IAL2 Credentialing Policy and Practice Statement

1. Introduction

This Credential Policy and Practice Statement (Policy), applies to all Identity Assurance Level 2 (IAL2) identity verifications via the Airside Digital Identity App (Airside App), in accordance with the NIST Special Publication 800-63A Digital Identity Guidelines. This Policy was approved for publication on June 1, 2022. All IAL2 identity verification shall be performed in accordance with the terms and procedures herein.

The IAL2 identity verification service requires a person to download the Airside App from the Apple App Store or the Google Play Store. For purposes of this Policy, that person is referred to herein as an “End-user.” “Relying Parties” are parties with whom an End-User may share their verified digital identity.

Upon successful completion of the digital identity verification processes described herein, the End-user obtains a recorded digital identity at IAL2, which: (1) confirms that valid evidence (Passport or Driver’s License) supports the real-world existence of the End-user’s claimed identity, and (2) verifies that the End-user is appropriately associated with the real-world identity. Please note, the term “validation” as used in this Policy refers to the process of confirming that a Passport or Driver’s License are legitimate, valid documents. The term “verification” refers to the process of verifying that the End-User is the actual person presented in the Passport or Driver’s License.

Using the Airside App on their mobile device, the End-user is directed to take a selfie and scan documentary evidence (Passport or Driver’s License). If the evidence is confirmed as authentic and validated with the issuing source, it will further be verified by biometric comparison of the End-user’s selfie and documentary evidence. End-users who are permitted to enroll and proof their identity using the Airside App at an IAL2 level must be able to present an e-Passport or a Real ID compliant driver’s license. Please note that driver’s licenses from the following U.S. states are not permitted for purposes of IAL2 identity proofing under this Policy: AK, CA, LA, MN, NH, NV, NY, OK, SC, UT, WV. In addition, End-users must be at least thirteen years of age to utilize Airside’s IAL2 verified identity service.

1.1. Risk Management; Scope

Airside maintains a risk management process and has performed an assessment of privacy and security risks related to identity enrollment and proofing sessions. In conducting the assessment, the following points have been determined:

• Airside will not perform any additional steps to verify the identity of the End-user beyond the mandatory requirements specified in NIST SP 800-63.

• Airside performs a comprehensive privacy risk assessment on an annual basis. The assessment is performed in connection with Airside’s NIST SP 800-63 compliance, and in connection with its ongoing SOC2—Type 2 certification status. The areas of emphasis within Airside’s annual privacy risk assessment include: (a) the procedures for the prevention, detection and correcting of security violations; (b) sanctions for non-compliance; (c) the review of audit logs, access reports and security tracking reports; (d) the maintenance of policies and procedures for limiting access to personally identifiable information (PII); (e) conducting annual security awareness and training for all Airside personnel; and (f) maintaining policies and procedures to ensure appropriate due diligence is performed on all third-party providers who may access PII in connection with Airside’s identity verification services.

• Airside will maintain a record of the identity proofing session, including an audit log, containing all steps taken to verify an End-user’s identity, an End-user’s acknowledgements, acceptances, consents, verification activity, the types of identity evidence presented during the proofing process, and any errors that may have occurred. Evidence is recorded as a series of auditable events within the Airside system that uniquely (via secure hash) identify the origin documents and verification that took place. As of the date of this Policy, such records are retained in perpetuity.

• Airside will conduct its risk management process at least once every six months, and whenever there is a material change to this Policy, at which point(s), Airside will assess privacy and security risks, accounting for: (1) any steps that Airside will take to verify the identity of the End-user beyond any mandatory requirements specified herein; (2) the records Airside will collect and maintain as a record of identity proofing; and (3) the record retention schedule accounting for applicable laws, regulations, contracts, and policies.

1.2. Privacy Considerations; End-user Notification & Acceptance

To participate in the Airside enrollment and proofing process, the End-user will provide specific personal information, including, but not limited to their e-mail address, first and last name, date and place of birth, sex, address of record, telephone number, driver’s license number and/or passport number, and biometric information (including “selfies” and portrait images from passports and driver’s licenses enrolled into the Airside App). Such information is required by Airside to reliably confirm the End-user’s identity documentation for use in asserting an End-user’s identity. Failure to provide the necessary identity information will result in an unsuccessful identity proofing and verification, in which case the End-user may contact technical support at any of the e-mail addresses provided in section 5 below.

