Ссылка на старый сайт

Photo Matching Service – service that helps you compare a photo of your face to a photo from a reliable source. It uses a special technology called biometrics to determine how closely the two photos match. As a result of matching client receives a percentage score indicating the level of similarity.

Who can use this service?

This service is available for anyone who has one of the following documents:

  • Kazakh National ID Card
  • Kazakh Passport
  • Residence Permit for Foreigners in Kazakhstan
  • ID of a person without citizenship (Kazakhstani sample)

What is this service used for?

This service is one step in a process often used to verify your identity. Verification can be used for various purposes, such as establishing business relationships or accessing services. It’s important to note that the final decision on whether to verify your identity, do business with you, or provide services is made independently by the organization offering this service (the Participant).

Technical Details (For Developers Only)

This section is intended for developers interested in connecting their systems to the Photo Matching Service. It includes details about:

Test Environment:

This provides information on how to access a test version of the service for development purposes. It includes the test environment URL (onlinetest.kisc.kz) and instructions on obtaining cryptographic keys.

To get started with the test environment, you’ll need cryptographic keys. Here’s how to get them:

  1. Visit the Certification Authority Portal: Go to this website: https://betaca.kisc.kz/info. This is the portal of the Certification Authority (CA) that issues the keys.
  2. Find the Key Request Template: On the CA portal, look for a section called “Info” or something similar related to requesting keys. There, you should find a template document you can use to request test keys and registration certificates.
  3. Fill Out and Submit the Template: Download the template, fill it out with the necessary information, and submit it according to the instructions on the CA portal.
  4. Contact Support (Optional): If you have any trouble finding the template or have questions about the process, you can contact the CA support team at supportca@kisc.kz.

Initial Cryptographic Key Set

  • Validity: Your initial set of cryptographic keys is valid for 14 days and needs to be renewed annually.
  • Support: For any questions regarding key issuance, renewal, or installation and configuration of the “TumarCSP” software, please contact supportca@kisc.kz or call 8 (727) 250-66-75.
  • Key Composition: The cryptographic key set includes both GOST and RSA certificates. The RSA (.p12) certificate is used for authorization, while the GOST (.pfx) certificate is used for signing.

Extracting Cryptographic Keys

  • Launch “TumarCSP”: To extract your keys, start the “TumarCSP” cryptographic provider.
  • Locate Keys: Navigate to the “FSystem” profile. Here, you should see your issued cryptographic keys: GOST (displayed in blue) and RSA (displayed in red).
  • Export GOST Certificate: Right-click on the GOST certificate, select “Import/Export…”, then choose “Export Key (PKCS#12)”. Set a password and choose a save location.
  • Export RSA Certificate: Right-click on the RSA certificate, select “Import/Export…”, then choose “Export Key (PKCS#12 SSL)”. Set a password and choose a save location.

Testing in the IDEC’s Test Environment

  • Formal Request: To test in the IDEC’s test environment, you need to send a formal letter to the Chairman of the Board of Directors of JSC “NPCK”.
  • Request Details: In your letter, specify that you need access to production data for the IINs listed in the attachment, for the purpose of testing your organization’s business processes in the IDEC’s test environment.
  • IIN List: Include a list of no more than 10 IINs in the attachment. For each IIN, include the text “I agree to the collection, storage, and processing of my personal data by third parties” and the individual’s signature.

Example of List with IINs:

Name and surname IIN Consent Signature
1 Ivanov I.I. 970517123456 I agree to the receipt, storage and processing of my personal data by third parties
Note: IIN stands for Individual Identification Number, which is a unique identifier for individuals in Kazakhstan.

Sending Scanned Documents

  • Email Address: Send scanned documents to the JSC “NPK” office at info@kisc.kz.

Post-Key Issuance and Testing

  • Testing: Once you’ve received your cryptographic keys and added IINs to the test environment, you can start testing using the integration examples provided in the “IDEC Connection Guide” Appendix, using the “Postman” software.

Production Environment:

The URL for the production environment of IDEC is: online.kisc.kz.

Registration and Contracts

Obtaining Cryptographic Keys for Production Environment

  • Signed Application: To get cryptographic keys for the production environment, you need to sign Appendix 1 of the “Application/Agreement for the Provision of Certification Center Services in JSC “NPCK” systems.” Send the signed document to the JSC “NPK” Certification Center at supportca@kisc.kz.
  • CA Portal: Keys are issued on the KCMR Certification Center portal: https://ca.kisc.kz/auth.
  • Key Validity: Initial keys are valid for 14 days and need annual renewal. For questions about keys, contact supportca@kisc.kz or 8 (727) 250-66-75.
  • Key Composition: Keys include GOST (for signing) and RSA (for authorization) certificates.

Extracting Cryptographic Keys

  • TumarCSP: Use the “TumarCSP” cryptographic provider to extract keys.
  • Export: Right-click on the desired certificate, choose “Import/Export,” then select “Export Key (PKCS#12)” or “Export Key (PKCS#12 SSL)” and follow the prompts.

Accessing the Production Environment

  • Dedicated Connection: Access the production environment via a dedicated IP VPN or IPSEC connection.
  • Connection Requests: Use the templates below to request a connection.:

– To connect via IP VPN you need to fill in the email template: https://npck.kz/wp-content/uploads/2024/09/shablon-dlya-podcluc-kanala-ip.docx

– To connect via IPSEC, please fill in the email template:  https://npck.kz/wp-content/uploads/2024/09/shablon-ipsec.docx

Send the completed and scanned template to info@kisc.kz.

Integration and Testing

  • Integration: Once you have access and keys, integrate the methods described in the “COID Connection Guide” Appendix into your systems.
  • Testing: Use “Postman” to test the integration.