Remote (mobile) identity verification of government-issued identity documents has become a popular way to validate user’s identity before they are allowed to create an account and proceed with FIDO Authentication. Similarly, when a user attempts to create an account, recover account access, or resent a password, their identity should be validated again.
Mobile document verification solutions check the format of the document, the document image and selfie to score the validity and consistency of the information, but the lack of an industry-defined program to validate performance claims has led to concerns over variances in the accuracy and reliability of these solutions.
To fill this gap, the FIDO Alliance launched the Document Authenticity (DocAuth) Certification Program for remote identity verification–the first such program for the industry at large. The program utilizes FIDO Accredited Laboratories to test and evaluate that mobile document verification solutions meet globally recognized performance criteria and are fit for commercial use.
The Document Authenticity (DocAuth) Program introduces a new set of performance criteria requirements to the FIDO Certification Program. The goal of the certification program is to provide a framework for the certification of mobile document verification solutions that can in turn maintain and improve FIDO’s value proposition for strong authentication.
This page contains the Policy and Requirements Documents and detailed information about the Document Authenticity (DocAuth) Certification Process.
Document Authenticity (DocAuth) Certification Process
FIDO Alliance’s Document Authenticity (DocAuth) Certification Program is independent of its other certification programs. There are no FIDO certification prerequisites to apply for DocAuth certification for a mobile document verification solution.
The following figure and paragraphs explain the overall certification process of a mobile document verification solution.
In order to apply for an application of a solution, the vendor first needs to complete a [NDA] and notify the [Document Authenticity (DocAuth) Secretariat at email@example.com] of intent to complete testing and certify.
In this step of the overall process the vendor submits the mobile document verification solution to a FIDO Accredited Document Authenticity (DocAuth) Laboratory along with its required documentation and enters into an agreement for testing. A time estimate is provided by the accredited laboratory; vendor and laboratory agree on the cost involved for testing.
The FIDO Accredited Laboratory is responsible for testing against the performance criteria requirements and testing procedures.
A list of FIDO Accredited Document Authenticity (DocAuth) Laboratories follows:
- FIDO Document Authenticity (DocAuth) Program
Laboratory Certificate: LA01000020211201001
Certificate Issue Date: 1 December 2021
- FIDO Document Authenticity (DocAuth) Program
- FIDO Biometric Component Program
Laboratory Certificate: LA01000020180718001
Certificate Issue Date: 18 July 2018
The accredited laboratory performs testing and returns a laboratory report to the vendor and to FIDO’s Document Authenticity (DocAuth) Secretariat. The DocAuth Secretariat reviews the laboratory report and makes a decision to approve, reject, or ask for clarification.
After the laboratory report has been approved, the vendor completes a certification request.
FIDO’s Certification Secretariat reviews and, if complete, approves the certification request and issues an invoice for the Document Authenticity (DocAuth) Certification Fee.
Document Authenticity (DocAuth) Certification Fees:
- FIDO Member: $10,000 USD
- Non-Member: $13,000 USD
Upon receipt of payment, the FIDO Certification Secretariat will issue the document authenticity (DocAuth) certificate.
Policy and Requirements Documents
FIDO Document Authenticity (DocAuth) Certification Policy This policy governs the biometric certification aspects of the FIDO Certification Program. It defines the overall process of the document authenticity (DocAuth) certification and also answers questions around recertification.
Document Authenticity (DocAuth) Certification Policy v1.0 (ACTIVE): HTML | PDF
FIDO Document Authenticity (DocAuth) Vendor NDA Non-disclosure Agreement to be signed by document validation (document reader) solution Vendors (Implementers) completing Document Authenticity (DocAuth) Certification.
FIDO Document Authenticity (DocAuth) Requirements This document defines the requirements and test procedures for document authenticity (DocAuth) certification.
FIDO Document Authenticity (DocAuth) Requirements v1.0 (ACTIVE) HTML | PDF
FIDO Document Authenticity (DocAuth) Test Plan Template This document contains a template for a test plan template for a document validation (document reader) solution.