Get Certified Credentials

Cryptographically bind a user’s physical identity to a digital identity

About Certified Credentials

Whether you’re providing services to healthcare organizations or partnering with them, a DirectTrust Identity Certified Credential can make exchanging information secure and simple. Maintaining regulatory compliance and meeting the requirements of new partners can be stressful and complex. Healthcare organizations require the DirectTrust Identity Trust Framework for standardizing trust when communicating between organizations.

This allows you to purchase one credential and reuse it with many of your customers or partners. DirectTrust Identity federated trust can eliminate the costly and complex process of engaging with multiple identity credential issuers or acquiring project-specific credentials for every new customer, supplier, or partner.

Identity Credentials whose issuers are members of the SAFE Identity Federated Trust Community:

  • Cryptographically bind the user’s physical identity to a digital identity that computers can understand
  • Are recognized by the FDA and EMA
  • Are 21 CFR Part 11 and 21 CFR Part 1311 compliant

Read more about the widespread uses and benefits of digital identity from the button below.

Read More

QPL Products

Check out the products listed on the QPL

See More

Certified Credentials can be used for

Digital Signatures


 Human Device
  • Sign agreements, consent forms, and web forms
  • Obtaining consent from patients
  • Digitally signing lab notebooks for patent defense
  • Compliance (21 CFR Part 11, 21 CFR part 1311)
  • Code signing
  • Ensure integrity of data leaving device
  • Identify which device information originated from
  • Firmware/code signing

Authentication


 Human Device
  • Authentication of external identities
  • Physical access control
  • Smartcard login
  • Anti-counterfeiting
  • Device metadata -serial number, make, model, manufacture date, GUID

Federation


 Human Device
  • Leverage Enterprise PKI for communication with vendors
  • Rely on externally issued vendor credentials
  • Passwordless authentication to medical devices
  • Insurance-backed external identity credentials
  • Offloading expense and management of credentials to vendors
  • Birth certificates for medical devices
  • Industry-standard for identifying medical devices
  • Securely communicate and trust medical device identities

Encryption


 Human Device
  • Email encryption between organizations
  • Document encryption between organizations
  • End-to-end encryption between devices, patients and organizations

Certified Credentials

About Certified Credentials

For a better understanding of the differences between the certified credential providers, please see the chart below.

For a list of all Certified Products, visit the Qualified Products List.

Learn more about issuing your certified credentials here.

Check your Certificate

Verify if a certificate is certified within the DirectTrust Identity community

Certificate Checker

Assurance Level Criteria Comparison

Assurance Level Description 800-63-2 800-63-3 ID Proofing Cyber Insurance Credential Providers
IAL AAL
Basic Software This credential offers a basic level of assurance where risks and consequences of data compromise are not considered to be of major significance.  Private keys are stored in a FIPS 140-2 level 1 software module. LoA 3 IAL 2 AAL 2
  • Permits Remote ID Proofing
  • Applicant provides document numbers from at least two pieces of documentary evidence (i.e., drivers license, passport, etc.)
  • Documents must be valid and unexpired
  • Documents must be verified with the issuer or other authoritative source
  • Issuer sends enrollment code to the postal address of record
Basic Hardware This credential offers a basic level of assurance where risks and consequences of data compromise are not considered to be of major significance.  Private keys are stored in a FIPS 140-2 level 2 or higher HSM and require two-factor authentication to activate the private key. LoA 3 IAL 2 AAL 3
  • Permits Remote ID Proofing
  • Applicant provides document numbers from at least two pieces of documentary evidence (i.e., drivers license, passport, etc.)
  • Documents must be valid and unexpired
  • Documents must be verified with the issuer or other authoritative source
  • Issuer sends enrollment code to the postal address of record
Medium Software This credential is appropriate for environments where risks and consequences of data compromise are moderate.  Private keys are stored in a FIPS 140-2 level 1 software modules and require two-factor authentication to activate the private key. LoA 3 IAL 2 AAL 2
  • In-person ID Proofing
  • One national government-issued picture ID or two non-national government-issued IDs
  • ID information is verified to ensure legitimacy
  • All documentation must be valid and unexpired
 $1,000,000 USD per incident

OR

$1,000 USD per transaction
Medium Hardware Highest level of assurance level assessed by SAFE. This credential offers maximum security for both identity proofing and private key protection when transacting with high value assets and information. Private keys are stored in a FIPS 140-2 level 2 or higher HSM and requires two-factor authentication to activate the private key. LoA 4 IAL 2 AAL 3
  • In-Person ID Proofing
  • One national government-issued picture ID or two non-national government-issued IDs
  • ID information is verified to ensure legitimacy
  • All documentation must be valid and unexpired
 $1,000,000 USD per incident