Airside protects End-user personal information by using a decentralized approach in which there is no central database and no master encryption key. No Airside employee or representative can access any personal information data of an End-user. All personal information is stored and managed exclusively within the Airside App on the End-user’s mobile device.

In transit and at rest, all personal information is encrypted. At rest, the Airside App uses AES with a minimum 256bit key length stored on their device keychain/keystore, and protected using native device access protections, including an End-user’s Touch ID, Face ID, or device PIN. When personal information is shared, confidentiality is maintained by having the End-user and the Relying Party exchange content encryption keys specific to the two parties. This ensures that the only parties that can view the information captured for the document are the End-user and any licensed Relying Party the End-user authorizes to see it. Documents are always associated to a specific device. Transference of device keys is not possible. Use of the Touch ID, Face ID or device PIN is required in each instance an End-user accesses the Airside App.

End-users are provided the ability to delete their personal information from the Airside App at any time. They are also provided the ability to revoke prior consent of access to shared identity information from Airside or Relying Parties at any time (unless regulatory requirements prohibit revocation). The Airside Privacy Policy is accessible at airsidemobile.com/privacy-policy.

2. Resolution of End-user to a Unique Identity; Collection of Identity Evidence

Airside performs the following procedures to resolve the End-user to a unique identity.

2.1. Account Activation; How to Subscribe

Prior to capturing core attributes and identity evidence, an End-user is required to enter their mobile device Touch ID, Face ID, or device PIN to access the Airside App. The End-user may thereafter provide an e-mail address, to which Airside sends a unique six-digit verification code. The End-user may confirm their email address by entering the verification code on the Airside App. The enrollment code is valid for no longer than twenty-four hours. Once the account is activated, the mobile device Touch ID, Face ID, or device PIN is required each time the End-user accesses the Airside App.

2.2. Core Attributes/Personal Information & Identity Evidence

Airside collects a set of core attributes from the End-user to establish a unique representation of the End-user’s identity and enable the appropriate level of validation and verification to comply with IAL2 requirements. The core attribute set, set forth in the following paragraph, has been determined to provide the most effective identity resolution, while limiting the number of attributes to the minimum necessary to resolve the End-user to a unique identity. This ensures the most appropriate balance of the End-user’s privacy and usability needs. Core attributes are mandatory and required to successfully complete the process. With the exception of an End-user’s e-mail address, initial IAL2 verification involves collecting all core attributes and identity evidence simultaneously as further described below.

Following account activation, the End-user is directed to take a “selfie” and upload identity evidence (driver’s license or passport) using the Airside App document scanner. The End-user’s core attributes, including first and last name, date of birth, sex, address of record, driver’s license number or passport number, and digital photograph from the passport driver’s license are thereafter resolved to establish a unique identity of the End-user. The unique representation of the End-user’s identity will be used as the basis to validate and verify that claimed identity to the individual presenting the information.

2.3. Strengths and Qualities of Evidence

To establish a valid identity at IAL2, Airside will accept one piece of Superior identity evidence from the End-user. The types of evidence Airside accepts and the reasons for their designated strengths are explained in the table below. 

Evidence Type	Strength	Justification of Strength of Evidence Type
e-Passports; U.S. Real-ID Driver’s License	Superior	The issuing source of the evidence confirmed the claimed identity by following written procedures, which are subject to recurring regulatory oversight and are designed to enable it to have high confidence that the source knows the real-life identity of the subject. The issuing source visually identified the End-user and performed further checks to confirm the existence of that person. The issuing process for the evidence ensured that it was delivered into the possession of the person to whom it relates. The full name on the evidence is the name that the person was officially known by at the time of issuance. The evidence contains a photograph, biometric template, and at least one reference number that uniquely identifies the person to whom it relates. The evidence includes digital information that is protected using approved cryptographic or proprietary methods, or both, and those methods ensure the integrity of the information and enable the authenticity of the issuing source to be confirmed. The evidence includes physical security features that require proprietary knowledge and proprietary technologies to be able to reproduce it.

2.4. Collection of Evidence

Airside uses the following methods to capture digital identity evidence:

e-Passports. This type of passport must have an electronic Near Field Communication (NFC) chip embedded in the cover, which is usually identified by an e-Passport gold square symbol on the front cover, located under the country of origin. The NFC chip contains the holder’s name, date of birth, other biographic information, and one or more biometric identification features, and a contemporary digital photograph (e.g., “selfie”) of the End-user.

