Link to contents




1 Introduction

1-1 Background

In recent years, several new federal statutes have sought to preserve the ability of the public and private sectors to use the efficiency of the Internet to exchange time-sensitive communications rapidly while ensuring that people receiving and sending messages are in fact who they say they are. A number of top-quality private-sector businesses have mastered the technology of secure digital signatures, and this has increased the demand for improved identity verification for individuals seeking to use digital signatures.

One of the growth strategies presented in the Postal Service's Transformation Plan is to "continue to seek opportunities to leverage our brand and assets to create new products and services with minimal investment." The need for improved "online identity" creates just such an opportunity. Numerous organizations have approached the Postal Service about conducting In-Person Proofing (IPP) - an identity verification procedure in which an Applicant for a digital signature certificate has to go to a Post Office, physically present identification documents, and attest to their authenticity - before the organization will issue the Applicant a certificate. By offering this service, the Postal Service will provide value to the public and enable Internet communications to enjoy a new level of security and reliability.

1-2 Purpose

IPP is a Postal Service program designed to improve the nation's public-key infrastructure. The public-key infrastructure has emerged as an accepted infrastructure component for protecting and facilitating the nation's electronic communications.

1-3 Overview

In this document, the Postal Service establishes the following:

Requirements for Service Providers to include IPP within an identity verification process.

Policy and procedures for individuals who perform IPP.

Requirements for Applicants.

Policy for the use of digital certificates issued pursuant to the policy contained in this document by Applicants and Relying Parties.

Terms and abbreviations used in this publication are defined in Section 12, Terms and Definitions.

1-3.1 IPP Registration Agent (RA)

An IPP Registration Agent (RA) is an authorized employee of the Postal Service, who verifies the identity of Applicants consistent with the policy contained in this document.

1-3.2 Service Provider

A Service Provider is an entity that has entered into a service agreement with the Postal Service for the use of the IPP service.

1-3.3 Applicant

An Applicant is an individual who is directed by a Service Provider to present his or her registration and identification documents to an IPP RA in accordance with a Service Provider's identity validation process.

The Postal Service has established the following minimum criteria for Applicants:

a. An Applicant must be under no legal disability to execute a legally binding and enforceable contract.

b. An Applicant must present at least one of the following non-expired photo IDs to an IPP RA during IPP:

(1) United States passport.

(2) State-issued driver's license.

(3) Federal driver's license.

(4) State-issued (non-driver's) ID card.

(5) Active-duty U.S.-military-issued ID card.

c. An Applicant must present one of the following documents to an IPP RA during IPP that has been received by the Applicant at his or her residential mailing address (identified on the IDVF form):

(1) A current electric bill.

(2) A current water bill.

(3) A current telephone bill.

(4) A state-issued voter registration card (non-expired).

(5) An active insurance policy.

The Postal Service reserves the right to amend the above list of required documents at its discretion.

1-4 Guidelines for Determining Usage

The Postal Service does not determine the required levels of assurance for usage or claims of suitability for specific applications.

To determine the required level of assurance for an application, relying parties should consider various risk factors and conditions, as well as the value of the information, operating environment, and existing mitigating controls placed in practice. Determining the required levels of assurance is the sole responsibility of the Relying Party.