cidaas ID Validator

The cidaas ID Validator offers an innovative, fully-automated, and eIDAS-compliant digital identity check for different documents like an ID card, passport, driving license, etc. Agile and intuitive AI models help verify the identity documents and the liveness of a person quickly.

Introduction

Purpose of this Document

  1. To provide an overview about the cidaas ID Validator, its use cases and advantages.
  2. To provide a brief on the legal context of its usage.
  3. To help the user learn how to integrate the cidaas ID Validator including:

    • The setting that needs to be configured.
    • Understanding the different ways to integrate the identification into your business process.
    • Understanding the different ways to customize the UI.

Overview

  1. The cidaas ID Validator provides a complete intelligent automation-driven identification service, a system that's the first of its kind in the market.
  2. It runs on the cidaas platform and is implemented based on the latest concepts and technologies that guarantee maximum availability. Modern interfaces allow easy integration of the cidaas ID validator.
  3. The cidaas ID Validator exploits Machine Learning models to perform ID verifications quickly and reliably.
  4. For ID and passport verification, the cidaas ID validator complies with the highest European Standards for digital identification according to eIDAS. The defined processes and technologies are used for driver's license verification, ensuring the highest quality and security.

Key Advantages

  • Cost: The cost per authentication with the cidaas ID Validator is 4.50€ for an eIDAS compliant verification (slightly less for other verifications) compared to 10-16€ per verification for other verification procedures such as Video identification.
  • Fully Automated: There is no need to interact with an employee, making it more convenient for the user.
  • No Waiting Time: The system can handle multiple cases simultaneously, so users do not have to wait before starting the identity verification.
  • eIDAS Compliant: The cidaas ID Validator will provide a certified eIDAS compliant identity verification that meets the highest market standards.

What is eIDAS?

The eIDAS Regulation (Electronic IDentification, Authentication, and Trust Services) standard was established in 2016. It sets out EU-wide regulations on electronic identification and electronic trust services to create a uniform framework across all the 28 EU member states and the European Economic Area. It is a milestone towards creating a predictable regulatory environment and intends to help businesses, citizens, and public authorities carry out secure and seamless electronic interactions.

You can learn more here.

Business Use Cases and Scenarios

The need for strong identity verification based on ID documents has become more prominent and critical in the modern digitized world. Especially in highly regulated industries like financial service providers for processes like opening a bank account (GWG), etc.

Identity theft is a grave concern for legitimate users whereas cyber criminals benefit from it. Thus, Know Your Customer (KYC) plays a crucial role in different industries. As new and innovative digital channels are introduced and scaled in the retail sector, and not all customers want to identify themselves on-site at the customer service desk, strong, online identification procedures are mandatory and in-demand.

Since mobility is also transforming business models, cidaas' Digital ID Validation is carving a niche in the following areas:

  • Identification for online business transactions: For specific contracts and business transactions like credit conclusion, the opening of a bank account, purchase of a prepaid SIM card, etc., an identity check is required by law. If these contracts are concluded online, the identity check with the cidaas ID Validator offers the advantage that the customer can quickly and comfortably carry out this check without interrupting the business process. In addition, the cidaas ID Validator will provide an eIDAS compliant and, therefore, secure and certified identity verification.
  • Car rental: When renting vehicles, it has to be ensured that the customer has a valid driving license. Often an identity check is added. This can be done conveniently with the cidaas ID Validator online and with only one check (if the identity check does not have to be eIDAS compliant).
  • Onboarding new employees: When new employees are onboarded in the company, they get many rights and access to sensitive data. Under certain circumstances, an identity check is necessary. This can be done reliably and quickly with the cidaas ID Validator.
  • Identification at events/restaurants: Due to the pandemic situation, frequent identity checks will likely become mandatory in the future at events such as concerts, sporting events, etc., or even when visiting restaurants, or museums. Thus, the cidaas ID Validator is useful in speeding up the verification process and reducing manual efforts.
  • Identification for official services: For official services and application verification during car registration, employee onboarding, etc., identification is paramount. Many of the services are already available online or being digitized. Here, the cidaas ID Validator helps perform the identity check so that the user can complete the relevant applications and services online.

