To fully embed mod.id into your software read this document.
Key Features
Mob.ID encompasses a broad range of identity capabilities:
- High assured document centric, real world identity proofing. Where the document is verified against the source itself and is assessed for tampering or counterfeiting.
- Capability to provide confidence in the genuine presence of the identity owner.
- High assured Enterprise specific Identity Provisioning derived from the legal identity of the person.
- Cloud based access based upon the derived identities.
The solution consists of two parts:
- A free smartphone app SDK for Android and Apple iOS.
- A backend trust process:
- To collect and manage the public keys from all the countries for proofing (ICAO-based) eMRTDs.
- A machine learning based testing for genuine presence (also commonly referred to as “liveness detection,” more formally as presentation attack detection).
- A trust process to provide and verify enterprise specific (derived) identities.
- Cloud based enterprise access environment utilizing Web Application Firewall.
Mob-ID combines multiple fully integrated capabilities for the identity proofing process to make it more secure and private. Integration with other vendors is based upon API calls or the use of the front-end SDK.
Mob.ID is aware of possible demographic bias and follows development closely.
Identity Proofing
Seeking high confidence in the identity of customers continues to remain an imperative across a number of use cases in many industries. Identity proofing is the combination of activities during an interaction that brings an identity claim within organizational risk tolerances, such that:
- The real-world identity exists.
- The individual claiming the identity is, in fact, the true owner of that identity and is genuinely present during the process.
Identity proofing traditionally focuses on use cases in which an organization is interacting with someone for the first time. Mob.ID focusses on high assured identity proofing and after the user has proven himself, the so-called root-identity (legal identity) is stored on the phone for re-use under full control of the user itself. When the user requests access for account opening, registration, application or enrollment or other use, after consent of the user a new derived identity is provisioned and stored on the phone. This identity is unique and used for account opening, account management, access to the enterprise physically or virtually, etc.
Mob.ID is a document-centric, real-world identity proofing solution that enables organizations to obtain a high level of confidence in a customer’s identity. It is accomplished by remote digital channels, whereby the chip of the passport is accessed by the phone and assessed for signs of tampering or counterfeiting, then the biometry read from the chip is compared with a “selfie” and genuine presence is checked with liveness detection. It fully meets the Gartner definition for identity proofing. The submission of the image of the identity document and the selfie and the content of the chip are tightly integrated in the identity proofing software of Mob.ID. The identity assurance achieved with this capability is very strong, because its based upon legal PKI signatures with a irrisputable legal assurance, relying on not only “something only you have” and something only you are” with “something that can be legally proven” and “something that can be checked for alterations”.
When an identity is verified it is being stored back on the phone of the user. Result is that all this data can be used for data-centric, real-world identity affirmation. The starting point is the real identity of the person and makes more reliable cross referencing and correlation in other sources possible, i.e. eKYC processing for Politically Engaged People and/or Money Laundering and/or Terrorism Financing . This correlation increases the confidence in a customer due diligence process. The identity assurance achieved with this capability in combination with the document-centric approach is very high.
During initialization of the app on the phone, the information about hardware and software are combined to create a unique device identifier (fingerprint). This fingerprint is used to secure the privacy sensitive data and protect the authenticity of the device. PKI is used for authentication, signing and confidentiality. It is also available for isolated device focused identity affirmation, i.e. low risk access where a low assurance level is enough. It also is used to confirm that the specific device is used for identity proofing.
Digital attributes, such as email addresses, telephone numbers, addresses, biometry and other attributes can be added to the derived identities to be leveraged for identity affirmation purposes. The correlation of these digital attributes with real-world identities yields trust or risk signals during the identity-proofing process.
Mob.ID doesn’t use behavior-analytics-focused identity affirmation. Phone-number-focused identity affirmation is not part of the initialization process. The telephone number can be an attribute of a derived identity and as such used for affirmation purposes.
Mob.ID follows the market and converges fraud detection and user-authentication and data breaches are limited to ONE person. Because the data is stored on the phone of the user and not in a central datastore. So if there is a breach it can only be with one user. Mob.ID is an ideal solution for every organization that needs to accelerate its identity proofing due to covid-19 towards high assured identity proofing.
Mob.ID has responded to the needs and the opportunities of the pandemic. The SDK needed for document-centric identity proofing is offered for free.
Mob.ID is an identity solution where a user has the sovereign capabilities to self-manage and use its own digital identity. Mob.ID also offers cloud access management with the highly assured derived electronic identities as foundation for access. No hassle with passwords, it’s fully user-centric and uses strong protection. Service providers can be enabled to trust Mob.ID derived high assured identities for the purpose of authentication and access to digital services, as well as for validated identity attribute sharing.
Mob.ID uses and includes the government issued electronic identities in passports and ID cards. These identities offer the strongest level of assurance, because they are backed by identity proofing from several sources. From a BYOI perspective, these identities are often leveraged for scenarios that require a high level of trust or for identity proofing. Mob.ID uses the ICAO 9303, machine readable travel documents that have been chip-enabled since 2009, to offer a high degree of protection against forgery. Mob.ID also checks the documents against their source in a closed loop. Consequence is that the assurance level has the same legal impact as the document itself!
