Introduction

AuthenticID provides automated real-time identity authentication and decisioning on mobile devices.

AuthenticID provides the following capabilities and benefits:

1. Auto-fill capture of all identity information on ID document.
2. Forensic authentication of government-issued ID documents for 192 countries.
3. Biometric enrollment to bind various biometrics to authenticated identity for continual authenticated login use cases.
4. Advanced patent-pending digital tamper detection.
5. Market-leading face recognition selfie match against identification document photo.
6. Patent-pending liveness detection to prevent selfie spoofing.

Package features include:

1. Document verification
   1. You can use this package to scan and verify the applicant's passport or license in your application process.
   2. It supports selfie or liveness (taking both near and far selfie) check as extra security option.
   3. It provides prefill data extracted from the id document.
2. Max attempt control
   1. Limit the number of calls an application can make, this will save you unnecessary costs. If the service has already provided a result from one device, there's no need to trigger it again and again. This feature will ensure you are paying a fair price/cost for each application using the AuthenticID service.
3. Analytics Milestones and Segmentation
   1. This package includes Pre-built Segments and Milestones to assist you to evaluate the quality of the service.
   2. This feature helps to ensure the right business rules are set in AuthenticID. For example, if too many applications have been set "To Review" by AuthenticID, it may be related to a misconfiguration which can easily be fixed.
   3. When monitoring the application success using Segments and Milestones, Analytics gives you a clear view of the total of verified, reviewed and failed applications. It also shows you the percentage of the document type (Passport or License).
4. Server and Client value objects
   1. This will help to use the results in an external service, for example, a decision service.
5. Detailed data and system errors
   1. This can be particularly useful as the service will block unnecessary calls if anything is missing or wrong.
   2. It will also provide detailed messaging to help fix the problem, either for the applicant in case of missing information, or the form builder in case of misconfiguration.
6. TAF + Maven support
7. Exchange regression suite - automating over 50 scenarios
   1. This helps us improve turn around time in case of defects fixes.
   2. It also helps us makes release new enhancements faster.

This package is built on the Exchange Framework (TIF). It is used to develop integrations in Journey Manager in a more efficient, standardized and scalable manner to reduce the ongoing costs for upgrades and maintenance.

Licensing

Clients must ensure they are appropriately licensed in order to use this package. Organisations who wish to use this package are required to establish a commercial relationship with the 3rd party vendor directly.

Compatibility

This package has the following compatibility requirements:

Release Notes

Version 1.1 March 13, 2020

• Configuration service support.
• Added support for disabling milestone events optionally.

Version 1.0 Oct 31, 2019

• Baseline release.

Installation

Exchange Installation

This package should be installed as a single archive via the Avoka Exchange. Once installed you should walk through the following procedure to ensure you complete any required configuration:

1. Review the documentation below for each of the imported services and make any adjustments necessary to service parameters.
2. Review the documentation below for any Service Connections and add your credentials as required.
3. Review the Help Doc tab for each of the imported services and make any required adjustments to service parameters.
4. Review the Service Connection requirements under the same Help Doc tab for each of the imported services and make any required configurations to the Service Connection. Service Connections can be configured in Journey Manager under the Services >> Service Connections menu item.
5. Installation of any included Maestro libraries requires you to login to you Maestro server and import them either into your organization (for global availability) or to your specific project.

Note: The default value of service parameters from this package, such as maxAttemptNumber will always override the value for existing service. After you reinstall or upgrade the package, make sure the service parameters value are suitable to your requirement.

Maven dependency

Note: Each service within this package must have Unified App Data enabled when building a form. Navigate to Forms > Form > Form Version and tick the Unified App Data checkbox.

Form action in Narrator

Below is the example on how to create form actions in Form Narrative on the server.

{
    "name": "AuthenticID Example Application Narrative",
    "version": "1.0.0",
    "pages": [
        {
            "name": "GetStarted",
			"preActions": [],
            "postActions": [],
            "formActions": [
                {
                    "name": "AuthenticID - Document Verification",
                    "version": "1.0.0",
                    "params": {
					}
                }
            ],
            "nextPages": [
                "Success"
            ]
        }
        ...
    ]
}

Note: You need latest version of both Narration controller and Narrator Maestro library to support form action feature this package is relying on. Please contact Narrator team to get the correct version.

