NFC Verification

Session Initiation

• The user initiates the verification process via your platform or app.
• They scan a QR code or click a link to open the Didit App.
• If using a non-compatible mobile device, the user proceeds with the web-based verification process.

Document Photo Capture

• The user photographs their ID document using our web interface or mobile app. This step captures the visual data of the document.

NFC Support Detection

• Our system checks if the ID document is an ePassport and if the user's device supports NFC. Many modern documents contain an embedded NFC chip that stores crucial data. For devices without NFC support, this step is automatically skipped, and the user continues with standard documentary verification

NFC Scanning

• For compatible devices and documents, the user is guided to place their document against their NFC-enabled device. This initiates the reading of the NFC chip.

Data Extraction

• The system extracts comprehensive data from the chip embedded in the identity document. This includes reading the Document Security Object (SOD) and various Data Groups (DGs) as per ICAO (International Civil Aviation Organization) standards:
  • DG1: Personal Data - Includes first name, last name, ID number, birth date, etc.
  • DG2: Facial Image - A high-resolution digital photo of the document holder.
  • DG7: Signature - Digital representation of the document holder's signature.
  • Additional DGs - May include fingerprints, iris scans, and other biometric data depending on the document's specifications.

Verification and Cross-Validation

• The extracted data is verified through cryptographic methods:
  • Digital Signatures: Each document's chip contains digitally signed data. These signatures are verified against certificates issued by the document issuer (e.g., the government).
  • Certificate Chain Validation: The chain of trust is established by validating the document's certificates against a trusted root certificate, often maintained in a country's master list or the ICAO Public Key Directory (PKD). This ensures that the document has not been tampered with and is indeed issued by a legitimate authority.
  • Certificate Revocation Lists (CRLs): The system checks CRLs to ensure that none of the certificates used in the document have been revoked. This adds an extra layer of security by verifying that the certificates are still valid and have not been compromised.
  • Master Lists: Our system checks against ICAO PKD and other trusted sources for updated certificate information, ensuring the highest level of security.
• The extracted data is cross-validated against the information from the document photo to ensure consistency and authenticity. Any discrepancies can flag potential issues.

Result Notification

• The user is promptly notified of the NFC scanning status. Any discrepancies or issues are highlighted for further action.