OR

$1,000 USD per transaction
Machine Medium Software This level is associated with non-human subscribers (devices) that operate in environments where risks and consequences of data compromise are moderate.  This may include transactions involving access to private information where the likelihood of malicious access is substantial.  At this level, there must be a human sponsor who takes responsibility for the device and who undergoes an in-person identity proofing process on behalf of the device.  Private keys are stored in a software cryptographic module on the device. LoA 3 IAL 2 AAL 2 Machine Operators:

  • In-person ID proofing
  • Personal credential with an assurance level equal to or higher than that being requested for the machine
  • Machine ID and attributes (if any)
 $1,000,000 USD per incident

OR

$1,000 USD per transaction
Machine Medium Hardware This level is associated with non-human subscribers (devices) that operate in environments where risks and consequences of data compromise are moderate.  This may include transactions involving access to private information where the likelihood of malicious access is substantial.  At this level, there must be a human sponsor who takes responsibility for the device and who undergoes an in-person identity proofing process on behalf of the device.  Private keys are stored in an embedded hardware module on the device. LoA 4 IAL 2 AAL 3 Machine Operators:

  • In-person ID proofing
  • Personal credential with an assurance level equal to or higher than that being requested for the machine
  • Machine ID and attributes (if any)
 $1,000,000 USD per incident

OR

$1,000 USD per transaction
Group Basic Software Similar to Basic Software, this assurance level is relevant to environments where risks and consequences of data compromise are not considered of major significance and hardware-based cryptographic modules are not practical.  Access to these private keys is shared by authorized group members, such as members of a project team, and may be used for access control, data encryption or email security.  Group certificates cannot be used to assert non-repudiation in a digital signature. LoA 3 IAL 2 AAL 2
  • Permits Remote ID Proofing
  • There must be a designated Group Sponsor who holds an individual credential at the same or higher assurance level
  • Group Sponsor identifies all group members
  • All group members must undergo ID Proofing
  • Group members must provide document numbers from at least two pieces of documentary evidence (i.e., drivers license, passport, etc.)
  • Documents must be valid and unexpired
  • Documents must be verified with the issuer or other authoritative source
  • Issuer sends enrollment code to the postal address of record
Group Basic Hardware Similar to Basic Hardware, this assurance level is relevant to environments where risks and consequences of data compromise are not considered of major significance and for which individual identity is not a factor.   Private keys are stored in FIPS 140-2 level 2 or higher hardware-based cryptographic modules that require two factors of authentication to access and activate the private key.  Access to these private keys is shared by authorized group members, such as members of a project team, and may be used for access control, data encryption or email security.  Group certificates cannot be used to assert non-repudiation in a digital signature. LoA 3 IAL 2 AAL 3
  • Permits Remote ID Proofing
  • There must be a designated Group Sponsor who holds an individual credential at the same or higher assurance level
  • Group Sponsor identifies all group members
  • All group members must undergo ID Proofing
  • Group members must provide document numbers from at least two pieces of documentary evidence (i.e., drivers license, passport, etc.)
  • Documents must be valid and unexpired
  • Documents must be verified with the issuer or other authoritative source
  • Issuer sends enrollment code to the postal address of record
Group Medium Software Similar to Medium Software, this assurance level is relevant to environments for which hardware-based cryptographic modules are not practical, and for which individual identity is not a factor.  Access to these private keys is shared by authorized group members, such as members of a project team, and may be used for access control, data encryption or email security.  Group certificates cannot be used to assert non-repudiation in a digital signature. LoA 4 IAL 2 AAL 2 Machine Operators:

  • In-person ID Proofing
  • There must be a designated Group Sponsor who holds an individual credential at the same or higher assurance level
  • Group Sponsor identifies all group members
  • All group members must undergo ID Proofing
  • All group members must provide one national government-issued picture ID or two non-national government-issued IDs
  • ID information is verified to ensure legitimacy
  • All documentation must be valid and unexpired
 $1,000,000 USD per incident

OR

$1,000 USD per transaction
Group Medium Hardware Similar to Medium Hardware, this assurance level is relevant to environments that require a high degree of private key protection, but for which individual identity is not a factor.  Access to these private keys is shared by authorized group members, such as members of a project team, and may be used for access control, data encryption or email security.  Group certificates cannot be used to assert non-repudiation in a digital signature. LoA 4 IAL 2 AAL3 Machine Operators:

  • In-person ID Proofing
  • There must be a designated Group Sponsor who holds an individual credential at the same or higher assurance level
  • Group Sponsor identifies all group members
  • All group members must undergo ID Proofing
  • All group members must provide one national government-issued picture ID or two non-national government-issued IDs
  • ID information is verified to ensure legitimacy
  • All documentation must be valid and unexpired
 $1,000,000 USD per incident

OR

$1,000 USD per transaction

DirectTrust Identity

Learn More about DirectTrust Identity

Identity FAQs

Read FAQs about DirectTrust Identity