Photo matching service – a service that uses a biometric solution to determine the degree of correspondence between a photo image of the client’s face and a photo image from reliable sources. As a result of the matching, the comparison percentage is returned to the Participant.
The matching is performed for persons who have at least one of the following documents:
- identity card of a citizen of the Republic of Kazakhstan
- passport of a citizen of the Republic of Kazakhstan
- residence permit of a foreigner in the Republic of Kazakhstan
- stateless person’s ID (Kazakhstani sample).
This service is one of the stages of the procedures of verification and/or authentication and/or identification of the client’s identity, conducted by the participant. The decision on the results of these procedures, as well as the decision on the establishment of business relations with the client and/or provision of services to him/her is made by the Participant independently.
To connect a Participant to the service
For Test Environment:
Url of the test environment: onlinetest.kisc.kz
To interact with the CSOID IS module, Participants need to issue a set of cryptographic keys at the Certification Center of JSC “NPK”.
In order to receive cryptographic keys for the test environment it is necessary to fill in the template of the letter, which is placed on the test portal of the Certification Authority in the “Info” section at the address: https://betaca.kisc.kz/info Section “Info” (Example of the message for receiving test keys and registration certificates) and send it to the mail: supportca@kisc.kz.
The set of cryptographic keys of initial initialization is issued for 14 days and it is necessary to renew them for a year. In case of any questions regarding the issue of registration keys, including renewal, as well as installation and configuration of the “TumarCSP” software, please contact us by e-mail: supportca@kisc.kz or by phone: 8 (727) 250-66-75.
A set of cryptographic keys consists of GOST and RSA certificates. RSA (*.p12) certificate is required for authorization, and GOST (*.pfx) certificate is required for signing.
To unload cryptographic keys it is necessary to start cryptographic provider “TumarCSP” and go to the profile “FSystem”, in the list of keys should be displayed the issued cryptographic keys: GOST (displayed in blue color) and RSA (displayed in red color).
To upload a GOST certificate, select it, then right-click in the drop-down menu to select “Import/Export…” and then select “Export key (PKCS#12)”, specify the password and select the path for saving.
To unload an RSA certificate you should select it, then right-click on it and select “Import/Export…” from the drop-down menu and then select “Export key (PKCS#12 SSL)”, specify the password and select the path to save it.
In order to conduct testing in the test environment of the TSOID IS, the Participants should send an official letter to the Chairman of the Management Board of NPCK JSC in any form. In the letter it is necessary to indicate that for the purpose of testing the business processes of the organization, access to industrial data is required for the PINs specified in the annex in the test environment of IS IDEC. The register of PINs from the test group contains no more than 10 PINs with the text opposite each PIN and full name “I agree to the receipt, storage and processing of my personal data by third parties” and the signature of the PIN owner. Example of the table:
| № | Name and surname | IIN | Consent | Signature |
| 1 | Ivanov I.I. | 970517123456 | I agree to the collection, storage and processing of my personal data by third parties |
The scanned version should be sent to the e-mail of the NPC JSC office at: info@kisc.kz.
After receiving the cryptographic keys and adding the IIN to the test environment, you can perform testing according to the integration examples specified in the Appendix of the Memo for connecting to the COID using the “Postman” software.
For industrial environment:
IDEC IS Url: online.kisc.kz – industrial environment
Registration of the Participant in the IS COID will occur automatically after the conclusion of the contract, which is located at the address: https://www.kisc.kz/wp-content/uploads/2024/01/czoid.-dogovor-s-uchastnikom-sopostavlenie-fotoizobrazhenij.docx Tab “Model contracts” – “Contract with the Participant (photomatch)”.
If you have any questions regarding the conclusion of the contract, please contact the COID Department by e-mail: coid@kisc.kz or by phone: 8 (727) 297 91 44.
To obtain cryptographic keys in the industrial environment it is necessary to sign Appendix No. 1 of the Application/Agreement to the Agreement on the provision of services of the Authorization Center in the systems of JSC “NPCK”. Submit the signed Application/Agreement to the employees of the Certification Authority of NPC S.A. by e-mail: supportca@kisc.kz.
Issuance of cryptographic keys is performed on the portal of the KCMR Certification Authority at https://ca.kisc.kz/auth- for the industrial environment.
The set of cryptographic keys of initial initialization is issued for 14 days and it is necessary to renew them for a year. In case of any questions regarding the issue of registration keys, including renewal, as well as installation and configuration of “TumarCSP” software, please contact us by e-mail: supportca@kisc.kz or by phone: 8 (727) 250-66-75.
A set of cryptographic keys consists of GOST and RSA certificates. RSA (*.p12) certificate is required for authorization, and GOST (*.pfx) certificate is required for signing.
To unload cryptographic keys it is necessary to start cryptographic provider “TumarCSP” and go to the profile “FSystem”, in the list of keys should be displayed issued cryptographic keys: GOST (displayed in blue color) and RSA (displayed in red color).
To unload a GOST certificate you should select it, then right-click on it and select “Import/Export…” and then select “Export key (PKCS#12)”, specify a password and choose a path to save it.
To unload RSA certificate, select it, then right-click on it and select “Import/Export…” from the drop-down menu, then select “Export Key (PKCS#12 SSL)”, specify the password and select the path to save it.
Access to the production environment of the IDEC is carried out through a dedicated communication channel via IP VPN or IPSEC.
To connect via IP VPN, fill in the letter template: https://www.kisc.kz/wp-content/uploads/2024/10/shablon-dlya-podcluc-kanala-ip-1.docx.
To connect via IPSEC you need to fill in the letter template: https://www.kisc.kz/wp-content/uploads/2024/10/shablon-ipsec.docx.
The scanned version of the filled in letter template should be sent to the e-mail of the NPC JSC office at: info@kisc.kz.
After obtaining access and cryptographic keys, it is necessary to integrate the methods specified in the Appendix of the Memo on connecting to the IDC in the Participant’s systems. The methods can be verified using the “Postman” software.
| Leaflet for connecting to the IDEC | Leaflet for IDEC |
| Contract with the Participant ( photo matching) | Contract (22.11.2024) |
| Application forms |
