematic there. 
> 
> /mrg
> 
> On May 30, 2012, at 14:54, Roy, Nicholas S wrote:
> 
> 
>       
>       This is a good point, Jacob- the validity of the documents would be 
> harder to determine via video link.  I think this might be a benefit to 
> having a notary look at the documents, if that's something they are trained 
> to do.
>        
>       Nick
>        
>       From: 
> 
>  
> [mailto:]
>  On Behalf Of Farmer, Jacob
>       Sent: Wednesday, May 30, 2012 10:58 AM
>       To: 
> 
>       Subject: RE: [Assurance] Remote proofing?
>        
>       When it has come up at IU, one of the major concerns has been our 
> ability to tell if the ID has been altered over the video link.  Granted, 
> we are not likely to catch a good fake ID even if it's presented in person, 
> but it seems like we could very well miss a poorly altered ID over the 
> video conference link.
>        
>       Jacob
>        
>       From: 
> 
>  
> [mailto:]
>  On Behalf Of David Walker
>       Sent: Wednesday, May 30, 2012 11:53 AM
>       To: 
> 
>       Subject: Re: [Assurance] Remote proofing?
>        
> 
>       I like this general approach.  It also raises the question of whether 
> a video conference link should be considered remote or local.  Clearly, 
> it's geographically remote, but the risks and the proofing process are much 
> more like local proofing.
>       
>       Has anyone implemented identity proofing based on video conferencing? 
>  I've heard it discussed before, but I'm not aware of actual 
> implementations.
>       
>       David
>       
>       On Tue, 2012-05-29 at 19:11 +0000, Michael R. Gettes wrote:
> 
>       I've been mulling this over for some time.
> 
>                
> 
>               Here are my thoughts on a Remote Proofing process we are now 
> mulling over at CMU.
> 
>                
> 
>               There are parts in here to address some CMU problems of 
> issuing 2nd-factor tokens - but you could take that out of the flow and it 
> still is viable.
> 
>                
> 
>               The IDProof App has yet to be written.
> 
>                
> 
>               /mrg
> 
>                
> 
>               Version 1.0
>               
>               Actor = Person to be Identity-Proofed
>               Proofer = Doh!  Could be any full-time CMU staff person 
> appropriately authorized?  Could be Help Center staff?
>               
>               It is assumed the Actor has already been issued an Andrew ID 
> - or must we define this process too?
>               
>               0. Actor and Proofer agree upon method of Video Conference 
> (FaceTime, Google Voice Video, Skype, others?)
>               
>               1. Actor independently obtains physical FOB or downloads soft 
> FOB
>               
>               2. Proofer independently accesses ID-Proof Web App in a 
> "Proofer" role
>               
>               3. Proofer establishes VC with Actor.
>               a.  It is most optimal if someone the Proofer knows is with 
> the Actor as a "chain of custody".
>               
>               4. Actor presents to Proofer Official Photo ID - holding it 
> up to the camera.
>               a.  Proofer verifies photo matches actor's face
>               b.  Proofer records ID Type, Issuer, ID number into ID-Proof 
> Web App
>               c.  Actor provides AndrewID - Proofer validates AndrewID 
> matches Actor
>               d.  Possibility of obtaining digital photo capture of Actor 
> in VC
>               e.  If a "custodian" (see 3a) is present, record custodian 
> AndrewID.
>               
>               5. Process FOB
>               a.  Proofer records Actor's FOB # and AndrewID into ID-Proof 
> Web App
>               b.  Proofer enables Actor's FOB
>               
>               6. Actor verifies authentication and access
>               a. Actor accesses ID-Proof Web App and login as normal user
>               Actor authenticates using Shib SSO and then uses FOB authN on 
> ID-Proof page.
>               b. Actor is presented with a 6 character KEY
>               c. Actor reads KEY to Proofer
>               d. Proofer validates the Actor's KEY with KEY on Proofer's 
> ID-Proof page.
>               e. repeat a-d until success
>               
>               7. Proofer approves Actor in ID-Proof Web App
>               
>               8. End Video Conference
>               
>               9. Proofer authorization
>               a.  If Proofer has privilege to authorize then modify 
> accordingly.
>               b.  If not (9a) then Proofer notifies official authorizers 
> ID-Proof steps completed and provides AndrewID and Name to Authorizers.  
> Authorizers modify accordingly.
>               
>               Done.
> 
>       
> 
>