Specifications for IGC Certificates

Identity-Proofing Level of Assurance (LOA) is defined by the U.S. National Institute of Standards and Technology (NIST) in Special Publication (SP) 800-63-2. Depending on the type of certificate selected, IGC Certificates include LOA3 or LOA4 identity-proofing as follows:

LOA3 identity-proofing is generally automated; however, in some cases, in-person identity-proofing may be used

LOA4 identity-proofing requires an in-person appearance before an authorized agent for identity verification

Lesser assurance credentials based on LOA1 or LOA2 identity proofing are not offered under IGC.

IdenTrust offers multiple types of IGC certificates that are issued to individuals representing himself or herself (unaffiliated) or representing himself or herself as an individual who is affiliated with an organization (affiliated). Some IGC certificates can also be issued to individuals who reside outside of the U.S.

IdenTrust also offers medium assurance device certificates to secure your hardware and communications.

Visit our IGC Product page for product profiles and current pricing.

IGC Basic Assurance Certificates and IGC Medium Software Certificates may be retrieved through your browser, which stores the certificate private key in your local operating system certificate store. When retrieving software certificates, they should always be configured for high security, which means a password will be always be required to access the locally stored private key.

IGC Basic Assurance on Hardware and IGC Medium Hardware Certificates require certificate private key storage in an IdenTrust-provided hardware device (i.e., smart card or USB token) separate from your local operating system/browser. The certificates are retrieved through your browser and appear in your local operating system certificate store; however, the private key is installed onto the hardware device. To use a hardware certificate, the device must be inserted into your system (unless you are using an OTP device) and you must provide the device password before any application may make use of your certificate private key. All IdenTrust provided hardware devices are certified at FIPS 140-2 Level 2 or higher for cryptographic functions.

IGC PIV-I Certificates are stored on a special type of smart card called a PIV card. PIV cards are required to meet NIST specifications created specifically for PIV, and must be on a U.S. Federal Government Approved Product List APL. IdenTrust supplies only APL-approved PIV cards for storage of IGC PIV-I certificates.

IGC certificates can be issued to the following:

• Unaffiliated individuals: Persons who will use an IGC certificate to transact business on his or her own behalf. These certificates only assert the identity of an individual and have no affiliation with an organization.
   
• Affiliated individuals: Persons who will use an IGC certificate to transact business as an authorized representative of the business with which he or she is affiliated. These certificates assert the identity of an individual and confirm that the individual is associated in some manner with an organization as an employee or contractor.
   

Some use cases, such as Electronic Prescriptions for Controlled Substances (EPCS,) typically require only the identity of the individual to be asserted. Other uses cases, such as when an individual is acting on behalf of their employer, may require the individual’s identity and association with an organization to be asserted as an attribute within the certificate.