Features

This article describes the features of IDUnico.

Biometric Analysis

This consists of using facial biometrics to authenticate people and generate a return of authenticity.

The API Guide article provides information on how to manage biometric transactions.

The CreateProcess method creates a process by sending the person's image and information.

The GetProcess method gets the result of the created process. It is used with the ID returned in the CreateProcess method

This method can be used every 2 seconds to check the status of the process. For more information on all the possible statuses, see Process Status.

Synchronous APIKey

When the APIKey configuration is Synchronous, the result of the IDUnico is returned in the CreateProcess method.

Asynchronous APIKey

If your APIKey configuration is asynchronous, the IDUnico result is returned in the GetProcess method.

IDSerpro

The IDSerpro flow is a solution added to IDUnico in the API return for customers who ask the CSs and/or Onboarding team to enable the SERPRO query information in the APIKey.

How it works:

After requesting that the SERPRO query information be enabled in the APIKey, simply send the selfie and the person's information to IDUnico, where the return will contain the ID result and the SERPRO information.

The process is part of the CreateProcess call. For more information on this method, see Create Process.

The return happens as follows:

1 - If the APIKey is Synchronous, the return is made in the CreateProcess itself.

2- If the APIKey is Asynchronous, the return is made through the GetProcess method (more details in Get Process - IDUnico).

The percentage of similarity is returned and if the information is not found in SERPRO, the return in serpro similarity is -1. The government field has been added to the API return as follows:

IDUnico return yes

{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "status": 3,
  "unicoId": {
    "result": "Yes"
  },
  "government": {
        "serpro": 93.0
    }
}

IDUnico return inconclusive

{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "status": 3,
  "unicoId": {
    "result": "inconclusive"
  },
  "liveness": 1, 
  "score": 10,
  "government": {
        "serpro": 50
    }
}

Important

It is necessary to ask the CSs and/or Onboarding team to enable the information in the API Key.
The information mentioned above adheres to the fields required by DataPrev in IN138.
The return of the serpro value happens for both Yes and Inconclusive returns in IDUnico.

IDUnico + IDCheck

This feature makes the Authentication Score available in the IDUnico API responses. In other words, it allows you to orchestrate the responses from both products, IDUnico and Check, in a combined way.

Through the API Key, it is possible to identify customers who do or do not have the IDUnico + IDCheck combination option.

Important

For a new customer who is contracting IDUnico, the use of the IDUnico + IDCheck combination is done by creating an instance in Check through the onboarding/customer team.

IDUnico + Authentication Score

When biometrics are captured and the identity is validated (onboarding), the result of the IDUnico is checked. If the result is yes, the identity can be approved. If the result is inconclusive, a query is made to the Unico Check Authentication Score and a score is returned for decision making.

The IDUnico REST API has the Proof of Life (liveness) and Authentication Score (score) fields to return the Check information. Therefore, the following return is available for the client's decision:

Liveness: Live and Not live. Indicates whether it is a live photo or not. For more information, see Liveness.
IDUnico (id): Yes or Inconclusive. Indicates the authenticity of the CPF.
Authentication Score (score): Indicates the probability that the person in the photo is the CPF holder. For more information, see Authentication Score.

Guidelines:

How to combine the results in decision making:

Deny the transaction whenever Liveness is Not Live.
Approve the transaction whenever IDUnico is Yes.
When Liveness is Live and IDUnico is Inconclusive, make the decision to Approve or Deny the registration according to the guidelines for using the Unico Check Authentication Score.

The following image illustrates the guidelines more clearly:

Biometric Token

The Biometric Token performs a check to ensure that the person performing a given action is the same as the person in your database.

Thus, quickly, with little friction and with the possibility of achieving a false positive rate of 0.0001% using Proof of Life, your application is told whether the face sent and the face in the register correspond to the same person.

Examples of token use

Password recovery;
Any process that uses an external token (corporate access, logins to bank websites, brokerages, fintechs, etc);
Unlocking cards;
Token installation on devices;
Increasing transaction limits;
Purchases of high-value products;
Payment with private label card;
Access to ATMs;
Logins to infrequently used applications;
Places with access control.

How the token flow works

Note

For the token to work, it is important that the IDs generated by the CreateProcess method are stored in a database.
For Liveness to be validated (Active Liveness), the Json Web Token (.jwt) captured by the SDK must be sent in the selfie field of the payload.

The Biometric Token compares the image of a face sent with the image of a face already in its database.

Below are the 3 stages of the token flow: import Steps from '@site/src/components/Steps';

Sending the captured image and the transaction ID
The application sends the captured image and the transaction ID:
- The captured image is the selfie that the user takes at the time of authentication.
- The transaction ID is the same as that obtained when creating a biometric transaction in IDUnico. This ID is obtained in the response of the CreateProcess method.
CConsistency checks
Analysis of photo quality and transaction ID validity
- Quality of the photo sent: If the photo does not meet the standards recommended by Unico, an error message is returned. For more information on the recommended standards, see the article Capture Pattern
- Validity of the transaction ID: It is checked that the ID format is correct (following the same numerical pattern as a valid ID) and that it has a valid status.
Atention
Only IDs with a completed process are accepted, so canceled IDs or IDs under analysis (when there is the combination IDUnico + IDCheck) are not accepted.
Comparison result
Comparison of the uploaded image with an existing image in your database. This comparison returns one of the following answers:
- True: the compared images correspond to the same person. In other words, the person carrying out the action is the person registered.
- False: the compared images do not correspond to the same person. In other words, the person performing the action is not the person registered.

Any concerns?

Missing something or still need help? If you are already a customer or partner, you can contact us through the Help Center.

Biometric Analysis​

Synchronous APIKey​

Asynchronous APIKey​

IDSerpro​

How it works:​

IDUnico + IDCheck​

IDUnico + Authentication Score​

Guidelines:​

Biometric Token​

Examples of token use​

How the token flow works​

Sending the captured image and the transaction ID​

CConsistency checks​

Comparison result​

Any concerns?​