Ссылка на старый сайт

FinID – Two-Factor Authentication of Identity Service

The FinID two-factor identity authentication service is offered as an independent API, providing a comprehensive customer identity authentication solution through a Software as a Service (SaaS) model. This service implements a series of robust authentication measures within a single request, which includes:

  1. Biometric Verification:

    • Liveness Checking: This process ensures the user is physically present, detecting potential identity spoofing attempts using photos, videos, masks, deepfakes, etc.
    • Image Comparison: The photo captured during the liveness check is compared against a reference image from official state sources.
  2. SMS Verification: A one-time code is sent to the user’s phone number provided in the request for confirmation.

  3. Consent Collection: The service also collects consents from users for processing their personal data.

As a result of these processes, JSC “NPCK” delivers the result on whether the authentication was successful or unsuccessful. If verification is successful, the user’s personal data is securely handled.

 

E-Sign – Cloud Electronic Digital Signatures Management Service

The E-Sign Management Service, offered by IDEC, enables users to sign electronic documents using cloud-based Electronic Digital Signatures (EDS). The service includes several key functions:

  • Issuance, reissuance, and revocation of cloud EDS registration certificates for individuals.
  • Verification of the authenticity of digital signatures on signed electronic documents.
  • Access to and viewing of a list of signed documents.

Requests and the generation of DECP keys are processed through the cloud EDS management service. These keys are securely stored in the Hardware Security Module (HSM) of the Certification Authority at JSC “NPCK”, in line with the policy for using registration certificates and the regulations of the Certification Authority.

According to the rules for creating, using, and storing private keys at the certification center (approved by the Minister of Digital Development, Innovation, and Aerospace Industry of the Republic of Kazakhstan on October 27, 2020, Order No. 405/NK), access to the private key is granted remotely to the owner through at least two authentication factors, one of which must be biometric. Therefore, remote access to the cloud EDS’s private key requires mandatory two-factor authentication.

 

Technical Specifications

For instructions on how to connect and work with IDEC, please refer to the technical specifications available at the following link: Standard agreements and other supporting documentation

 

Instructions for Connecting to FinID-Two-Factor Authentication Services

Here are the key steps for connecting to IDEC’s two-factor personal authentication services:

  1. Registration: Participants must register their application on the Portal (cabinet.npck.kz) and select the appropriate service for connection.

  2. Authorization: Each party involved in information exchange must use credentials (clientID/clientSecret) that are generated specifically for that Participant’s application.

  3. Unique Credentials: These credentials are unique to each registered Participant’s application on the Portal.

  4. Unified Credentials: A single application can use the same credentials to connect to multiple IDEC services.

  5. Service Access: Once a Participant’s application is registered and connected to a IDEC service on the Portal, they gain the right to use that service.

  6. Connection Confirmation: The connection status of the Participant to IDEC services is displayed on the application information page on the Portal.

  7. Service Requests: To use the IDEC service, Participants must send a request to the Operator.

  8. Request Recording: All requests processed by the IDEC service are recorded as of the moment the Participant’s application is connected to the service.

In order to connect to the IDEC’s services, a legal entity that meets the specified requirements must submit an application for connection to the Operator, following the format outlined in the relevant Service Agreement.

 

Documents Required for Application Submission

To apply for accession, the legal entity must sign the application and attach the following documents:

  1. A certificate or document of state registration or re-registration of the legal entity.
  2. Protocol (or decision) from the authorized body of the legal entity, along with an order appointing the first manager.
  3. Certificate of value-added tax registration.
  4. The entity’s charter.
  5. A power of attorney confirming the applicant’s authority if the application is signed by someone other than the first manager.
  6. Certificate of registration in the NB RK or ARRDF, if applicable.
  7. License issued by the ARDF, if applicable.
  8. License from the MFCA Committee for Regulation of Financial Services, if applicable.

 

Application Submission Process

The application for joining the two-factor authentication services agreement must be submitted either in person or by registered mail to the following address: JSC “NPCK”, Almaty, Koktem Microdistrict 3, Building 21.

All attached documents should be submitted with their copies.

Additionally, it is permissible to submit the signed application electronically through an electronic document management system, in accordance with the current legislation of the Republic of Kazakhstan.