High Level Diagram

Document Verification

CSP configuration

The Content Security Policy (CSP) response header helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header, thereby protecting your solution from a range of vulnerability attacks.

By default, Journey Manager has strict CSP settings configured so these will likely need to be modified in order to enable the AuthenticID JavaScript API integration.

You can configure CSP settings in Journey Manager at a system wide level via the 'Form Submission Access Controller' service, or at an Organization level in the Security tab. The following Sample CSP demonstrates how to enable the AuthenticID JavaScript integration:

script-src 'self' blob:; object-src 'none';

For more information see CSP on The Avoka Community

Usage Instructions

Use the following procedure to configure the AuthenticID component in your form:

• Make sure the exchange-authenticid-taf Maestro library has been added to your project. From your Maestro project libraries tab, select the library exchange-authenticid-taf and move it up to the top, using the Maestro Move Up button.
• From the Maestro palette, add the AuthenticID Document Verification component onto your form.
• The buttons Drivers License and Passport use Graphical Radio Button component. In Maestro version 19.05 the widget comes pre-selected with value in the property Button Selected Image which needs to be cleared. For both the Drivers License and Passport buttons go to the properties tab and under Image section clear this image.
• The Drivers License and Passport buttons use the Graphical Radio Button component. Some templates may include more styles for the Graphical Radio Button component. For both the Drivers License and Passport buttons select the style tab and remove any style other than the Radio Graphical and Radio Border.
• From the Maestro palette add the AuthenticID Dialog component onto your dialogs folder by double clicking on it.
• Save and refresh your Maestro form. (This action allows the web icons to show correctly).
• Select AuthenticID Document Verification component and on the Properties tab select the Options section. Choose the Liveness Option from the drop-down list to suit the business requirement.

Please note that this component will be hidden upon a successful data prefill and confirmation. That means it will only work once if successful. Form designer should consider the form flow accordingly based on this fact. For example, If form has a button to open a dialog to perform the data prefill, that button should be hidden after data is prefilled and confirmed.

Note: By default, the Maestro form will show an alert box when validation errors happened. Since AuthenticID component already has the build-in fields to display various data errors, you can add the following Javascript on Form Load in your form to suppress the alert box.

    Form.serverValidationErrorHandler = function() {};

This component uses the widget svgImageToSrc to set image colour based on the template colour using CSS. For better loading time you can un-tick the flag Replace svg tag with svg src and upload the image with the right colour.

Multiple Verification Sessions

If you need to perform data prefill on multiple individuals in a single transaction you will need to add an instance of the AuthenticID Document Verification component for each individual and add an identifier to the beginning of the component ID for each instance. For example, if your form supports 2 applicants you would specify a component ID of Applicant1_authenticID_documentVerification and Applicant2_authenticID_documentVerification respectively. This will ensure that the sessions do not interfere with each other. You would only be required to provide one instance of the AuthenticID Dialog component.

Max Verification Attempt

This feature is meant to limit the cost involved in initiating calls to AuthenticID from a single transaction.

Configuration

1. Set the maxAttemptNumber to a positive number in the service parameter.
2. If you don't want to put any restriction, set it to -1.
3. If you want to alert the applicant on how many attempts are left, you can see the number of attempts left in both JSON result and Data Field: attemptsLeft in Maestro component.
4. If you want to define specific behaviour in the form, capture the SYSTEM_ERROR. errorCode: EXCEEDED_NUMBER_OF_ATTEMPTS that is sent back when the max attempt is exceeded.

Journey Analytics

Milestone events

Milestone events are automatically generated to show milestones on the User Journey view in Journey Analytics, the Journey platform analytics tool.

Note: You can optionally turn off all milestones inside the Exchange services by setting the service parameter: disableMilestones to true if you prefer a simplified diagram in Journey Analytics.

Segment events

Segment events are automatically generated to show segments on the User Journey view in Journey Analytics, the Journey platform analytics tool.

Note: Please make sure you've added the following segment name and valid values to Journey Analytics segment whitelist before using this component. For more information, please refer to Journey Analytics Preferences

Service Txn properties/ Server VO

The table below describes AuthenticID Document Verification server VO fields stored in the Form XML Data and also stored in transaction properties.

