E-Ident

Get started
Step 1
Step 2
Step 3
Overview
OpenID Connect
SAML
Service access
Operational information
User experience
eIDs
Test users
BankID (NO)
BankID (SE)
BankID on mobile (NO)
Buypass (NO)
Finnish Bank ID
Finnish Trust Network
MitID (DK)
Mobiilivarmenne (FI)
Mobile-ID
Nets ID Verifier
Smart-ID
Verimi
Error codes
Release notes
Contact us

Nets ID Verifier

​​​​​​​​​By using the Nets ID Verifier app, you can identify anyone in the world by using a passport (or similar machine-readable ID document) and mobile phone.

Enable Nets ID Verifier in your services

Nets ID Verifier is available as an eID in E-Ident for identification of subject's holding a machine-readable ID document. More specifically, these are ICAO Doc 9303 compliant documents:

  • Passport
  • Driver's license
  • Residence card

To get access to the Nets ID Verifier you need to:

  • Register as a customer and implement against our E-Ident service. See the Get Started pages for more information.
  • Download Passport Reader application on your mobile phone

To register as a customer or add the Nets ID Verifier to your existing configuration, contact Nets support

Th​​​​e app

The Nets ID Verifier app comes in two different versions:

  • one app for customer test environment (pink colour icon)
  • one app production environment (blue colour icon)

​​​​​​​ Th​​​​​​e SDK

The Nets ID Verifier​ can also be integrated in to you current phone app by using an SDK, which can be downloaded through the link below. Please contact us for password to open the zip file: 


Customer test links

The preprod app (pink colour icon) can be downloaded from:

Production links

The production app (blue colour icon) can be downloaded from:

Information about the end user

​Type​OIDC​SAML​Comments
​Document type

​document_type

​documenttype

​The ID document type used.

C: Crew member

I: Identity card

P: Passport

V: Visa

​Issuing country​issuing_country​issuingcountry​The country that issued the ID document return using the ICAO three-letter country code.  
​Interpreted issuing countryinterpreted_issuing_countryinterpretedissuingcountry

​An interpreted version of the issuing country. Example: Norway Denmark

​Document number​document_number​documentnumber The document number. For a passport, this is the passport number.
​Surname / family name

​primary_identifier

Requires scope=profile

​primaryidentifier​This is the primary identifier in the ID document. It can be the family name, surname, maiden name. This may vary dependent on issuing state.
​Given name

​secondary_identifier

Requires scope=profile

​secondaryidentifier​This may be the given name or other name of the identified person. This may vary dependent on issuing state.
​Nationality

​nationality

Requires scope=profile

​nationality​The subject's nationality given as  the ICAO  three-letter country code.
​Interpreted nationality

​interpreted_nationality

Requires scope=profile

​interpretednationality

​An interpreted version of the nationality. Example:

Sweden Finland

​Date of birth

​birthdate

Requires scope=profile

​DOB

​The subject's date of birth. Format: DD.MM.YYYY

​Personal number

​personal_number

Requires scope=ssn

​personalnumber​The personal number as it is given in the ID document (as read from NFC Chip). Documents issued by some countries have personal number that look like social security numbers, but they are not necessarily ​identical.
Could also contains ​special characters.
​Gender

​gender

Requires scope=profile

​gender

​The subject's gender. Format: [FEMALE | MALE]

​Date of expiry

​date_of_expiry

​dateofexpiry

​The ID document's date of expiry. Format: DD.MM.YYYY

​Name

​name

Requires scope=profile

​fullname​The name of the ID document holder as it is given in the ID document.
​Place of birth

​place_of_birth

Requires scope=profile

​placeofbirth​The subject's place of birth. Returned if it can be read from the NFC chip.
​Face match level

​facematch_level

​facematchlevel

​A face match level given on levels from 0-9​. See the face match levels below. 

​Authentication files
​auth_files_url​AUTHFILESURL​The URL to an authentication file. See authentication files for more info.
​Level of Assurance
​acr
​ACR
Accepts acr_values as urn:eident:acrp:level:high 
Returns urn:eident:cert:eidas:high (if specific face match levels are met for the identification)​

Face match levels

Face match levels are given from 0-9 with a FRR <1%

 

  • FaceTec Match Level 9 - 1/1 200 000 FAR
  • FaceTec Match Level 8 - 1/1 000 000 FAR
  • FaceTec Match Level 7 - 1/500 000 FAR
  • FaceTec Match Level 6 - 1/100 000 FAR
  • FaceTec Match Level 5 - 1/10 000 FAR
  • FaceTec Match Level 4 - 1/1 000 FAR
  • FaceTec Match Level 3 - 1/500 FAR
  • FaceTec Match Level 2 - 1/250 FAR
  • FaceTec Match Level 1 - 1/100 FAR
  • FaceTec Match Level 0 - Non-match

FAR is False Acceptance Ratio.

