Browser-based Account Recovery IDV Module (AR-IDV)
šÆ Purpose
The Browser-based Account Recovery IDV (AR-IDV) module is the comprehensive identity verification system that validates user identity when they cannot access their normal authentication factors. It provides multiple verification methods to accommodate different user situations while maintaining security standards.
šļø AR-IDV Architecture
š Web Application Design
- Modular Component: Built as independent web application flow
- Redirect-Based: Operates through secure redirect-based integration
- Flexible Integration: Can be called from REL-ID portal or customer systems
- Security-First: Maintains security throughout verification process
š Integration Model
š AR-IDV Process Overview
The AR-IDV module operates through four sequential steps:
- Access Code Validation: Verify user control of registered communication channels
- IDV Method Determination: Select appropriate identity verification method
- IDV Method Execution: Perform chosen identity verification
- Credential Activation Redirect: Route user to credential re-establishment
š Security Model
š”ļø Security Principles
- Multi-Factor Verification: Multiple verification steps required
- Configurable Security: Administrators control available verification methods
- Secure Transitions: All handoffs between steps properly secured
- Audit Trail: Complete logging of all verification activities
š Security Validation
| Security Aspect | Implementation | Purpose |
|---|---|---|
| User Existence | Database validation | Confirm user account exists |
| State Verification | Account status check | Ensure account can be recovered |
| Method Availability | Configuration check | Verify IDV methods are enabled |
| Token Management | Secure token generation | Maintain security across steps |
Updated 4 months ago