Embed Size (px)
Citation preview
Digital Identity Transformation PlatformThe most secure, technologically advanced, and consumer centric solution available.
Solution BriefGoVerifyID® Digital Identity Transformation Platform provides the ability to create a digitally verified single customer view and delivers a ‘once on boarded always on boarded’ digital identity and regulatory “Know Your Customer” capability.
The service was designed in response to the global move to digitization, and to address various inherent organizational challenges, including:
• Digital identity and trust
• Customer onboarding
• Digital rights management
• Regulatory compliance (KYC)
• Data quality
• Security
• Privacy legislation
• Customer engagement & communication
• Product activation
• Digital assets and smart contracting
• Single customer view
IntroductionCapabilities are underpinned by the creation of a regulatory-compliant federated digital identity, protected and encrypted by an advanced digital certificate, that is made available in a customer’s smartphone, through an integrated document and identity e-Vault.
The federated identity enables the creation or use of multiple digital identities to cater for different onboarding requirements across geography, industry or legislation within closed or open ecosystems or managed through the platform.
These identities are then used to enable full digitization across integrated customer ecosystems which the platform creates and manages for organizations. The technology then provides these ecosystem participants (like Telco’s, Insurance, Government, HealthCare, Accountable Institutions) with various product features which are managed uniquely and in real time.
Data is validated and controlled by the owner of the information – either consumer or organization. Data is transmitted and updated in real time.
The platform is adaptable as well as agnostic of geographic borders and any required technology integration. GoVerifyID Digital Identity Transformation Platform delivers a fully digital, customizable, regulatory compliant solution.
It is a fully commercialized end-to-end integrated technology solution, from digital onboarding, integrated compliance including artificial intelligence validation, KYC and screening portals, third party data integration and institutional and regulatory access portals.
GoVerifyID Digital Identity Transformation Platform was designed to help significantly reduce data and KYC onboarding costs while also increasing efficiencies and value to consumers.
GoVerifyID® Digital Identity Transformation Platform comprises a secure and disruptive operating, enterprise-based technology platform that has been designed to create, manage and maintain, in real time, multi-tenant digital ecosystems that are customer-centric and regulatory compliant.
Adobe Approved Trust List (AATL) Digital Certificate Registration Authority CharterA key feature of the GoVerifyID Digital Identity Transformation Platform is its ability to issue certified digital electronic certificates through mobile smartphones and tablets. Because digital and advanced electronic signature certificates have the same authenticity as a handwritten signature, they can be relied upon implicitly in nearly all transactions, such as approvals, contracts and certifying copies of original documents.
This capability is key in delivering TRUST in digital contracting and therefore creates validity in digital data in the various GoVerifyID features and products available through the platform.
GOVERIFYID DIGITAL IDENTITY TRANSFORMATION PLATFORM
• Fully digital, secure and compliant digital identities created using a customer’s, agent or on premise smartphone or tablet
• Regulatory compliant customer on boarding (Know Your Customer) - can adapt for different legislations, industries in different geographic locations
• Compliant up to FIPS 140-2 level 3 - ability to issue Digital or Advanced Electronic Digital Certificates using a smartphone or tablet
• Real time and authenticated data updates using a secure digital e-Vault and integrated platform - transfer and update data from source in real time, anywhere
• Integrated biometrics (Face, Voice or Pattern Recognition, etc.)
• GoVerifyID creates unique and integrated customer ecosystems (closed or open) enabled with further product features for organizations and individuals including authenticated digital contracting and signing
• Independent and agnostic data verification including digital face to face
• Platform globally relevant and industry agnostic.
Security and EncryptionImageWare uses various methods and approaches to protect data in transit and at rest. The stated outcome of our encryption process is to encrypt all Personally Identifiable Information (Pll) or Sensitive Personal Information (SPI) in such a manner that it cannot be viewed in clear text format either during data transit or during store. The overall encryption process relies on a number of technology stacks to be interpreted, which results in no one single point of vulnerability.
Any hacking or attempt to gain access to the data would require a security breach across a number of environments, fragmented across the globe at one given time. In addition, if any component of our data storage process is compromised, then the available information would be non-sensible due to the nature in which the data is stored at rest. The process below describes the 3 key aspects of how data is encrypted in transit, and at rest for both documents that we store and all transactional data.
In-Transit: Mobile Device to ServerGeneral API Calls and Data
ImageWare uses public-private key infrastructure to transport encryption keys from the server to the mobile device. On opening the application, it generates (within the local devices key-chain) a public-private key.
The public key is then sent via an SSL connection to the server. The server uses the public key received from the application to encrypt a generated unique hash string. The result is a double encrypted hash which is then sent back down to the mobile application, which is in turn decrypted locally using the private key in order to extract the unique hash. This hash is then used as the key which encrypts the devices unique identifier as the vector, which is the basis for all further encryption between application and server.
