Give us a call
Call us at +41 41 555 20 40
The Communication between the DocVal Server and the chip is end-to-end encrypted. The data captured from an eMRTD can be easily transmitted as JSON to subsequent applications and processed at the customer’s site.
The DocVal Server is a unique software application that reads, decrypts and validates embedded chip data in ICAO compliant eMRTDs. The software enables the secure and effortless identity verification and KYC programs for multiple use cases to achieve an advanced level of security and authentication.
We provide the DocVal Server as an effortless installable Docker image, that can be easily deployed as a Docker container on-premise in the customer environment. Docker environments can be flexibly scaled and made highly available so that KYC onboarding processes can be carried out securely and with short response times.
In order to meet the increasingly stringent data protection requirements, the DocVal server does not store any personal data and serves as a gateway between the chip on an eMRTD and the customer’s applications and KYC processes.
If the NFC Chip supports the Active Authentication Protocol or the Chip Authentication Protocol, the DocVal Server can verify that the chip was not cloned.
File is optional. The Card Access file must be present and contain public key info for the Access Control protocol PACE, if PACE is supported by the chip.
The SOD is a file on the Chip. The SOD is implemented as a SignedData Type. The content is signed by a document signing certificate which in turn is signed by the issuing country of the eMRTD.
The SOD contains a hash value for each Data Group present on the Chip. The Inspection System knows which Data Groups are present on the Chip after reading the SOD.
Contains the MRZ Info (as printed on the data page of the identity document).
Contains one or more Face Info. At least one Face Info with a photo of the face is mandatory.
The Inspection System uses an Access Key to access the Chip. An Access Key can be derived from MRZ (Machine Readable Zone) or from the CAN (Card Access Number). The CAN is optional and may be printed on the document.
For Access Control two protocols exist:
BAC is deprecated and has been replaced by the newer PACE.
PACE employs asymmetric cryptography to provide higher session entropy keys and therefore a better encryption of the communication between Chip and Inspection System. The file CardAccess with public key info for PACE must be present on the chip.
After Access Control the communication between Inspection System and Chip is secured with a symmetric encryption.
With Passive Authentication, the integrity and authenticity of the data (like MRZ info, photo of face) is verified based on a list of trusted country certificates. The Document Validation Server implements the steps as they are described by ICAO in Doc9303.
Verifies that the Chip is not cloned. The Active Authentication protocol is optional and may therefore not be supported by all eMRTDs.
Verifies that the Chip is not cloned and establishes new encryption keys (encryption-key, message-authentication-key) for the encrypted communication between Inspection System and Chip. CA has a similar purpose than AA but is the newer protocol that additionally strengthens the encryption for the communication between Inspection System and Chip.
The Chip Authentication protocol is optional and may therefore not be supported by all eMRTDs.
Most organizations have set up powerful Docker environments in recent years, into which the DocVal Server Docker image can be easily deployed. Docker environments can be flexibly scaled and made highly available.
The DocVal Server reads, decrypts and validates identity data from the integrated chip of ICAO compliant eMRTDs. The data captured from an eMRTD can be easily transmitted as JSON file to subsequent applications and processes.
Instantly verify passports, ID cards, driver’s licenses and other identity documents to attract more customers.
The OVD Kinegram DocVal Server ensures a secure and seamless customer experience. It’s designed to make identity verification easy, fast, and fraud-proof, regardless of credential.
Give us a call
Call us at +41 41 555 20 40
Contact by e-mail
Contact us via our contact form.
Personal meeting
Arrange a personal meeting.