This type of evidence is captured by using the mobile device camera to align the Machine Readable Zone (MRZ) code at the bottom of the passport in the drawn field on the Airside App. When the code is correctly positioned, the field color will turn green. Thereafter, the NFC chip reader on the End-user’s mobile device is used by placing the mobile phone directly on the passport’s NFC chip, which is normally embedded in the front or back cover. In some cases, the End-user may need to open the passport and place their device on the inside of the passport.

Real ID Driver’s Licenses. This type of evidence is captured by using the document scanner within the Airside App to scan images of the front and back of the driver’s license. The End-user’s biographic information is extracted through a combination of object character recognition (OCR) and MRZ processing, as applicable.

3. Validation of Identity Evidence

This section documents the processes Airside uses to confirm that the evidence is authentic and that the data contained on the identity evidence is valid, current, and related to a real-life subject.

Airside will examine the identity evidence provided by the End-user and validate it against issuing or authoritative sources to determine that the presented evidence:

• Is authentic and not a counterfeit, fake, or a forgery;
• Contains information that is correct; and
• Contains information that relates to a real-life subject.

Validation of the accuracy, authenticity, and integrity of the type and strength of the identity evidence provided will be accomplished as described below.

Superior	Method(s) of Validation
Strong	The evidence is not expired. The evidence has been confirmed as genuine by using appropriate technologies, confirm the integrity of physical security features and that the evidence is not fraudulent or inappropriately modified. All personal details and evidence details have been confirmed as valid by comparison with information held or published by the issuing source or authoritative source(s).
Superior	The issued evidence is not expired. All personal details and details from the evidence have been confirmed as valid by comparison with information held or published by the issuing source or authoritative source(s).

3.1. Validating the Authenticity and Integrity of Identity Evidence

Passenger identity documentation (driver’s license and passport) go through biographic and biometric validation by comparison to information held by issuing authorities/authoritative sources.

e-Passports. The document scanner within the Airside App scans the MRZ on the face of the End-user’s passport. Biographic and biometric information is thereafter validated via NFC SOD, and International Civil Aviation Organization (ICAO) Public Key Directory (PKD). This process validates the accuracy of the identity information contained in the evidence, the authenticity and integrity of the evidence against the issuing source, and the existence of a real-life subject.

Real ID Driver’s Licenses. Once the driver’s license is scanned and uploaded to the End-user’s mobile device, the document is verified as authentic by comparison against a database of driver’s license templates. The biographic and issuer information therein is verified against the issuing source, via the American Association of Motor Vehicles Administrators (AAMVA) Driver’s License Data Verification Service. This process validates the authenticity and integrity of the evidence against authoritative sources, the accuracy of the identity information contained in the evidence, and the existence of a real-life subject.

4. Verification of End-user to Claimed Identity

4.1. Passports & Driver’s Licenses

The End-user’s identity evidence will be verified by a biometric comparison of the End-user’s selfie and photograph on passport or driver’s license, using technology within the Airside App. The biometric comparison ensures that the End-user owns the claimed identity. When the End-user’s selfie and document portrait photo match biometrically, the End-user is successfully verified and enrolled.

4.2. How Credentials are Delivered

The End-user‘s digital identity credentials are delivered via the Airside App immediately, where they will remain on the mobile device in an encrypted state. They may thereafter delete individual identity documents within the Airside App or delete the Airside App entirely from their mobile device. This will result in deletion of all identity documents and credentials. Airside cannot trigger the deletion of identity documents or credentials remotely.

5. Potential Errors in Proofing and Enrollment

This section outlines the errors that may occur during the identity evidence collection, validation and verification processes, and what an End-user must do to continue the proofing process.

Evidence Collection, Validation and Verification.

“Selfie” capture error. An End-user may encounter an error in the process of taking and uploading a “selfie” into the Airside App. In those instances, the End-user will be advised to make sure they remove any masks, face forward, keep a straight face, keep their eyes open, and ensure they are the only person in the picture. End-users have an unlimited number of attempts to remedy this type of error.

