[HN Gopher] Show HN: NFC Passport/ID for remote user registration
___________________________________________________________________
Show HN: NFC Passport/ID for remote user registration
Author : vertical-ally
Score : 35 points
Date : 2021-09-15 16:43 UTC (6 hours ago)
(HTM) web link (passportreader.app)
(TXT) w3m dump (passportreader.app)
| junon wrote:
| I'm sure you've already looked into this before, but signing up
| for N26 involved a very awkward, stressful video chat that lasted
| 30 minutes to verify the authenticity of my passport.
|
| Seeing as how you process data in Frankfurt, perhaps they would
| be interested. I'm sure users would appreciate it - I'd be happy
| never to have another one of those calls again.
| vertical-ally wrote:
| You hit the nail on the head - this type of problems is exactly
| what we try to solve. Someone like N26 would ofc be a dream
| customer. If there are any N26 employees here, hit us up ;)
| ajklsdhfniuwehf wrote:
| The video call is exactly to prove you are not lying. How
| having an ID card proves you are that person? if nothing it
| proves you managed to use it before any report of theft
| reached the central database
|
| edit: i mean, you claim "Success signal Binary -- Yes or No"
| but there's face verification involved. how is that not a
| threshold signal in the end where the system can still be
| fooled/passed the verification decision back to the client?
| ...seems like a more expensive step before the video call in
| the end :)
| mschuster91 wrote:
| N26 is under investigation of the German banking authority due
| to shoddy KYC and AML compliance
| (https://www.heise.de/news/Erneut-Vorwuerfe-
| gegen-N26-Betrueg...). Last thing they'd go for is yet
| _another_ brand new ID system.
| sturza wrote:
| I got verified in under 3 minutes.
| junon wrote:
| My chat went through a bunch of different checks which
| involved holding my passport in a bunch of awkward positions
| for extended periods of time in one hand and filming it all
| with the other. Way more than 3 minutes.
| moreati wrote:
| For others wondering https://en.wikipedia.org/wiki/N26
|
| > N26 (known as Number 26 until July 2016) is a German neobank
| headquartered in Berlin, Germany. N26 currently operates in
| various member states of the Single Euro Payments Area (SEPA)
| and in the United States.
| amluto wrote:
| "biometric chip"?
|
| There's a chip that uses NFC. It may well be a secure element,
| but calling it "biometric" seems like a stretch.
| vertical-ally wrote:
| Its not a term that we have coined -
| https://en.wikipedia.org/wiki/Biometric_passport
| black3r wrote:
| the chip stores biometric data (fingerprints) though.
| gregsadetsky wrote:
| Interesting use case / app for sure!
|
| It worked after 2 tries on my iPhone with a Canadian passport
| (initially, the RFID step didn't read anything).
|
| Interestingly, I think that you may have the rgb channels wrong
| during the photo extraction -- the photo was "correct" but the
| colors were wrong (maybe b and r are flipped?)
|
| I tried another app [0] just to double check and it decoded the
| photo correctly.
|
| I also found/read a bit of info from the Canadian government
| about epassports [1]. One interesting tidbit that was news to me:
| "For the chip [...] to be read, [...] the date of the
| individual's birth, the date of expiration of the passport and
| the passport number must also first be provided to the reader".
| i.e. the RFID chip does an exchange/check first rather than spit
| out everything to any nearby RFID reader.
|
| I suppose it's not feasible to brute force all of those pieces of
| data (passport expiration, etc.) fast enough to read passports in
| RFID vicinity.
|
| [0] https://www.readid.com/demo-app
|
| [1] https://www.canada.ca/en/news/archive/2014/05/technical-
| info...
| OJFord wrote:
| $1.39 per successful verification?! Isn't that really high?
|
| Seems to me with many things it's relatively easy to get say 100k
| sign-ups, compared to 100k active profitable users. Could be
| pretty costly.
| vertical-ally wrote:
| I think it goes without saying that pricing is negotiable with
| high volumes. This is the starting price for self-service with
| 0 commitment
| jpalomaki wrote:
| I guess the right way is to look at alternative options and
| costs associated with them.
|
| If the alternative option is for example something that
| requires human, then this is likely quite much cheaper.
| dzhiurgis wrote:
| Not cheap enough to use daily. Imagine tapping your credit
| card on your phone to pay someone...
| OJFord wrote:
| True. I happened to use (i.e. as a user) something similar
| today, via OnFido, so I just had a look - pricing unlisted.
| Perhaps this is _cheap_!
| mschuster91 wrote:
| Can't name numbers but compared to video-ident it's
| _drastically_ cheaper.
| trothamel wrote:
| This feels like something that would get me to abort a signup
| flow. Unless it's something that has a really good use for the
| information (a bank, maybe?), this would raise identity theft
| warnings. Even if there was a good use, it would still be
| something I'd have to think about.
| vertical-ally wrote:
| It is of course intended for use cases where your real identity
| is needed, e.g. bank account opening, self-checkin for hotels
| and airlines
| eps wrote:
| And in all of these cases the app requesting your ID should
| come from the bank, the airline, etc. Not from some random
| 3rd party that I never heard of and have no reasons to trust.
| Normal_gaussian wrote:
| A passport is not required currently for self-checkin, its
| seems an overreach to require it (particularly considering
| the poor track record of the relevant organisations).
| dzhiurgis wrote:
| Barking wrong tree here. This uses token signing so you are
| sharing less data.
|
| IMO this is holy grail of gov auth. Currently my card only
| works with usb reader and some obscure java browser plugin.
| Tapping card on my phone is easily 10x better experience.
| hammyhavoc wrote:
| Yep.
| Deathmax wrote:
| Do you verify that the document is signed by a country's CA, and
| if so, do you have a list of countries and document types that
| you are able to validate against (since procuring the CAs is
| probably the more annoying bits for this type of service).
|
| An existing company in this space would be ReadID
| (https://www.readid.com/).
| vertical-ally wrote:
| Yes (we keep a CA list). We are familiar with ReadID, but as
| far as I know they can only provide chip reading. Our solution
| on the other hand includes MRZ reading + chip reading + face
| verification + liveness verification
| vertical-ally wrote:
| Allow users to sign up (or similar) by tapping their ID/Passport.
| Integrate by using our apps, or iOS/Android SDK if you have an
| app on your own, or even C++ for embedded solutions
| mschuster91 wrote:
| How did you get the German Personalausweis to comply? It is
| supposed to require a _complex_ dance involving a remote server
| and certificates as well as a PIN before divulging the data.
| zeeZ wrote:
| From what I can tell, they aren't using the eID functionality,
| but a combination of OCR and the same functionality that
| passports have. That was added to new documents last month I
| believe?
| ZeroCool2u wrote:
| This actually seems like it might be good for remote/simplified
| I-9 verification.
| Denatonium wrote:
| Almost. It may simplify verification, but only for people who
| present passport books; you don't legally get to choose which
| documents to accept for I-9[1]. US Passport cards are RFID-
| enabled, but not NFC-enabled, for example.
|
| [1]https://www.uscis.gov/i-9-central/handbook-for-
| employers-m-2...
| toomuchtodo wrote:
| You might consider putting a link to County Coverage in your top
| nav.
___________________________________________________________________
(page generated 2021-09-15 23:01 UTC)