The levels of authentication
At some point, you must have asked yourself: exactly what happens with the personal data in your passport or ID when you present your documents at an airport, government authority or visa office?
The public authorities inspect the data in your document. This document verification can be categorized into different levels: from simple visual inspection all the way to highly complex inspection involving biometrics.
At DESKO, we clearly summarize these levels of authentication for your benefit and explain each individual level. These explanations are also helpful for decision makers who need to determine the desired results of data capture or authentication when investing in hardware and software.
The first of these levels is to refrain from document verification. This might seem paradoxical, but it is relevant for situations and groups of persons where a great deal of trust is placed in all parties involved, for example – or in special cases where the resources and opportunities for inspection are simply lacking. Understandably, this level involves the highest degree of risk.
The next-highest level comprises the visual inspection of identification documents by an employee. Depending on the professional qualifications of the employee, this inspection may furnish varying degrees of security. A document expert who has been inspecting international documents on a daily basis over a period of decades is more familiar with the complex security features than an administrative worker who seldom inspects documents or who is only familiar with certain documents. This is complicated by the fact that the human eye is only able to identify the security features to a limited extent. Even using an illuminated magnifier – the simplest technical tool – makes it possible to enlarge details that are crucial for identifying forgeries.
At the next level, an additional technical tool is employed for the inspection of identity documents: image capture. But merely taking a picture of the document using an office scanner or smartphone cannot guarantee the discovery of potential manipulations. This can only be achieved with devices that are capable of recording data using a variety of light sources and verifying the data accordingly.
1st Level of inspection – Limited inspection (Security level 0)
At the first stage, which corresponds to security level 0, the data and machine-readable zone (MRZ) and potentially the visual zone (VIZ) of an identification document is captured electronically.
2nd Level of inspection – Generic document verification (Security level 1)
At the next stage, the printed MRZ of an ID document described above is inspected by reading the existing RFID chip, comparing with the electronic MRZ and checking to see whether they match. In this process, the hash values are also verified. Along with other personal data (e.g. passport photo), the electronic MRZ is saved on the RFID chip of a document (e-passport).
3rd Level of inspection – Generic document verifications (Security level 2)
The second security level relies on the use of a special passport/ID scanner, since this level is where general (basic) authentication begins. On the one hand, the identification document is inspected according to the official guidelines of the ICAO (International Civil Aviation Organization), and the validity of the MRZ is actually verified here. A B900 inspection is also carried out: B900 refers to a specific kind of ink that is used on identity documents. This is checked for authenticity to identify potential errors in printing. Finally, a UV transparency and UV dullness test is carried out to check whether the data page consists of materials that are not sensitive to light and whether special security features (UV security markings) are printed on it.
4th Level of inspection – Document-specific inspections (Security level 3)
At the penultimate security level, we have arrived at full authentication: This means that the entire document is authenticated, security patterns are inspected and then compared with an extensive database. This makes it possible to unequivocally verify whether the submitted identity document is authentic or whether it is a manipulated/forged document.
5th Level of inspection – Document-specific inspections (Security level 4)
If biometric authentication software is available, the submitted identification document can also be compared with the person who claims to be the document holder if necessary. This method ensures the clear allocation of an identification document to a real person.