Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:services:it_security:pki:videoident [2020/04/30 15:07] thinderen:services:it_security:pki:videoident [2023/09/18 15:20] (current) – [Requirements] thinder
Line 1: Line 1:
 +====== Video Identification ======
  
 +===== Requirements =====
 +Thus, the MPG, Uni-Göttingen- and GWDG-CA (Certification Authorities, English Certificate Authority, short CA) as well as their RAs (Registration Authorities, RA) can carry out the personal identification of applicants of user certificates in times of the Corona Pandemic. All in terms of social distancing via video chat or conference system.
 +The prerequisite is that the RA operators, in the new language usage of the DFN participant service, for short TS MA, have trained themselves. This must be documented accordingly. 
 +
 +Furthermore, the TS MA should create a meeting room in the DFN-Conf ([[https://www.conf.dfn.de]]) in order to be able to carry out a possible video identification with a certificate holder. In addition, video chat or conferencing systems deployed within the facility can be used. For more details, see the "Video Identification in the DFN-PKI" policy.
 +
 +The information you need in the form of PDF files and a training video can be found at https://www.pki.dfn.de/policies/videoident/
 +
 +===== Execution =====
 +If a video identification is to be carried out, the first thing to do is to sign the application PDF file printed by the certificate holder after the certificate has been applied for and to be sent to the TS MA. If the TS MA has received this form, this contact is contacted, asks which ID document the certificate holder would like to identify with and then arranges an appointment for the video identification with the certificate holder. Conveniently, the created meeting room contains text templates in German and English with information on how the certificate holder can be joined to this video identification. 
 +
 +
 +If this identification is achieved by DFN-Conf, both the TS MA and the certificate holder should be alone in a room as closed as possible. The identification process must then be carried out in one piece and must not be interrupted. If the identification is interrupted, it must be repeated without interruption on a new date.
 +
 +
 +During personal identification, the TS Ma asks or provides the following questions and instructions to the certificate holder:
 +
 +  * The applicant was informed in this text of the purpose of the procedure: "This video conference is intended to identify you for the issuance of the certificate you have requested. What is the application number of your application?
 +  * The applicant has given the following application number: ; this application number is in line with the present application.
 +  * The origin and type of identity document are clearly recognizable on the video image and match the information provided in advance.
 +  * The photo on the identification document is clearly recognizable and fits the applicant.
 +  * The applicant has been walking along the identity document with his finger in front of the photo. 
 +  * The photo was completely painted over, but still displayed stable and without any abnormalities.
 +  * The name on the identification document is clearly legible and fits the present application.
 +  * The signature on the identification document is clearly recognizable and fits the present application. 
 +  * The effective date of the identification document is clearly legible; the card is valid.
 +  * The identification number is clearly legible; the last five digits are .
 +  * The following security features of the identification document are clearly visible: (here 3 out of 5 characteristics must be recognized) 
 +  * A total of at least three security features have been identified without any doubt.
 +  * The information on the front and back of the identification document is consistent.
 + 
 +
 +After all these points have been processed and the TS MA has come to the conclusion that the certificate holder is the person who applied for the user certificate, this result and a few more information will be noted on the documentation sheet and filed together with the certificate application. 
 +
 +
 +From this point on, the TS MA can process the certificate application and then approve it.
 +
 +===== Notes for TS MA =====
 +It should also be mentioned that there is sufficient daylight for the identification of the identification characteristics by the TS MA by means of the video transmission in the room of the certificate holder. Otherwise, the security features of the identification documents may not be properly identified.
 +
 +
 +If the Pexip Infinity Connect app is used on Android or iOS devices, it is proven that the certificate holder switches from the front camera to the rear main camera in the app, as the main cameras of the mobile devices are better suited to be able to clearly see and display the security features of the identification documents.  
 +
 +
 +The video identification takes about 10-15 minutes. The longest time it takes to identify the security features of this process.
 +
 +
 +Another recommendation is to schedule dates for video identification and insert the DFN-Conf meeting room template text in it so that the certificate holder knows what means they can connect to for this process.
 +Furthermore, it is recommended to change the guest PIN for the DFN-Conf meeting room at intervals.
 +
 +
 +If the certificate holders do not have a German identity card or passport, the TS MA can obtain all worldwide valid IDENTITY cards and their security features for the identification process via this WEBSITE of the EU ([https://www.consilium.europa.eu/prado/de/prado-start-page.html]] - PRADO - Public Online Register of Genuine Identity and Travel Documents). For this purpose, the query of the TS MA in advance of identification, e.g. when setting appointments, is used to identify the certificate holder.