User experience

Step 1 - in browser (download app):

NetsPassportReader-step1.PNG

Step 2 - in browser (activation code):

NetsPassportReader-step2.PNG

Steps in app:

Nets Passport reader - step 3 - EN.png Nets Passport reader - step 4 - EN.png 

Nets Passport reader - step 5 - EN.png Nets Passport reader - step 6 - EN.png

Nets Passport reader - step 7 - EN.png Nets Passport reader - step 8 - EN.png

Nets Passport Reader logo

If needed, the Nets Passport Reader logo can be downloaded here.

Authentication files

After successful authentication with the Passport Reader, a merchant can also retrieve/download authentications files for reference or archive purposes. The downloaded files can either be in PNG (photo images), or PDF (photo and authentication attributes)​.  

How to retrieve files

The samples provided here are curl commands, but the same can be accomplished in any programming language.

$ curl -X POST 
     -H "Content-Type: application/json"
     -H "Authorization: Basic <credentials>" 
     -d @<json-retrieve-pdf.txt>
     <auth-file-url>

 

where:
<credentials> - Basic Auth credentials provided by Nets support
<json-retrieve-pdf.txt> - JSON file with auth file instructions/configuration
<auth-file-url> - authentication file URL returned in the SAML assertion/OIDC claims

While the credentials and the URL are provided by E-Ident, the JSON configuration file is created by the merchant. The following section describes the file structure.

JSON config file

{
    "params": {
            // Request config parameters
    },

    "addendum": {
            // Custom attributes
    },

    "metadata": {
            // Metadata attributes
    }
}

Request config parameters

JSON config parameters are used to configure the auth files operation. Known config parameters are:

Parameter​Description​Constraints
​type​MIME type of file to download.

​Required.

One of:

"application/pdf" or "image/png"

 For type = image/png, the following parameter must be provided

​Parameter​Description​Constraints
​sourcePhoto source

One of:
document or selfie

 For type = application/pdf, the following parameters may be provided

​Parameter​Description​Constraints
​include-photos
​Set to true when the photos shall be included.
​​[true | false]
​source
​Photo source
​One of:
document or selfie
​pagesize
Content page size (a4, letter)​
​[a4 | letter]
​locale
​Language code for PDF content

​Possible values:

[nb-NO, nn-NO, en-GB, da-DK, sv-SE, fi-FI, sv-FI]

​user-password​PDF file user password​Do not use/not usable if  parameter “generate-pades” is set to true
​owner-password
​PDF file owner password​Do not use/not usable if  parameter “generate-pades” is set to true
​pdf-a-mode​PDF/A profile compliance mode. PDF/A-1a, PDF/A-1b, ...​​[PDF/A-1a | PDF/A-1b | PDF/A-2 | PDF/A-3]
​generate-pades​Flag for requesting signed PDFs. If a request for signed PDFs cannot be fulfilled, the response will contain the unsigned PDF
and a content-format attribute set to "PDF" instead of "PADES". At the same time,
a content-reason attribute will contain a short explanation of the cause.		​[true | false]

All JSON attributes and values are strings and must be provided with enclosing double quotes. Sample JSON configuration file:

{
     "params": {
           "type": "application/pdf",
           "pagesize": "A4",
           "locale": "fi-FI",
           "pdf-a-mode": "PDF/A-1b",
           "generate-pades": "true"
     }
}

 

Privacy Statement 

1                Data controller

Nets A/S, Klausdalsbrovej 601, 2750 Ballerup, Denmark, CVR: 30808460 ("Nets"), has developed the Nets ID Verifier app (the "App").

In order for Nets to verify your identity, certain personal data are processed on the natural persons using the App. This notice provides mandatory information on how Nets process your personal data. Please contact Nets (see the contact details below) if you have any questions about data processing carried out by Nets or if you wish to exercise your legal rights.

Nets and the authority/company that you entered into an agreement with are acting as separate data controllers.

Nets is responsible for the processing related to the verification of your identity. This includes processing of the personal data in your ID document that you as a user provide in the App, and the live images of your face uploaded via the App to validate that you are the same person as depicted in the ID document.

Nets is also responsible for the transfer of ID tokens, time stamp and the result of the identity verification to the authority/company that you entered into an agreement with.

Nets is not responsible for any processing activity beyond what is directly related to the verification of your identity and transfer of the token, result of the verification and time stamp for verification. This includes that Nets is not responsible for any data processed about you in connection with the agreement that you have entered into with the authority/company.


2                Description of processing

Nets processes the following personal data on end-users who are natural persons and are using the App.

 

Scanning of ID-document- For the purpose of verifying your identity, we will digitally scan your ID document, e.g. a passport, residence card or driving license.

​Categories of personal dataWe collect the information present in your ID document. This includes the following information: 

​·        Name, Date of birth, Nationality, Gender, Document number,2D picture

·        ​​National identification number

​Source of the personal data- We collect the data from the following source(s):

·​        Directly from you when you digitally scan your ID documents through the App

Legal basis for the processing- We process your personal data on the following legal bases:

  1. ​Consent, cf. article 6.1.a of the GDPR
  2. ​​Consent, cf. the Danish Data Protection Act section 11.2.2.

​​​​Recipients - Nets retrieves and validates information about ID documents with its processor, Inverid B.V

Data retention- The photo of your ID document (e.g., passport) will be marked as inactive after each session, and stored in encrypted form in a database, after which they are permanently deleted after a maximum of 90 days.

