The FinID two-factor identity authentication service is offered as an independent API, providing a comprehensive customer identity authentication solution through a Software as a Service (SaaS) model. This service implements a series of robust authentication measures within a single request, which includes:
Biometric Verification:
SMS Verification: A one-time code is sent to the user’s phone number provided in the request for confirmation.
Consent Collection: The service also collects consents from users for processing their personal data.
As a result of these processes, JSC “NPCK” delivers the result on whether the authentication was successful or unsuccessful. If verification is successful, the user’s personal data is securely handled.
The E-Sign Management Service, offered by IDEC, enables users to sign electronic documents using cloud-based Electronic Digital Signatures (EDS). The service includes several key functions:
Requests and the generation of DECP keys are processed through the cloud EDS management service. These keys are securely stored in the Hardware Security Module (HSM) of the Certification Authority at JSC “NPCK”, in line with the policy for using registration certificates and the regulations of the Certification Authority.
According to the rules for creating, using, and storing private keys at the certification center (approved by the Minister of Digital Development, Innovation, and Aerospace Industry of the Republic of Kazakhstan on October 27, 2020, Order No. 405/NK), access to the private key is granted remotely to the owner through at least two authentication factors, one of which must be biometric. Therefore, remote access to the cloud EDS’s private key requires mandatory two-factor authentication.
Technical Specifications
For instructions on how to connect and work with IDEC, please refer to the technical specifications available at the following link: Standard agreements and other supporting documentation
Instructions for Connecting to FinID-Two-Factor Authentication Services
Here are the key steps for connecting to IDEC’s two-factor personal authentication services:
Registration: Participants must register their application on the Portal (cabinet.npck.kz) and select the appropriate service for connection.
Authorization: Each party involved in information exchange must use credentials (clientID/clientSecret) that are generated specifically for that Participant’s application.
Unique Credentials: These credentials are unique to each registered Participant’s application on the Portal.
Unified Credentials: A single application can use the same credentials to connect to multiple IDEC services.
Service Access: Once a Participant’s application is registered and connected to a IDEC service on the Portal, they gain the right to use that service.
Connection Confirmation: The connection status of the Participant to IDEC services is displayed on the application information page on the Portal.
Service Requests: To use the IDEC service, Participants must send a request to the Operator.
Request Recording: All requests processed by the IDEC service are recorded as of the moment the Participant’s application is connected to the service.
In order to connect to the IDEC’s services, a legal entity that meets the specified requirements must submit an application for connection to the Operator, following the format outlined in the relevant Service Agreement.
Documents Required for Application Submission
To apply for accession, the legal entity must sign the application and attach the following documents:
Application Submission Process
The application for joining the two-factor authentication services agreement must be submitted either in person or by registered mail to the following address: JSC “NPCK”, Almaty, Koktem Microdistrict 3, Building 21.
All attached documents should be submitted with their copies.
Additionally, it is permissible to submit the signed application electronically through an electronic document management system, in accordance with the current legislation of the Republic of Kazakhstan.