All communication, as an additional layer, also flows over SSL on port 443.
In BranchOnboarding
Agent Onboarding
Mobile Onboarding
Other DigitalOnboarding
1 Regulatory Compliant Onboarding
3 Enter Ecosystem 5 Agnostic API Interface4 Access ImmediateProducts & Features
2 Integrated Compliance, Screening & Validation Portal
Secure Process, Fully Authenticated
aOnboarding Single or bulk – our application or othersKYC in less than 1 minute
b ScanningDrivers, ID, Passport
d IntegrateVerification Bureaus
e UploadDocuments
g VerifyDigital Face 2 Face
f Sign
c Biometrics & Geolocation
Telco Banks Insurance
Schools Job
E-wallet Shopping
Health care Interests Friends
Artificial Intelligence Matching Engine (AIME)
KYC history query Regulator access and
review possible Information service /
alerts for changes – live updates
Online real time processing
Fully integrated billing and time tracking
Customizable
GoVerifyID® DigitalIdentity Management Portal
Validate & Create Federated Identity
DataQuality
Real timeInformation
updates
InformationServices/Products
PrivacyPII
Communi-cation
Legal & Regulatory
KYC
CustomerOnboarding
Identity ProofingTrust
Digital Right ManagementValidation
Dynamic Contact Management
Real Time Data Updates –
multi direction
Customizable Customer
Application
Control information – multiple relationships
but uniquelyAuthenticated
Mobile IdentityDigital Intelligent
Docs and Web Forms
Privacy & PII Compliance
In App e-Document Vault
Real Time Data Polling
KYCLegal and Regulatory Cross Platform Communication
Interfaced in real time into multiple systems and processes
Information Independently verified using Integrated Compliance portal
ID Verification ID Proofing source
integration Sanction, PEP, OFAC and Interpol screening
Adverse Media Screening
Bank Account Confirmation
Audit logs and history
Documents in-transit and at-restDocuments also get encrypted with the generated hash (as described above) using the devices UUID, but in this instant, they are sent as encrypted strings to our storage provider as a “{GUID}.tempfile”. The GUID is an identifier that is globally unique and nondescript, which is allocated by the server to the physical document/media file. This then gets filed into a secured Google Docs or Couchbase or AWS NoSQL environment as per setup of the client in question.
Our document API is a layer that servers to verify the document’s integrity and its validity by confirming the store request with our transactional API. The transactional API provides the details on where to file a document within our Cloud Server environments and to what provider to send it (Google, AWS, Azure etc.). The document is stored on the third-party provider’s database in a format that is useless to anyone who does not have the encryption keys, storage parameters and file details of the document. None of these parameters are stored alongside the document and are handled via
our document and transactional APIs. The actual document is stored as a raw file that does not display any details of the file type, the owner of the file, the company that the file belongs to, or any other information that might be useful to a hacker. It is totally anonymous and in the absence of our secured transactional API, cannot be interpreted.
The documents are further secured by making use of world class providers like Google Docs, or AWS who implement their own security best practices and who store our documents in fragments across multiple storage nodes in the cloud.
Transactional Data StorageTransactional data is hosted in a separate environment to our documents, for additional security, and is encrypted using TDE (Transparent Data Encryption) at rest. The servers hosting this data are secured and behind a firewall with all best practices in place for hardening data servers. Backup files are created with expiry and require the database keys to be restored on another server. In addition, all our business layers are obfuscated.
Selected Use CasesThe technology is generally deployed and customized as a ‘white labeled’ solution or modules integrated into existing customer’s mobile application and systems.
Telecommunications• Full authenticated digital onboarding (face to face or
non-face to face) in mobile store via tablet or using agents or directly through Telco’s white labeled mobile application
• Digital identity created and integrated, customized KYC completed in under 60 seconds
• Customer identity and vaults created using digital certificates
• Customer can, for example, apply for new services, sign contracts, agree T&Cs etc. all from their mobile phone
• Customer website login and in store validation using biometrics
• Live data updates between customer and Telco and vice versa
• Privacy permissions regulated by the customer in real time
• Supports Telco’s financial services products, cost savings and efficiency in customer activation costs and SIM swaps
• Customer, through deployed ecosystem, also has access to other participants in the ecosystem and other value-added services etc. all using the same technology
• Fully integrated into Telco’s systems
• Multiple identities utilized across different markets to cater for country specific requirements.