Getting Started

Signup with cidaas' ID Validator

To start using cidaas' exclusive ID Validator, you have to first sign up with us.

We offer ID Validation services for Single Sign-on, Social Logins, MFA, Consent Management, and more.

The price per validation depends on the type of validation you opt for. Here is the pricing list.

Validation Type Cost per Validation Features
Card Validation 1,50 €
  • Automated ID verification.
  • ID recognitionID verification.
  • Reading out the ID data.
  • API or SDK integration.
  • No real-time checking.
  • Fraud detection (Digital manipulations detection).
  • Verification of ID documents (Banking and Insurance).
Identity Validation 2,50 €
  • Automated digital identity verification.
  • ID recognition.
  • ID verification.
  • Face recognition and matching.
  • Liveness Detection.
  • Real-time testing.
  • Fraud detection
  • Perfect for all applications without any special legal framework (driver's license test, age test, etc. ).
Legal Validation 4,50 €
  • Automated digital identity verification.
  • ID recognition.
  • ID verification.
  • Face recognition and matching.
  • Liveness Detection.
  • Real-time testing.
  • Fraud detection
  • eIDAS-compliant (Banking and Insurance).


To know more, please click here or contact our support team for further assistance.

How do I Integrate cidaas with my Business?

Admin Dashboard

The first step for cidaas integration is to create an Admin Dashboard Consent. Click here to learn more.

Admin Dashboard App Creation

ID Validator App

On the ID Validator app, you need to do the following.

1. Create a new application which is required for running the id-validation process.

2. Add the following scopes.

You can find more information on scopes here.

3. Set the following registration fields.

You can find more information on registration fields here.

4. Finally, enable the consent.

Customer-UI App

On the Customer-UI app, you need to do the following.

1. Create a new second App which can be used by your business to log in the user.

2. Add the following scopes.

3. Set the following registration fields.

User UIs (Customizations - Whitelabel)

The options to customize the UI include providing the following:

  • A custom primary color
  • A custom secondary color
  • A logo
  • A background image

These changes can be made in the Admin-UI App setting either when creating the app, or later at any time.

Providing a Custom Primary Color

Click on the ColorPicker in the App's Primary Color section and select the desired color.

Providing a Custom Secondary Color

Click on the ColorPicker in the App's Accent Color section and select the desired color.

For changing the Logo, please provide the url of the logo's public accessible image.

Providing a Background Image

For changing the background image, please provide the url to a public accessible image to be used.

Webhook Service

The Webhook Service typically connects two different applications (the trigger and the action applications) and is a way for one app to provide the other with real-time information on a process using JSON requests and responses.

To set up the Webhook Service on your app using the cidaas ID Validator, you'll need to do the following.

1. Create a new Webhook.

2. Subscribe the Webhook to the ID_VALIDATION_FINISHED event.

3. Provide a POST endpoint to accept the data.

4. Ensure that data is coming from your system by setting up an API key for the endpoint.

Example: Webhook Data

{
    "eventtype": "ID_VALIDATION_FINISHED",
    "sub": "852a5685-07fa-4954-8082-45d194f6ba19",
    "createTime": "2021-06-21T14:03:51.219Z",
    "providerName": "Id-validator-backend",
    "client_id": "4a9e74ea-2823-4698-9841-dca782935874",
    "userId": "852a5685-07fa-4954-8082-45d194f6ba19",
    "metaData": {
        "case_id": "ddbd6b32-332f-409b-a7f7-1607f2fc6b54",
        "status": "FAILURE"
    }
}
Note: The status can either be FAILURE when the case has been rejected by the cidaas system or SUCCESS if it has been validated.

