Edit this page

8. Create and Issue Level of Assurance 4 Credential

This use case describes the process for creating and issuing a credential at Level of Assurance 4 (LOA4).
A credential token meets LOA4 when it uses multiple factors for authentication (see Authentication Use Case), includes regular online checks that the credential is still valid, and includes a strong cryptographic module.
LOA4 tokens are exclusively hardware-based and are recognized as LOA4 strength only when paired with identity proofing at LOA4.

Actors and Systems Key for Images Actors and Systems Key for Images

Pre-condition: An individual has the need for an LOA4 credential.

1. Request Issued A sponsor requests a credential for the individual.
Sponsor should be an official who can verify the individual’s need for a credential.
2. Request Approved The approval authority reviews the sponsor’s request. If the request is valid, it is approved.
Review and approval could require a background investigation.
3. Token Generated The CSP generates the credential token and digitally assigns it to the requested individual.
4. Token Delivered The registrar verifies the individual’s identity using biometric data, then delivers the token.
5. Token Activated The registrar prompts the individual to activate the token and establish a memorized secret.
6. Functionality Verified The individual verifies token functionality through a test system.

Post-condition: Individual has an activated LOA4 credential ready for use.

Click here for a consolidated image of this use case.