The table below describes AuthenticID Match Selfie server VO fields stored in the Form XML Data and also stored in transaction properties.

The table below describes AuthenticID Far Selfie server VO fields stored in the Form XML Data and also stored in transaction properties.

The table below describes AuthenticID Get Segment Result server VO fields stored in the Form XML Data and also stored in transaction properties.

Configuration Service Support

Create a service parameter keyMapping as below in your configuration service (service-def.json) if you haven't done so

    {
      "name": "keyMapping",
      "type": "String",
      "filePath": "json/keyMapping.json",
      "bind": false,
      "required": false,
      "clearOnExport": false,
      "readOnly": false
    },

Note: You only need to create keyMapping service parameter once when you setup your first Exchange package. The rest of the Exchange package will just be keep adding content into the existing service parameter.

Create or append the following content into json/keyMapping.json

  "authenticid": [
    {
      "serviceKey": "dv",
      "serviceName": "AuthenticID - Document Verification",
      "serviceParamKeyMap": {
        "recResInXml": "recordResponseInTxnXML",
        "recResInProp": "recordResponseInTxnProperties"
      }
    }
  ]

Copy the following service parameters definition in your configuration service (service-def.json) and set the proper values for your project.

    {
      "name": "authenticid-dv|1.1.0-conn.endpoint",
      "description": "Service connection Endpoint for authenticid dv service",
      "value": "",
      "type": "String",
      "bind": false,
      "required": true,
      "clearOnExport": false,
      "readOnly": false
    },
    {
      "name": "authenticid-dv|1.1.0-conn.username",
      "description": "Service connection Username for authenticid dv service",
      "value": "",
      "type": "String",
      "bind": false,
      "required": true,
      "clearOnExport": false,
      "readOnly": false
    },
    {
      "name": "authenticid-dv|1.1.0-conn.password",
      "description": "Service connection password for authenticid dv service",
      "value": "",
      "type": "String",
      "bind": false,
      "required": true,
      "clearOnExport": false,
      "readOnly": false
    },
    {
      "name": "authenticid-dv|1.1.0-defaultAccountCode",
      "description": "",
      "value": "",
      "type": "String",
      "bind": false,
      "required": false,
      "clearOnExport": false,
      "readOnly": false
    },
    {
      "name": "authenticid-dv|1.1.0-maxAttemptNumber",
      "description": "",
      "value": "2",
      "type": "String",
      "bind": false,
      "required": false,
      "clearOnExport": false,
      "readOnly": false
    },
    {
      "name": "authenticid-dv|1.1.0-disableMilestones",
      "description": "Whether to disable Journey Analytics milestones for this service.",
      "value": "",
      "type": "Boolean",
      "bind": false,
      "required": false,
      "clearOnExport": false,
      "readOnly": false
    },
    {
      "name": "authenticid-dv|1.1.0-recResInProp",
      "description": "",
      "value": "true",
      "type": "Boolean",
      "bind": false,
      "required": false,
      "clearOnExport": false,
      "readOnly": false
    },
    {
      "name": "authenticid-dv|1.1.0-recResInXml",
      "description": "",
      "value": "true",
      "type": "Boolean",
      "bind": false,
      "required": false,
      "clearOnExport": false,
      "readOnly": false
    }

Note: Once you setup your application to use configuration service, all the service connection and service parameters data directly comes from the your configuration service. So there is no need to setup the original service connection or service parameter of the Exchange fluent function.

Enable/Disable the configuration service

  ConfigServiceName=BankwestServiceConfiguration

Note: Configuration service is an organisation level option. Once enabled, all Exchange services within the organisation will start retrieving the service connection and service parameters info from configuration service you specified above.

Shared Styles

• AuthenticID Dialog Library: exchange-authenticid-taf

• AuthenticID Document Verification Style Library: exchange-authenticid-taf

• AuthenticID Icon Font Style Library: exchange-authenticid-taf

• document-dialog-button Library: exchange-authenticid-taf

• AuthenticID Dialog Library: exchange-authenticid-taf

• success-tick-image Library: exchange-authenticid-taf