Flows - User Management Scenarios

This section covers how to manage users when they are already registered in advance on cidaas, and when they register for the first time on cidaas.

User Management is done with the client-id of the Customer-UI-App.

Login user

Generate a request ID

Endpoint:/'authz-srv/authrequest/authz/generate'

Body

{
   "client_id": <client_id>,
   "redirect_uri": <redirect_uri>,
   "response_type": <response_type>,
   "scope": <scope>,
   "nonce": <nonce>
}
Variable Allowed Values Description
client_id string The ID of the application that asks for authorization.
redirect_uri any valid url Holds a URL. A successful response from this Endpoint results in a redirect to this URL.
response_type string Tells the Authorization Server which OAuth 2.0 response type is supported.
scope string A space-delimited list of permissions that the application requires.
nonce string A randomly generated, encrypted token used to prevent the theft of user ID used during basic authentication.

Register the User

POST Endpoint:

/user_srv/register

Body:

{
   "username": <user_name>,
   "provider": <provider>,
   "given_name": <given_name>,
   "family_name": <family_name>,
   "birthdate": <birthdate>,
   "customFields": {​​​​​​​​
      "age": <age>,
      "document_number": <document_number>
   }​​​​​​​​
}
Variable Allowed Values Description
username string This is often the given_name and family_name together but can be any other name as well.
provider string The service provider that does the ID Validation.
given_name string The given name of the user that should also include second name if available.
family_name string The family name of the user.
birthdate String Format: 1980-01-01 T0 0:00:00.000Z The DOB of the user.
age integer The user's age.
document_number string The reference number of the document used for ID Validation.

Login after Registration

POST Endpoint:

//login-srv/login/handle/afterregister/:track_id

Body

loginAfterRegisterForm

After login, the user will be redirected to the id-validator.

User with an Account but not Logged in

auth-z call Endpoint:

/authz-srv/authz?response_type=token&client_id=&viewtype=login&redirect_uri=/id-validator

After login, the user will be redirected to the id-validator start page.

User Logged in to an Existing Account

No special steps required, continue with start validation.

Steps to Integrate

1. First, register and login to Customer-UI-App following the steps mentioned in the previous section.

2. To start the validation process, the following endpoint needs to be called with a valid access_token.

Endpoint:

/id-validation?action=start

Body:

{
  "verification_type": "CARD_VALIDATION"
  "identification_type": "GER_ID_CARD", // type of identification e.g. GER_ID_CARD, GER_DRIVER_LICENSE
  "redirect_url":"https://wewillcall.aftervalidation/?case-id=4711" // callback url which we could call after validation process
}
Variable Allowed Values Description
verification_type CARD_VALIDATION, IDENT_VALIDATION, LEGAL_VALIDATION Type of certification/validation. Please see pricing here https://www.cidaas.com/de/servicepakete-id-validator/
identification_type GER_ID_CARD, GER_DRIVER_LICENCE, GER_PASSPORT, GER_RESIDENCY_PERMIT The document that will be used for identification.
callback_url any valid url URL which will be called after the verification process has been completed.


If the provided data is valid, this call will redirect the user to the ID Validation UI. If not, the user will be prompted for data such as (age, document number, surname, given name, birthdate) and also requested for their consent to start the process.

About our Admin Dashboard

Overview Page

The Overview page on the Admin Dashboard looks like this.

Here, a list of all the cases that have been completed or aborted are displayed, in addition to the following:

  • An overview of all the cases.
  • The time when the cases have been started.
  • The ID Card that was used.
  • The ID of the person who conducted the case validation.
  • The possiblity of getting the detailed information on the case.

Detailed View

Video Section

This section displays the list of videos collected from the client-side depending on the card type used for ID validation. Each video varies from the other, wherein there is one video of the front side and another of the backside for legal verification. For identity documents with important information on the backside, like most national ID cards, a backside video will also be included.

