1 Introduction
In recent years, several new federal statutes have sought to preserve the
ability of the public and private sectors to use the efficiency of the Internet to
exchange time-sensitive communications rapidly while ensuring that people
receiving and sending messages are in fact who they say they are. A
number of top-quality private-sector businesses have mastered the
technology of secure digital signatures, and this has increased the demand
for improved identity verification for individuals seeking to use digital
signatures.
One of the growth strategies presented in the Postal Service's
Transformation Plan is to "continue to seek opportunities to leverage our
brand and assets to create new products and services with minimal
investment." The need for improved "online identity" creates just such an
opportunity. Numerous organizations have approached the Postal Service
about conducting In-Person Proofing (IPP) - an identity verification
procedure in which an Applicant for a digital signature certificate has to go to
a Post Office, physically present identification documents, and attest to their
authenticity - before the organization will issue the Applicant a certificate. By
offering this service, the Postal Service will provide value to the public and
enable Internet communications to enjoy a new level of security and
reliability.
IPP is a Postal Service program designed to improve the nation's public-key
infrastructure. The public-key infrastructure has emerged as an accepted
infrastructure component for protecting and facilitating the nation's electronic
communications.
In this document, the Postal Service establishes the following:
Requirements for Service Providers to include IPP within an
identity verification process.
Policy and procedures for individuals who perform IPP.
Requirements for Applicants.
Policy for the use of digital certificates issued pursuant to the
policy contained in this document by Applicants and Relying
Parties.
Terms and abbreviations used in this publication are defined in Section 12,
Terms and Definitions.
An IPP Registration Agent (RA) is an authorized employee of the Postal
Service, who verifies the identity of Applicants consistent with the policy
contained in this document.
A Service Provider is an entity that has entered into a service agreement with
the Postal Service for the use of the IPP service.
An Applicant is an individual who is directed by a Service Provider to present
his or her registration and identification documents to an IPP RA in
accordance with a Service Provider's identity validation process.
The Postal Service has established the following minimum criteria for
Applicants:
a. An Applicant must be under no legal disability to execute a legally
binding and enforceable contract.
b. An Applicant must present at least one of the following non-expired
photo IDs to an IPP RA during IPP:
(1) United States passport.
(2) State-issued driver's license.
(3) Federal driver's license.
(4) State-issued (non-driver's) ID card.
(5) Active-duty U.S.-military-issued ID card.
c. An Applicant must present one of the following documents to an IPP
RA during IPP that has been received by the Applicant at his or her
residential mailing address (identified on the IDVF form):
(1) A current electric bill.
(2) A current water bill.
(3) A current telephone bill.
(4) A state-issued voter registration card (non-expired).
(5) An active insurance policy.
The Postal Service reserves the right to amend the above list of required
documents at its discretion.
The Postal Service does not determine the required levels of assurance for
usage or claims of suitability for specific applications.
To determine the required level of assurance for an application, relying
parties should consider various risk factors and conditions, as well as the
value of the information, operating environment, and existing mitigating
controls placed in practice. Determining the required levels of assurance is
the sole responsibility of the Relying Party.
|