Motor Vehicle• Same as above for telecommunications, but customer
is able to share their identity and KYC across various dealerships and different motor brands seamlessly, as on boarded and fully validated
• Paperless vehicle delivery using biometrics
• Fully digital vehicle rentals - bookings done digitally and customer validated using biometrics at the rental car company
• Vehicle contracts signed using mobile application in the comfort of the customers home
• Customer, through deployed ecosystem, also has access to insurance providers, value added services etc. all using the same technology
• Vehicle services feedback requested directly in mobile application and updated in real time to dealership
• Cost savings in customer onboarding and quality of data. Education
• Same as above for telecommunications, but students are on boarded and their identity created digitally vs. standing in queues at the various institutions around the country
• Validations are for KYC but also income verification, educational qualifications etc.
• Based on the approved identities, students can apply across various educational institutions within the ecosystem, all from the same application - all information totally unique and separated
• Students get access to live digital educational material placed in their vaults by the institutions
• Student job zones created for students to apply for positions from same application.
Medical• Same as above for telecommunications, but a medical
identity is created for the patient
• A Medical identity can be used across the ecosystem to check into a hospital, doctor etc.
• Patients can digitally provide information to medical provider
• Medical provider can upload scans, blood results, etc. directly into patients vault on their phone
• Patient can authorize access to records
• Customer receives customized information directly to their mobile device on medical condition, helpful information etc. on diabetes for example. Financial Services
• Same as for telecommunications, but the customer now has unique access to all financial services products e.g. home loans, credit cards, savings products etc. utilizing a unique digital identity and validated KYC
• KYC information updated in one place - one click - and all participants in ecosystem can receive the updated information
• Product activation and authorizations all done from customer’s mobile phone
• Savings on KYC information, regulatory compliance and improved data quality.
Integration PartnersImageWare operates across various global markets and industries. Various integration partners are used, customized to jurisdictional requirements and customer specific needs. ImageWare is totally agnostic of data or integration providers and these integration points are agreed between ImageWare and clients.
Core FunctionalityThe following provides a high level overview of the GoVerifyID Digital Identity Transformation Platform ecosystem.
DETAILS
Interface Smartphone and Tablet, Desktop / Web-site for Compliance and Admin Portals
Digital Depth – Full Digital Engagement Platform Yes
Digital KYC Onboarding - Consumer Yes
KYC Onboarding – Entity No (platform capable – product interface in development)
Onboarding:Mobile or Tablet Onboarding Yes
Scan, Decrypt and Validate Identity Documents Yes
Integrated Multi Modal Biometrics (Face, Voice, Palm) Capture, Authenticate and Validate
Yes
Third Party Data Integration Yes
Geolocation Yes
Digital Face to Face Yes
Integrated Onboarding Compliance, Due Diligence Screening and Validation Portal
Multi-Jurisdictional and Industry Agnostic Compliance and Validation Yes
Digital Identities:Create, Maintain, Share, Verified, Legally Compliant Digital Identities Yes
Federated Identity-as-a-Service Yes
Multiple Digital Identities for Different Ecosystems Yes
Digital Identity Rights Management Yes
Privacy and PII Data Management Yes
Create, Manage and Maintain Multi Tenant Digital Ecosystems Yes
Artificial Intelligence and Machine Learning Yes
Document Vault:KYC Information Yes
Other Digital Assets - Dynamic Yes
Document Signing, Approval and Digital Contracting Yes
Security:Advanced Electronic Certificates Yes
Blockchain Yes
Other Features:Bulk Onboarding Yes
Multi Solutioning and Customer Development of Bespoke Digital Solutions Yes
Realtime Data Updates Yes
Communication (Secure Mobile Push E-mail or SMS) Yes
Realtime Data Update Yes
Create Digital Document or Forms Yes
White LabelledLive Data Polling of Customers Yes
Global Capability Yes
Multi and Agnostic System Integration - API Yes
Information OverviewThe following outlines the basic onboarding and validation process and resulting outputs. For reference only.
