NFC-Based Identity Verification Adds Greater Security
Today, almost every country issues electronic identity documents such as e-Passports, e- Driver’s licenses, and e-ID cards. These types of documents are widely used and considered to be the most secure. They help to securely identify the owner and provide protection against identity theft. Their key feature is an electronic RFID chip that holds data that can be read and verified with NFC-enabled smartphones.
NFC (near-field communication) verification is a reliable and secure method of identity proofing.
Electronic identity documents include biographic and biometric data—vital personal and biometric information, such as name, gender, photo, signature, or fingerprints that are cryptographically secured and signed with a certificate of the country of origin. All this makes counterfeiting NFC-enabled documents a much harder task.
Regula is on the cutting edge of NFC verification technology, and leverages both mobile NFC verification and complete server-side verification to additionally confirm the genuineness of a chip.
eIDs Verification with Regula
Perform an extra check with a complete server-side verification of NFC chips where the session is re-verified on a server for both chip and data authenticity.
Out-Of-The-Box NFC Verification
There are various types of electronic identity documents such as ePassports, national eID cards, eDLs (driver’s licenses), and electronic residence permits. All of them can be scanned and verified with NFC-enabled smartphones and specialized IDV software.
Data records in international electronic documents are standardized in accordance with ICAO 9303 and BSI Technical Guideline TR-03105 part 5.1 and 5.2. As for domestic electronic documents, data records can be done in accordance with the issuing authority guidelines, which are different from international ones.
Regula’s NFC-enabled verification technology enables authentication of diverse international and domestic identity documents with electronic RFID chips. It is fully compliant with ICAO 9303 standards, BSI Technical Guideline TR-03105 part 5.1 and 5.2, and supports ISO/IEC 14443-3 and ISO/IEC 14443-4 communication protocol standards.
In addition to ID verification, Regula Document Reader SDK enables NFC reading and verification of logical data structure for ePassports, eIDs, eDLs and eSign, where eSign is used in conjunction with other applications, such as eID, providing additional functionality to document verification.
Regula NFC verification is backed up by the world’s largest document template database, with over 13,000 templates of IDs issued in 247 countries and territories. This lets Regula know what data an electronic document should contain, where it is located, what data groups the RFID chip includes, what language it is in, whether the data is in the local language (e.g., the name, at the discretion of the issuing country) and transliterate it if needed, and even if a document should have an RFID chip or not and detect if a chip is absent or damaged.
Complete Server-Side Verification
Despite the fact that NFC-based document verification can be successfully completed on smartphones/edge devices, they are not enough, as there is a risk of verification results being intercepted and modified by fraudsters directly on the same device.
In the “zero trust to mobile” approach, Regula adds another layer of protection against such fraud with complete server-side verification of electronic identity documents that are read via smartphone with NFC technology. Now, a server in a customer’s secure perimeter adds another layer of security to NFC verification and allows reverifying the chip and its authentication session to ensure the information in the physical ID is trustworthy and the chip is not cloned or its data manipulated.
Thus, when an electronic document is processed on a smartphone, the server can be an integral part of NFC verification. It immediately re-processes RFID mobile sessions running Passive, Active and/or Chip authentication in the backend, and ensures trustworthy and fraud-free results of NFC verification.
Also, the results of every NFC verification session are stored on a server, so it is possible to re-process them afterwards if required. All this is done strictly on the client's premises, and Regula gets no access to any data.
Types of NFC Verification Checks Supported
To securely access an electronic chip and its various data groups with encrypted information, Regula NFC verification technology uses BAC/BAP (Basic Access Control/Protection), PACE (Password Authenticated Connection Establishment), or EAC/EAP (Extended Access Control/Protection) with a password from the MRZ or CAN.
- Passive Authentication (PA)
Uses a digital signature to confirm the authenticity of the data, and detects whether the signed RFID data has been illegally changed, but does not protect against fully copying it.
- Active Authentication (AA)
Makes the device send randomly selected data fragments (known as a “challenge”) to the RFID chip. The chip generates a digital signature of the data using the private key and returns its value (“response”) to the terminal. The terminal verifies the validity of the digital signature using the public key, determining thereby the authenticity of the private key used by the chip, and hence the one on the chip itself.
- Chip Authentication (CA)
Sets up a secure communication session based on a static pair of cryptographic keys, which are stored in the chip memory. Successful CA ensures that the public and private keys stored in the RFID chip memory comply with each other and thus confirms that the chip has not been cloned.
- Terminal authentication (TA)
Requires dedicated certificates that are updated frequently and are issued to a specific terminal to verify certain documents from a certain country.
Moreover, access to a private key from such a certificate is required in order to perform authentication, which is usually implemented through access to a special Terminal Control Centre (TCC) web service after authentication.
It is possible to access sensitive data groups and read biometric data (fingerprints and other biometrics) from electronic identity documents, but only after TA is performed and EAC/EAP secure connection established.
*Regula does not provide any Country Signing Certification Authority (CSCA) certificates for authentication, as they are originally provided by the issuing country.
Regula Technology Highlights
Supported RFID chip standards
- ISO/IEC 14443-3 (MIFARE® Classic Protocol)
- ISO/IEC 14443-4
Data access modes
- ePassport (DG1–DG16)
- eID (DG1–DG21)
- eDL (DG1–DG14)
- reading RFID chips in compliance with ICAO 9303, LDS 1.7, and PKI 1.1 data formats
- certified by BSI TR-03105 Part 5.1 and BSI TR-03105 Part 5.2
- supports ISO/IEC 18013
More Regula Technologies
Interconnected Regula in-house technologies, such as NFC verification of electronic documents, OCR, and barcode and MRZ scanning, come together to ensure a high level of speed and accuracy when it comes to identity document verification. They thoroughly examine every detail in every ID, cross-checking all the data to spot any illegal alterations. Learn more about what’s under the hood of the comprehensive identity verification that Regula solutions provide.