Mob.IDs identity proofing is based upon trust processes needed to prove an identity and as such have orchestration capabilities. Examples are adding biometry as fingerprinting or mug shots or iris biometry to the workflow or adding additional information such as addresses and telephone numbers and email addresses in the identity proofing process.
Mob.ID enables scalable and flexible identity proofing and affirmation processes. It ensures a human-centric view of identity proofing that allows organizations to obtain an acceptable level of confidence in a customer’s identity. Through a combination of checking and verifying the authenticity and integrity of the documents, face recognition and liveness detection, users can not only assure the legal identity of a person but also prevent fraud with identities.
Identity Ecosystem
To achieve confidential identity proofing and provisioning and access management, Mob.ID provides such features as a complete identity proofing Ecosystem: face recognition and liveness check, verification of personal identity and authenticity of ID document, ID document integrity check, and secure backend to separate the unsecured end-user environment. The backend is doing the heavy lifting for verification of the authenticity, integrity, originality of the document and face and liveness detection of the person. Mob.ID uses the same ecosystem structure and content that countries use to verify passports from visiting nationals.
Mob.ID is a strong identity proofing and provisioning solution with a complete full 360 view, Mobile and secure Identity Ecosystem. With Mob.ID users are securely verified against their legal identity. The result is stored on the phone of the user. None of this identity data is stored in the Mob.ID Identity Ecosystem. The user is the only one who has that information and the user decides who has access to it or can use it. It’s a Self Sovereign Identity made and controlled by the user.
The Identity Ecosystem contains all the globally recognized and protected by law and regulation authentication keys of all the published signatures of all the countries (194) These signatures are the only means to determine if an identity is a legal identity.
The published signatures (source data of all global issued eMRTD’s (Passports and ID cards)) used by all countries worldwide are collected through a trust process. Further processing in the Identity Ecosystem verifies if the passport is an original or not and if its issued by a country or organization, if it has been changed or not and if it is valid or not. Then the user is verified and checked to see if the user is present at that specific time. When done the result is protected and stored back on the phone of the user.
Mob.ID also follows the ICAO (passport) specifications and security architecture. By doing so, Mob.ID raises the identity proofing standard globally in order to create a 100% Legally Trusted Identity. It enables the organizations to use a legal identity as basis for their identity-proofing processes as CDD (Customer Due Diligence), KYC (Know Your Customer), CIP (Customer Identification Program), and AML (Anti-Money Laundry).
Identity provisioning
Mob.ID enables an organization to define their own “company” identities. These can be extended with attributes like biometry, address information, telephone number, email address, employee number, company name, department, etc. This information is added to the identity credentials the user gave consent for and then protected and stored on the phone of the user. This derived identity can only be verified by the publisher, so the information is secure. This derived identity is to be used for access. It’s a completely protected and secure trust process. The user has one root identity (legal identity) and many personas (derived ID’s) that are unique. Each persona is unique to the organization using them.
Mob.ID simplifies the process of making and maintaining an eID for the organization (derived identity). The Enterprise ID is an electronic identity specific for the organization and can only be used by that organization. For these derived identities Mob.ID uses the ICAO standard for eMRTDs. The trust processes are also according to the same standards. PKI is used to the fullest extent to secure all processes and data, either stored or in transit. During transit the communication itself is protected, ensuring the intended receiver/requestor receives the communication, the content is also protected by pki ensuring the intended requistor/receiver is the only one who can read the content and check authenticity and integrity. This is a proven standard in use since 2009 widespread with more than 5,5 billion users. The data stays private, staying in transit for verification. Once it is written on the phone of the person, it’s wiped.
Fraud detection
Mob.ID offers fraud detection, identity proofing and user authentication to increase trust in a transaction or an identity assertion and identify malicious or anomalous activity. The organization obtains confidence in a customer’s identity as the foundation for remote interactions with users. MOB.ID uses verification against the source in combination with face recognition and liveness detection to counteract identity fraud. Mob.ID protects against several types of identity and document fraud:
- Forged documents
- Counterfeit documents
- Blank stolen documents
- Fantasy or camouflage documents
- Impostor or ‘look-a-like’ documents
- Compromised documents
With Mob.ID an organization can focus on:
- Augmenting identity proofing processes to deter new account fraud.
- Protecting the integrity of the login process to prevent account takeover (ATO).
- Verifying identities for identity fraud to proactively detect suspicious transactions
The Mob.ID app runs on Apple iOS and Android phones. Mob.ID brings it to market as a ready to run out of the box SDK. It can be downloaded for free. Using the free SDK an organization can add Mob.ID functionality in their own solutions. Mob.ID can also augment functionality on a request basis.
As identity proofing and provisioning as a service, Mob.ID is ready to serve dominant financial institutions, corporates, and FinTech entrepreneurs to bring to market trusted identity verification solutions supported by a strong and immediate business case. As a result, users can use Mob.ID as a tool of choice for identity, privacy protection, and verification. For onboarding new hires for organizations, using eKYC by financial institutes, or detecting identity fraud.