DETAILS OUTPUT
1. Customer onboarding
1.1 Face to Face - Performed by client authorized agent All data from theonboarding processis parsed throughin real time to theManagement Portal(or integrated into the company compliance process) – see Step 2 below for further valida-tion and customer screening
1.1.1 Customer presents identity document (Drivers, ID or Passport)
1.1.1.1 Technology scans and validates ID document and identity information
Home Affairs /Verification Bureau
1.1.1.2 Identity picture extracted by technology and biometrically matched to Selfie (see below) or if required obtained from other sources
Home Affairs /Verification Bureau
1.1.2 Capture customer picture (selfie)
1.1.3 Facial biometric captured at same time selfie is taken. Other modalities like voice or palm biometrics can also be captured at this stage, or later in the mobile customer app
Biometric provider
1.1.4 Customer’s cell phone number is captured and validated if required
1.1.5 Customer’s e-mail address is captured and validated if required
1.1.6 Customer’s identity document image is taken - authentici-ty of actual document image verified where possible
Customer receivesmobile applicationusername andpassword
1.1.7 Proof of residence captured either by (or in combination): VerificationAgency
1.1.7.1 Live at source / original proof of residence
1.1.7.2 Enter address Verification Agency
Customer can loginbut remains unver-ified and key func-tionality deactivated until the Validation steps below have been successfully complete – Only then does customer becomeValidated
1.1.7.3 Geolocation
1.1.7.4 Upload / scan proof of residence
1.1.7.5 What3Words
1.1.8 Live video capture What3Words
1.1.8.1 Customer records video stating their name
1.1.8.2 Customer needs to read challenge pin presented on phone
1.1.8.3 Movement / liveness test / biometric can also be taken during video capture
1.2 Non-Face to Face – Performed by customer
1.2.1 Process is identical to the Face to Face Process outlined above EXCEPT the onboarding steps are performed by the customer without a client agent being present
DETAILS OUTPUT
2. Validation (Management Portal)
2.1 Validation steps customized to company risk and compli-ance policies
Once validation has been successfullycompleted:
a. A full KYC digital onboarding auditcertificate document is generated
2.2 Verification and validation done by authorized company agent
2.3 Artificial Intelligence Matching and validations done or escalated if issues found
2.3.1 Identity validation
2.3.1.1 Compare selfie image to image on identity document or independent source
2.3.1.2 Compare details on identity document image to validated independent ID data
2.3.1.3 Review video capture – person, challenge key
2.3.1.3.1 Compare video to selfie and identity document image
2.3.1.2 Compare details on identity document image to indepen-dent validated
b. The document collates all the infor-mation in one document and also each component of the onboarding informa-tion per the steps performed
c. The document also contains the authorized company agent who per-formed the validation
d. The document is digitally stored and provided to the company and within the authorized company ecosystem
e. The customer vaults in the mobile application are also populated with these documents
f. A digital identity is created for the customer, which then allows, inter alia, contract signing in their mobile appli-cation using biometric validation and digital certificates
2.3.1.3 Review video capture
2.3.1.3.1 Compare video to Selfie and identity document image
2.3.1.3.2 Compare challenge pin read by customer to pin sent to the mobile device during on boarding process
2.3.2 Proof of residence validation
2.3.2.1 For live at source / original supplier extraction of proof of residence - review if required for date relevance
2.3.2.2 For enter address – compare to uploaded proof of resi-dence;
2.3.2.3 For geolocation – review google image;
2.3.2.4 For upload / scan proof of residence – review and compare to address captured
2.3.2.5 For What3Words – review geolocation output
2.3.3 Customer screening (e.g. Sanctions, PEP, PIP, adverse media, etc.)
2.3.3.1 Review outputs and approve / escalate or fail customer
2.4 Various other validations can also be included (e.g. bank account verification, criminal checks qualifications, credit checks, gross income etc.)
®
About ImageWare
ImageWare Systems, Inc. provides end-to-end digital identity proofing, authentication and management solutions as a cloud SaaS and on premises. The company’s Digital Identity Platform provides customers and partners with access to its patented technology for ultra-scalable and anonymous biometrics using nearly any vendors’ biometrics. IWS solves the problem that is responsible for over 80% of corporate data breaches by replacing or strengthening passwords with your choice of biometrics and other multi-factor authentication methods providing the highest level of user assurance, security and user convenience.
ImageWare Systems, Inc. is headquartered in San Diego California, with offices in Oregon, Canada, Mexico, and Japan.
ImageWare and GoVerifyID are registered trademarks of ImageWare Systems, Inc. Other trademarks are owned by their respective vendors. Learn more at iwsinc.com.
Legal Information
No part of this document may be copied or reproduced in any form or by any means without the prior written consent of ImageWare Systems, Inc. (“ImageWare”). ImageWare makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability or fitness for a particular purpose. Information in this document is subject to change without notice. ImageWare assumes no responsibility for any errors that may appear in this document. From time to time changes may occur in the ImageWare products that are described in this document. It is illegal to digitally distribute or otherwise make this document available to third parties.
Restrictions
This software and associated documentation is furnished to you under a license agreement and its use is expressly conditioned upon the user pursuant to the terms of that license agreement. It is illegal to make copies of, post, or otherwise make available the contents of any documents, databases, distribution formats, or applications, except for your own usage / backup, without written permission from ImageWare.
Trademark Information
All content copyright © 2019 ImageWare Systems, Inc. All rights reserved.
GoVerifyID, IWS Biometric Engine, GoMobile Interactive, CloudID, GoCloudID, EPI Builder, EPI Suite, EPI Web, ImageWare, IWS, and pillphone are registered trademarks of ImageWare Systems, Inc.
ImageWare Patents
For a full list of ImageWare Systems’ patents, visit iwsinc.com/company/intellectual-property/
Connect
@iwsinc
linkedin.com/company/imageware-systems-inc
facebook.com/imagewaresystems
V190328
