Verizon announced certification for issuance of level three identity tokens, as defined by the U.S. government. The company is the first to be certified to issue credentials that have a “high confidence in the asserted identity’s validity.”
In 2010, Verizon introduced its Universal Identity Service, a cloud-based offering for identity management, says Tracy Hulver, chief identity strategist at Verizon. This latest certification will be added as an option to that service.
The Universal Identity Service performs the identity vetting, credential issuance, authentication and access management, Hulver says. “This service lowers the bar for entry for two-factor authentication,” he says.
Verizon enables two-factor authentication on a smart phone, landline or email, Hulver says. Smart phone users download a one-time passcode generator or receive a passcode via a text. With the other two options, OTPs are sent to those media and used for authentication. Smart cards and OTP tokens are also available, as options but most users have opted for using the smart phones, he adds.
The level three designation means Verizon is using multifactor authentication where multiple credentials – such as a user ID and a phone – are required to gain access to government and corporate networks. This enables more rigorous identity vetting aimed at lowering risk.
The Kantara Iniative verified Verizon’s credentials against the Identity Assurance Framework. In November, The Kantara Initiative announced its approval by the U.S. Government Services Administration as a Trust Framework Provider program certifying levels of assurance one, two, and three non-crypto – non-PKI.
Verizon plans to offer the new service to corporate customers and eventually sees it working with consumers and the National Strategy for Trusted Identities in Cyberspace.