 Facial recognition (liveness data)- For the purpose of verifying that you are the same person as in the picture scanned in the document, we will process facial recognition data (liveness data) based on live images of your face.

​Categories of personal data We collect information from your selfie. This includes the following information: 

·        ​​Biometric data (facial recognition)

·        ​Liveness data (as a result of face recognition)

Source of the personal data- We collect the data from the following source(s):

​​Directly from you when you perform a face scan using the App

Legal basis for the processing- We process your personal data on the following legal bases

        • Consent in accordance with article 6.1.a of the GDPR

​NB: Note that Nets' processing of processing biometric data does not constitute processing of special categories of personal data pursuant to GDPR article 9.1, as the data is solely used for the purpose of verification as opposed to the purpose of identification.

Data retention- Facial recognition data and the photo of your ID document (e.g. passport) will be marked as inactive after each session, and stored in encrypted form in a database, after which they are permanently deleted after a maximum of 90 days.

               Liveness data as a result of your face scan is only valid for a few minutes and then deleted from the App.

 

 

 

Transfer of verification result- For the purpose of confirming that your identity has been validated, a result of the verification will be generated and transferred to the authority/company who directed you to use the App.

Categories of personal dataWe collect the following information from your verification. This includes the following information: 

            • ID Token
            • Result of the verification
            • Time stamp of the verification

​Source of the personal data- We collect the data from the following source(s):

            • ​​​​The data is generated on the basis of the information in the ID document and facial recognition data that you pro-vide through the App.

Legal basis for the processing- We process your personal data on the following legal bases:

            • ​​​​Consent, cf. article 6.1.a of the GDPR.
​​​​​​Recipients - The personal data may be disclosed to and shared with the following recipients:
            • ​​​​​​​​​​​​​Nets shares the token and the result of the verification of the identity (but not the actual data from the ID document and facial recognition data) with the authority/company who directed you to use the App.

​​​​​​Data retention- The data is stored by Nets for a maximum of 90 days in encrypted form in a database, after which they are permanently deleted.



Mobile device information- For the purpose of gathering use information with the help of a mobile device.

Categories of personal dataWe collect runtime/environmental information from your mobile device. This includes the following information:

            • MAC
            • Phone model
            • Network type (cellular/wifi)
            • App version
            • Rooted or not in addition for Android: - Network address
            • Device model with number


Source of the personal data- We collect the data from the following source(s):

            • ​​​​​​​​​​From end-users' mobile devices


​​Legal basis for the processing- We process your personal data on the following legal bases:

            • ​​Consent, cf. article 6.1.a of the GDPR.

​Recipients - The personal data may be used by Nets in terms of anonym statistic on mobile devices usage and performance. Note, however, that the App is stateless, meaning no data related to past transactions is stored on server-side.

Data retention- The data is stored by Nets for a maximum of 90 days in encrypted form in a database, after which they are permanently deleted.

 

 

3                Transfers to countries outside the EU/EEA

Generally, we do not transfer your personal data to countries outside the EU/EEA.

For the processing of personal data about data subjects using ICAO-compliant ID documents, Nets uses the data processor, Inverid B.V. ("Inverid").

The solution from Inverid is hosted on an Amazon Web Services ("AWS") cloud platform hosted in Ireland. This means that your personal data, in theory, could be transferred to the USA, if it is necessary for AWS in the USA to disclose your personal data in AWS' custody or control in order to comply with the law or a binding order of a governmental body.

However, the use of AWS and the related processing activities are subject to supplementary measures, including that

  • data is stored at AWS in Ireland and thus only within the EU,
  • data is stored with AWS for a maximum of 15 minutes - but in practice only for a few seconds - after which they will be permanently deleted,
  • data is stored only at AWS in encrypted form, and
  • data is encrypted with a key that only Inverid has access to, which is why AWS will not be able to provide access to data in clear text without the customer's involvement.

Further, all transfers of personal data by AWS to a third country are subject to appropriate safeguards as described in GDPR, art. 46.

Due to the short period of storage by AWS, the actual use of this service does in practice likely not involve the processing of personal data under "custody or control" under the US Cloud Act or FISA 702, to which AWS is subject. Thus, there is likely no legal basis in US law to require the processed personal data to be disclosed.

 

4                Your rights

You have the following rights:

    • ​You have the right to request access to, rectification or erasure of your personal data.
    • You also have the right to have the processing of your personal data restricted.
    • If the processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent. You may withdraw your consent by contacting us on support.esecurity@nets.eu.
    • You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).
    • You may always lodge a complaint with a data protection supervisory authority, e.g. The Danish Data Protection Agency.


​You can take steps to exercise your rights by submitting your request here: https://www.nets.eu/gdpr/dsr.


​There may be conditions or limitations on these rights. It is therefore not certain for example you have the right of data portability in the specific case - this depends on the specific circumstances of the processing activity.


 

5                Contact

You are welcome to contact us if you have any questions regarding the processing of your personal data or how you can exercise your rights, at this point of contact:

Nets Denmark A/S

Klausdalsbrovej 601

2750 Ballerup

Denmark​