Passport scanning error. An End-user may encounter an error in the process of uploading a passport into the Airside App. In those instances, the End-user will be advised to ensure the passport has not expired and confirm that it has an electronic NFC chip embedded in the cover, which is usually identified by an e-Passport gold square symbol on the front cover, located under the country of origin. The End-user will be further advised to use the camera to align the MRZ code at the bottom of the passport in the drawn field on the app. When the code is correctly positioned, the field color will turn green. The End-user will be advised to use the NFC chip reader by placing the mobile device directly on the passport’s electronic chip, which is normally embedded in the front or back cover. In some cases, the End-user may need to open the passport and place the device on the inside of the passport. To read the chip on a U.S. passport, the End-user will need to open the back cover and place the phone about 1/3 down from the top. They can move the phone around until it picks up the chip. End-users have an unlimited number of attempts to remedy this type of error.

For errors using the NFC chip reader, the End-user must place the phone directly on the passport’s electronic chip, which is normally embedded in the front or back cover. In some cases, the End-user may need to open the passport and place the device on the inside of the passport. End-users have an unlimited number of attempts to remedy this type of error.

Driver’s license scanning/uploading errors. The Airside App is compatible with devices using iOS version 14.0 or later and Android version 7.0 (API level 24) or later. End-users using earlier versions of iOS and/or Android operating systems and mobile devices that are not NFC capable will not be able to access the Airside enrollment and proofing services. For scanning errors encountered during the process of uploading a driver’s license, the End-user is advised to find a stable, well-lit environment to avoid distortion or glare on the driver’s license, and to hold the rectangle outline over your license to frame it, moving closer to- or away from the license until a picture of the license is taken. If the picture is not readable, the End-user should tap “retake” and repeat the process. If the picture is readable, the End-user should tap ”scan” to scan the back of license in the blue oval. End-users have an unlimited number of attempts to remedy this type of error.

Apart from the requirements to upload a driver’s license and/or passport, Airside does not discriminate with respect to who may utilize its enrollment and identity proofing services.

5.1. Redress of End-user Complaints – Data Deletion

In the event an End-user fails to successfully complete the proofing and enrollment process, the End-user will be notified within the Airside App. The End-user will not be notified of the specific reason(s) why the registration failed, but will be informed that such failure may be redressed via in-app support features, including FAQs and customer support. Depending on the nature of the request, this may include collaboration with our integrated verification partners who perform some of the activities described in this document. In addition, Airside complies with applicable privacy regulations, many of which require us to provide our customers with data erasure and data subject access requests.

End-users may seek further support for redress of any complaints by contacting Airside via e-mail at [email protected], [email protected], [email protected], or [email protected].

Data Deletion

The CCPA and GDPR provides consumers with the right to request that a business disclose what PII it holds about the consumer. The CCPA defines this as a “request to know,” which includes specific pieces of PII held by the business; categories of PII it has collected; categories of sources from which the PII is collected; categories of PII sold or disclosed about a consumer for a business purpose; categories of third parties to whom the PII was sold or disclosed for a business purpose, and the business or commercial purpose for collecting or selling PII. Likewise, consumers have the right to request deletion of their PII.

As noted previously, the Airside App does not share an End-user’s personal information with third parties without their express consent, nor is such information saved permanently in any centralized database. Once verified, the sole copy of an End-user’s digital documents resides only on their device.

If an End-user added an ID or document, such as a passport, to the app, they can delete their individual documents or the app entirely. This will result in the deletion of all their documents. Airside cannot trigger the data removal of the documents on the mobile device remotely. Airside will retain a minimal amount of information tied to the End-user’s identity, including their confirmed email address.

A data deletion request will also include deletion of the account. Upon receipt of a request to know or for data erasure, Airside will confirm receipt within 10 days and will provide an explanation of Airside’s verification process and when the End-user should expect a response. Thereafter, Airside will respond within 45 days, beginning on the day the request was made. Where necessary, an additional 45 days, but no more than 95 days, may be taken to respond to a request. In those instances, Airside will provide notice and an explanation for the extension.

For requests to delete, Airside will either permanently and completely erase the PII from its systems, de-identifying the PII or dis-aggregating the PII. In any response to a deletion request, Airside will specify the manner in which it has deleted the PII and maintain a record of the request.

To remove an End-user’s PII from the app on the mobile device, the End-user can either keep the app installed and delete your verified documents, or uninstall the app, which will result in the erasure of your information from your device.

Requests to know or for data deletion may be submitted to via e-mail at [email protected], [email protected], [email protected], or [email protected].