Enroll from the document photo

Use case showcasing how to enroll (register) the user in Keyless using the user's document photo.

In this tutorial you will use 2 independent modules offered by Keyless:

The Keyless Document SDK: responsible to retrieve user data such as the photo from the idenity document.
The Keyless SDK: responsible to register the user in order to enable biometric authentication.

Important: the Keyless SDK does not check if the photo was retrieved from an identity document using the Keyless Document SDK. The responsibility to pass only photos retrieved from verified documents (e.g. using the Keyless Document SDK) is left to the integrator.

The complete flow to register a user and verifying that the user face matches the document photo is the following:

Retrieve the user photo from the document
Confirm the document is valid.
Enroll using the photo.
Authenticate using the face.

Below are the detailed steps to satisfy the enroll from document photo use case.

1. Retrieve the user photo (from the document)

It is possible to retrieve the photo and user data from the user identity document using the Scan Document API.

KeylessDocument.scanDocument() {
    when (it) {
        is DocumentResult.Success -> {
        	// path where the document photo is saved
            Log.d(TAG, "Photo path ${it.value.facePath}")
 		}
    	is DocumentResult.Failure -> {
            Log.d(TAG, "Error ${it.error}")
        }
}

KeylessDocument.scanDocument() { result in
    switch result {
    case .success(let document):
        // UIImage containing the document photo
        let photo: UIImage? = document.passportImage
    case .failure(let error):
        print("Error: \(error)")
    }
}

DocumentResult<EDocument> documentResult = await KeylessDocument.instance.scanDocument();

switch (documentResult) {
    case DocumentSuccess<EDocument>(data: final document):
        String photoPath = 'Document: ${document.facePath}, ...';
        break;
    case DocumentFailure(message: final error, code: final code, errorType: final type):
        String error = 'Document Error: $error $code ($type)';
        break;

2. Confirm the document is valid

In the previous step you retrieved the Document photo, the EDocument result contains additional fields that we advise to verify before proceeding with registering the user from the photo in Keyless.

Make sure that the EDocument.security.ValidityInformation are valid:

public enum class Verdict {
    NOT_CHECKED, // Not checked
    FAILED, // Present, checked, and not ok
    SUCCEEDED, // Present, checked, and ok
}

public data class ValidityInformation(
    var typeOfAccessControl: String = "",
    var activeAuthentication: Verdict = Verdict.NOT_CHECKED,
    var chipAuthentication: Verdict = Verdict.NOT_CHECKED,
    var dataNotTampered: Boolean = false,
    var documentCorrectlySigned: Boolean = false,
    var documentSigningCertificateVerified: Boolean = false,
)

public enum Verdict {
    case notChecked, failed, success
}

public struct ValidityInformation {
    public let typeOfAccessControl: String?
    public let activeAuthentication: Verdict
    public let chipAuthentication: Verdict
    public let passportCorrectlySigned: Bool
    public let documentSigningCertificateVerified: Bool
    public let passportDataNotTampered: Bool
}

enum Verdict {
  notChecked("not_checked"), // Not checked
  failed("failed"), // Present, checked, and not ok
  succeeded("succeeded"); // Present, checked, and ok
}

class ValidityInformation {
  final String typeOfAccessControl;
  final Verdict activeAuthentication;
  final Verdict chipAuthentication;
  final bool dataNotTampered;
  final bool documentCorrectlySigned;
  final bool documentSigningCertificateVerified;
}

3. Enroll using the photo (from the document)

At this point you should have the photo of the user that you retrieved from the user's document.

The enroll from photo is handled by the Keyless Mobile SDK that is the SDk to enable privacy preserving bimoetric.

Install the Keyless Mobile SDK following the Getting Started section.

Now you can enroll the user by providing the document photo. For a detailed explanation of what enrollment with Keyless means, please refer to the enrollment section.

To enroll the user photo follow the enroll from photo.

4. Authenticate using the face (live person)

So far you created a user in Keyless based on the document photo. However you did not verify that the user created is the real person that provided the document. The last step is to verify that the face of the user providing the document matches the photo of the user you just registered.

To close the use case an authentication with Keyless is enough. Authenticate the user following the authentication section. This will match the user face with Keyless privacy preserving biometric authentication against the user document photo.

Congratulation you enrolled a user in Keyless from the identity document and verified that the user face matches the face in the document photo.

Last updated 1 month ago

Was this helpful?