BSI TR-03147 Assurance Level Assessment of Procedures for Identity Verification of Natural Persons
Secure, doubtless identification of persons is necessary in the most diverse areas of daily life. Examples include crossing borders, concluding contracts or administrative processes, especially digital e-commerce and e-government processes.
In this context, it is important to reliably prevent and detect fraud attempts, for example identity theft or the pretence of a non-existent identity. In practice, very different procedures with widely varying levels of trust have become established for establishing identity.
TR-03147 makes it possible to evaluate different procedures for (initial) identity verification with regard to their trust level and thus to make them comparable. The criteria for the trust level evaluation take into account both the scope and the quality of the measures. Thus, TR-03147, complementary to TR-03107-1, relevant for eID
systems and procedures, describes the threats and requirements for procedures for identity proofing and identity verification of natural persons based on ID documents (e.g. identity card or passport). TR-03147 describes the concrete requirements for secure identity verification based on the structure shown in Figure 1.
In line with TR-03107-1, TR-03147 also takes into account that the required minimum trust level varies from service to service. The same categories "normal", "substantial" and "high" as in TR-03107-1 are used to assess the trust levels of different procedures. In addition, the requirements for the trust levels "normal", "substantial" and "high" are defined in such a way that the minimum requirements for the security levels "low", "substantial" and "high" defined in the eIDAS VO are fulfilled, respectively, as far as they concern ID proof and ID verification. BSI TR-03147 Vertrauensniveaubewertung von Verfahren zur Identitätsprüfung natürlicher Personen, Version 1.0.6
An informative English version 1.0.6 is provided here:
For an evaluation of procedures for identity verification, the requirement catalogue of the Technical Guideline and the checking report template of the Technical Guideline can be used additionally. Informative English versions are provided here:
