Nets Passport Reader

​By using the Nets Passport Reader app, you can identify anyone in the world by using a passport (or similar machine-readable ID document) and mobile phone.

Enable Nets Passport Reader in your services

Nets Passport Reader is available as an eID in E-Ident for identification of subject's holding a machine-readable ID document. More specifically, these are ICAO Doc 9303 compliant documents:

  • Passport
  • Driver's license
  • Residence card

To get access to the Passport Reader you need to:

  • Register as a customer and implement against our E-Ident service. See the Get Started pages for more information.
  • Download Passport Reader application on your mobile phone

To register as a customer or add the Passport Reader to your existing configuration, contact Nets support

Th​​​​e app

The Passport Reader app comes in two different versions:

  • one app for customer test environment (pink colour icon)
  • one app production environment (blue colour icon)

​​​​​​​ Th​​​​​​e SDK

The Passport Reader can also be integrated in to you current phone app by using an SDK, which can be downloaded through the link below. Please contact us for password to open the zip file: 


Customer test links

The preprod app (pink colour icon) can be downloaded from:

Production links

The production app (blue colour icon) can be downloaded from:

Information about the end user

​Type​OIDC​SAML​Comments
​Document type

​document_type

​documenttype

​The ID document type used.

C: Crew member

I: Identity card

P: Passport

V: Visa

​Issuing country​issuing_country​issuingcountry​The country that issued the ID document return using the ICAO three-letter country code.  
​Interpreted issuing countryinterpreted_issuing_countryinterpretedissuingcountry

​An interpreted version of the issuing country. Example: Norway Denmark

​Document number​document_number​documentnumber The document number. For a passport, this is the passport number.
​Surname / family name

​primary_identifier

Requires scope=profile

​primaryidentifier​This is the primary identifier in the ID document. It can be the family name, surname, maiden name. This may vary dependent on issuing state.
​Given name

​secondary_identifier

Requires scope=profile

​secondaryidentifier​This may be the given name or other name of the identified person. This may vary dependent on issuing state.
​Nationality

​nationality

Requires scope=profile

​nationality​The subject's nationality given as  the ICAO  three-letter country code.
​Interpreted nationality

​interpreted_nationality

Requires scope=profile

​interpretednationality

​An interpreted version of the nationality. Example:

Sweden Finland

​Date of birth

​birthdate

Requires scope=profile

​DOB

​The subject's date of birth. Format: DD.MM.YYYY

​Personal number

​personal_number

Requires scope=ssn

​personalnumber​The personal number as it is given in the ID document (as read from NFC Chip). Documents issued by some countries have personal number that look like social security numbers, but they are not necessarily ​identical.
Could also contains ​special characters.
​Gender

​gender

Requires scope=profile

​gender

​The subject's gender. Format: [FEMALE | MALE]

​Date of expiry

​date_of_expiry

​dateofexpiry

​The ID document's date of expiry. Format: DD.MM.YYYY

​Name

​name

Requires scope=profile

​fullname​The name of the ID document holder as it is given in the ID document.
​Place of birth

​place_of_birth

Requires scope=profile

​placeofbirth​The subject's place of birth. Returned if it can be read from the NFC chip.
​Face match level

​facematch_level

​facematchlevel

​A face match level given on levels from 0-9​. See the face match levels below. 

​Authentication files
​auth_files_url​AUTHFILESURL​The URL to an authentication file. See authentication files for more info.
​Level of Assurance
​acr
​ACR
Accepts acr_values as urn:eident:acrp:level:high 
Returns urn:eident:cert:eidas:high (if specific face match levels are met for the identification)​

Face match levels

Face match levels are given from 0-9 with a FRR <1%

 

  • FaceTec Match Level 9 - 1/1 200 000 FAR
  • FaceTec Match Level 8 - 1/1 000 000 FAR
  • FaceTec Match Level 7 - 1/500 000 FAR
  • FaceTec Match Level 6 - 1/100 000 FAR
  • FaceTec Match Level 5 - 1/10 000 FAR
  • FaceTec Match Level 4 - 1/1 000 FAR
  • FaceTec Match Level 3 - 1/500 FAR
  • FaceTec Match Level 2 - 1/250 FAR
  • FaceTec Match Level 1 - 1/100 FAR
  • FaceTec Match Level 0 - Non-match

FAR is False Acceptance Ratio.

User experience

Step 1 - in browser (download app):

NetsPassportReader-step1.PNG

Step 2 - in browser (activation code):

NetsPassportReader-step2.PNG

Steps in app:

Nets Passport reader - step 3 - EN.png Nets Passport reader - step 4 - EN.png 

Nets Passport reader - step 5 - EN.png Nets Passport reader - step 6 - EN.png

Nets Passport reader - step 7 - EN.png Nets Passport reader - step 8 - EN.png

Nets Passport Reader logo

If needed, the Nets Passport Reader logo can be downloaded here.

Authentication files

After successful authentication with the Passport Reader, a merchant can also retrieve/download authentications files for reference or archive purposes. The downloaded files can either be in PNG (photo images), or PDF (photo and authentication attributes)​.  

How to retrieve files

The samples provided here are curl commands, but the same can be accomplished in any programming language.

$ curl -X POST 
     -H "Content-Type: application/json"
     -H "Authorization: Basic <credentials>" 
     -d @<json-retrieve-pdf.txt>
     <auth-file-url>

 

where:
<credentials> - Basic Auth credentials provided by Nets support
<json-retrieve-pdf.txt> - JSON file with auth file instructions/configuration
<auth-file-url> - authentication file URL returned in the SAML assertion/OIDC claims

While the credentials and the URL are provided by E-Ident, the JSON configuration file is created by the merchant. The following section describes the file structure.

JSON config file

{
    "params": {
            // Request config parameters
    },

    "addendum": {
            // Custom attributes
    },

    "metadata": {
            // Metadata attributes
    }
}

Request config parameters

JSON config parameters are used to configure the auth files operation. Known config parameters are:

Parameter​Description​Constraints
​type​MIME type of file to download.

​Required.

One of:

"application/pdf" or "image/png"

 For type = image/png, the following parameter must be provided

​Parameter​Description​Constraints
​sourcePhoto source

One of:
document or selfie

 For type = application/pdf, the following parameters may be provided

​Parameter​Description​Constraints
​include-photos
​Set to true when the photos shall be included.
​​[true | false]
​source
​Photo source
​One of:
document or selfie
​pagesize
Content page size (a4, letter)​
​[a4 | letter]
​locale
​Language code for PDF content

​Possible values:

[nb-NO, nn-NO, en-GB, da-DK, sv-SE, fi-FI, sv-FI]

​user-password​PDF file user password​Do not use/not usable if  parameter “generate-pades” is set to true
​owner-password
​PDF file owner password​Do not use/not usable if  parameter “generate-pades” is set to true
​pdf-a-mode​PDF/A profile compliance mode. PDF/A-1a, PDF/A-1b, ...​​[PDF/A-1a | PDF/A-1b | PDF/A-2 | PDF/A-3]
​generate-pades​Flag for requesting signed PDFs. If a request for signed PDFs cannot be fulfilled, the response will contain the unsigned PDF
and a content-format attribute set to "PDF" instead of "PADES". At the same time,
a content-reason attribute will contain a short explanation of the cause.
​[true | false]

All JSON attributes and values are strings and must be provided with enclosing double quotes. Sample JSON configuration file:

{
     "params": {
           "type": "application/pdf",
           "pagesize": "A4",
           "locale": "fi-FI",
           "pdf-a-mode": "PDF/A-1b",
           "generate-pades": "true"
     }
}

 

Privacy Statement (in-app for the end user)

Nets has developed the Nets Passport Reader app to be used for remote authentication where you in a simple, fast and secure way can prove your identity online.

Nets has implemented technical and organizational security measures, incl. the use of encryption, to secure your personal data against unauthorized or accidental loss, alteration, disclosure and access.

INFORMATION ABOUT NETS’ PROCESSING OF YOUR PERSONAL DATA:

Nets is acting as Data Controller in relation to the processing of your personal data in the Nets Passport Reader app solution following your agreement with the company or bank requesting you to use the Nets Passport Reader app.

Data Controller:
Nets Denmark A/S (Nets)
Klausdalsbrovej 601
2750 Ballerup
Denmark
CVR: 20016175

DPO contact information:
Nets has appointed a Data Protection Officer who can be contacted at dpo@nets.eu

Please note that the authority/company or bank you entered into agreement with is acting as Data Controller for the processing of your personal data in the respective authority/company or in the bank.

PERSONAL DATA NEEDED FOR USE OF NETS PASSPORT READER APP SOLUTION

Processing of your personal data in Nets Passport Reader app include all data resulting from the following performed actions:

ACTIVATION CODE OR QR CODE:

• The Nets Passport Reader app needs to know the activation code or QR code you have received from the company or bank webpage, where you initially logged into for authentication or signing purposes
• If you don’t have a valid activation code, please contact the company or bank requesting you to use Nets Passport Reader

SCAN OF MACHINE-READABLE ID DOCUMENT (PASSPORT, RESIDENCE CARD, OR DRIVING LICENSE):

• Name
• Date of birth
• Nationality
• Gender
• Document number
• 2D picture
• National identification number

Processed data is limited to necessary data according to authentication or signing purpose.

PHOTO:

• Biometric data
• Liveness data (as a result of face recognition)


PURPOSE OF PROCESSING PERSONAL DATA IN NETS PASSPORT READER APP SOLUTION

AUTHENTICATION OR SIGNING PURPOSES (your personal data is processed for the purpose as specified and agreed with the authority, company or bank, where you originally logged into for authentication or signing purposes).

LEGAL BASIS FOR PROCESSING OF PERSONAL DATA IN NETS PASSPORT READER APP

• GDPR Article 6.1.b (necessary for the performance of the agreement between you and the authority, company or bank who directed you to use Nets Passport Reader app)
• GDPR Article 6.1.c (necessary for Nets to comply with a legal obligation)
• GDPR Article 9.2.a (Explicit consent: processing of biometric data and national identification number)

SOURCE

The personal data Nets is processing about you directly, is the personal data that you are providing by means of using the Nets Passport Reader app.

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

Nets is only processing your personal data in the Nets Passport Reader app.

The authority, company or bank who directed you to use the Nets Passport Reader app, will be receiving the result of your identification or signing but not the actual data used in the Nets Passport Reader app.

In addition, Nets is using the following software provider as data processor:
• InnoValor Software B.V., a private limited liability company, having its registered office at Moutlaan 32, (7523 MD) Enschede, the Netherlands, registered at the Trade Register of the Chamber of Commerce under number 64870596.

STORAGE AND DELETION IN NETS PASSPORT READER APP SOLUTION

• Your personal data received from your mobile device is immediately stored and discarded from computer memory
• Your personal data (including biometric data) is stored in the Nets Passport Reader app solution for max 90 days unless law requirements are requiring the Data Controller to keep personal data for longer retention periods
• Liveness data as a result from your face scan is only valid for a few minutes and then deleted from the Nets Passport Reader app solution
• Your personal data is stored in Europe

YOUR RIGHTS
 
You have the following rights, that you can request in respect of information about you that we hold:

• request us to give you access to the personal data, Nets is processing about you
• request us to rectify your personal data, update your personal data or erase your personal data
• request us to restrict our using of your personal data
• object to our usage of your personal data
• withdraw your consent in relation to any processing relying solely on consent
• data portability for such information collected directly from you and based on contract or consent


You can take steps to exercise your rights by contacting Nets at support.esecurity@nets.eu or directly on our data subject rights portal at https://www.nets.eu/gdpr/dsr/Pages/request.aspx

Questions or complaints
If you have any questions or queries to the processing of your personal data in the Nets Passport Reader app, you are most welcome to contact either support.esecurity@nets.eu or our Nets DPO at: dpo@nets.eu 

You are also entitled to complain to the local data protection authority in your local country regarding our processing of your personal data if you believe it is not being processed in accordance with applicable rules.

You can find the contact details of the data protection agency in your local country on their local website.

For more questions regarding the processing of your personal data related to your agreement on authentication or signing please contact the authority, company or bank that is using the Nets Passport Reader app to prove your identity.

YES, I have READ the Nets Passport Reader app Privacy Statement and I ACCEPT the processing of my personal data, incl. my photo solely for facial recognition purposes, in accordance with the Nets Passport.