Extracted Faces from a Person

This section in the admin dashboard contains three images of the face of a person. Depending on the person's movements, these images can vary a little or be similar.

Extracted Faces from an ID Card

This section contains three selected images of a person's passport photo.

Extracted Cards

This section displays a view of the extracted identity document for cards with both the front and back sides included.

Extracted Information

This section displays all the information extracted from the identity document.

Where to find this information on the German id card?

Front Side View

# Extracted Information
1 Surname including the birth name of the identity card holder.
2 Given name of the identity document holder.
3 Date of Birth.
4 Place of Birth.
5 Expiry date of the identity document.
6 Nationality of the document holder.
7 Document Number.
8 Card Access Number.

Backside View

# Extracted Information
1 Eye Color
2 Height
3 Date of Issue
4 Issuing Authority
5 Machine Readable Zone
6 Checksum Birthdate
7 Address
8 Checksum Expiry Date
9 Checksum Document Number
10 Overall Checksum

Overall Summary

This section displays an overview of all the system checks performed and the system decisions taken as a result of these checks. A reference image of this section is shown below.

Checks Performed on the Admin UI-Overall Summary Page

The cidaas ID Validator Admin UI (Overall Summary page) shall display a checklist of validation questions for the user and the system's response to each of those questions with a success icon for successful validation and error icon otherwise.

Does the person on the ID document and the person in the facial recognition match?

The ID Validator checks and compares the person being validated against the person on the ID card. If the biometric parameters of both match, the check is validated.

Did you use the front of a real ID document?

Authentic ID cards have several different holograms that can be used for validation. On the German identity card, one or more of these holograms can be found on the front side and can be used for validation.

You can find more details here.

This system check is done for the follwoing front-side security elements of the German ID card.

Type of Security Element Image Reference
OVC - Optical Variable Color
OVD - Identigram, contrast reversion
OVD - Identigram, HOLOGRAPHIC SHADOW PICTURE
OVD - German Eagle

Did you use the back of a real ID document?

Similar to the front side validation of the German ID card, authenticity verification holograms can be found on the backside as well.

You can find more details here.

This system check is done for the following backside security elements of the German ID card.

Type of Security Element Image Reference
OVD - CLI (Changable Laser Image)
security thread containing user data

Did a real person do the facial recognition?

For this verification, the system verifies if the person was following the points with his eyes. Suppose a person is not looking on the screen or is not following the points on the screen, this check is rejected.

Are the checksums correct?

The Machine Readable Zone (MRZ) contains checksums that can be verified by applying some mathematic functions to the extracted data. You can find the information on how to calculate the MRZ checksum here. If this check gets through, the checksum is validated.

Is the ID document used valid?

The validity of an identity document is given if all of the following checks can be answered with a Yes.

  • Is the expiry date of the document in the future>
  • Is the issue date of the document in the past?
  • Is the time gap between the issue date and expiry date 10 years (might be different for some identity documents) or 6 years if the person is below 24 years old?

Do the front and back sides of the ID document match?

This check is validated if the front and back sides belong to the same document type, e.g., German Identity card.

Does the data (name, date of birth, etc.) on the front and back match?

This check is done to validate if data such as the expiry date, birth date, surname, given name, and document number present on the front and the back sides of the German identity card match.

Does the data on the ID document match your profile information?

If the user was registered using the surname, given name, and birth date; they also needs to provide their age and document number when initiating the validation process. This data is compared to the data on the identity card. This check is validated if both the data match.

If a validation attempt has been identified as fraudulent, it is mandatory to report this to the Bundesnetzagentur.

Therefor we provide a report button to initiate the action and provide additional information. In addition the expert info can be provided via a text field where the video and image data collected will also be sent.

If the validation went fine and checked by an expert, the expert labels will be stored with the Submit button.

If you face any issues while using the cidaas ID Validator, please visit our support page for further assistance.



results matching ""

    No results matching ""