TrustPlatform Identity Management
The TrustPlatform is biometric identity management system. This stores the identity verified by the Digital Identity Service and performs additional 1:n face identification in the biometric database. This way it creates a new trust factor Uniqueness that prevents the same person to enroll with two different identities.
The structure of a solution integrating TrustPlatform is as follows:
Features of the TrustPlatform
- Biometric database
- 1:n biometric identification (face matching)
- UI for backoffice oprator to review the collected identities and to resolve dubious cases
- Trust factor thresholds configuration
- Integration API
Storing the Identity
TrustPlatform offers variability to store either unique identity of individuals or to store any identity verification attempt. This depends on the way it is integrated in the solution.
In order to store an identity to TrustPlatform, it has to be processed by Digital Identity Service (DIS) first. This processes the images (OCR, face match, liveness check) in its cache to create a customer object. If the identity is to be stored, the data from the DIS cache are stored into a database record called applicant in TrustPlatform. At first it is in the “Incomplete state” to perform 1:n identification. This searches all the records with a matching face and returns a list of duplicates. Matching against a list of duplicates creates a new trust factor Uniqueness.
In order to pair the applicant record in TrustPlatform with a database record of the individual in the main solution database, there is a field externalID in TrustPlatform to create the relation.
The worflow of adding new identity to TrustPlatform is following:
The data stored with applicant depend on what was processed by DIS. It can contain following:
- selfie image, images used for liveness check
- images of the ID document
- personal data extracted from the ID document, related to the person and to the document
- evaluation of the identity verification, individual trust factors evaluated for the person
- list of the duplicates in the database.
Verifying the Identity
To verify identity of an applicant with his face (as a second factor during login), there is a functionality for 1:1 face matching. As the input is used the externalID of the applicant and the new selfie.
There is also functionality for 1:n identification, where the input is the selfie and result are up to 5 records that match that face.
States of the Identity Record
An applicant can be in the following states:
- Incomplete - used to store records temporarily to perform 1:n identification, or to store verification sessions abandoned by user (if needed)
- Accepted - applicant’s identity is verified and trusted
- In review - the applicant’s trust factors are in the range, where additional decision by a human operator is needed
- Rejected - the applicant’s is not trusted as its trust factors are below the threshold
- Deleted - identities that are no longer needed, with personal data anonymized in compliance with GDPR
Workflow of the States
Applicant Stated Created by DIS
When storing a customer from DIS cache to TrustPlatform with a flag FINISHED, an applicant (equivalent to customer) is created in one of the states Accepted, In review or Rejected. If storing of abandoned identity verifications is needed, using a flag IN_PROGRESS stores the applicant to the Incomplete state.
Manual State Changes in TrustPlatform UI
Back office operator can resolve applicants in the state In review, by moving them into either Acepted or Rejected state. He can also delete applicants in any state. When deleting, the personal data are anonymized, but the record stays in deleted state.
Changing the States with API
The TrustPlatform exposes its API to manipulate the applicant records. The API allows to do all the transitions of state, and offers multiple ways of deleting an applicant. This enables the integration to apply different policies of records as well as compliance with GDPR or similar legislation.