6. Create and Issue Level of Assurance 2 Credential
This use case describes the process for creating and issuing a credential at Level of Assurance 2 (LOA2). A credential token meets LOA2 when it uses a single factor for authentication (See Authentication use case), mandates a strong PIN or password, and only transmits credential information using cryptographic protection. LOA2 credentials are usually software tokens and are recognized as LOA2 strength only when paired with identity proofing at LOA2, LOA3, or LOA4.
Pre-condition: An individual has the need for an LOA2 credential.
The individual requests an LOA2 credential token from a Credential Service Provider (CSP). | |
The CSP reviews the individual’s request. If the request is valid, it is approved. | |
The individual establishes a shared secret. This will later be used to authenticate the individual. It is commonly a PIN or password. |
|
The individual verifies token functionality through a test system. |
Post-condition: Individual has an activated LOA2 credential ready for use.
Click here for a consolidated image of this use case.