|
|
|
Online Verification of Identity Card and Retrieval of Personal Data
Press Release 2004-10-07 At present, if private entities (e.g. banks, companies, factories, etc) have to verify the identity cards of their staff or customers, they can send the photocopies of the relevant identity cards to the Identification Department (hereinafter referred as “DSI”) and request for verification. If they need to verify personal data such as marital status, they can send their request to DSI along with the authorization letters signed by the cardholders. In emergency, private entities approved by DSI in advance can send their request through fax. The above process requires a certain amount of time to complete. This time, we introduce the service of “Online Verification of Identity Card and Retrieval of Personal Data” with the purpose of providing private entities with a fast and convenient way for verification. When using this service, there is no need to send photocopies of identity cards or authorization letters to DSI. Verification or retrieval can be done instantly through DSI's particular website. The device required is simply a personal computer with internet access and a card reader with a built-in keypad. Private entities have to first register at DSI to obtain a user ID and password for logging into the particular website (URL: webportal.dsi.gov.mo ). Moreover, prior to first time use, fundamental setup performed by DSI staff is required. For those private entities that have already registered, DSI will issue a certificate for them to display at eye-catching area. Furthermore, DSI will publish a list of registered private entities on its website (URL: www.dsi.gov.mo ) for the public's information. Private entities have to enter their user IDs and passwords to login. Once verified, they can start to use the service. To verify the authenticity of the identity card, one can insert the electronic identity card (hereinafter referred as “electronic ID”) into the card reader and request the cardholder to enter the Confirmation PIN through the built-in keypad. To verify client's personal data such as marital status or parents' names, cardholder is requested to enter the Ordinary PIN to retrieve the data. Before entering the Ordinary PIN, cardholder should ensure that the private entity has already registered at DSI by referring to the certificate issued by DSI or the published list of registered entities as mentioned above. Personal data will be read from the chip and display on the webpage directly; it will not be recorded during the whole process. In addition, PIN entered through the built-in keypad on the card reader is sent directly to the electronic ID for verification without passing through the computer, hence it will not be copied down. Nevertheless, SSL certificate is installed at the website to assure users that the website is authentic. Moreover, all transactions are secured by SSL encryption to prevent data transmitted between the website and the personal computer from sniffing by third party. During verification, private entities can select to print the result for record keeping. All verification records are logged in DSI. Log information includes date, time, user ID, unique reference number, electronic ID's chip serial number, and type of verification. These logs, kept as records and serving as proof of verification, are confidential. The PIN letter obtained together with the identity card contains the Ordinary PIN and the Confirmation PIN. Residents can change their PINs through the self-service kiosks located at DSI. If residents forget their PINs, they can seek assistance at DSI's service desk. Private entities interested in using the “Online Verification of Identity Card and Retrieval of Personal Data” service can submit a written application to DSI together with photocopies of legally registered identity documents. Lastly, as a reminder, according to Article 14 of Law No. 8/2002 (<Regime of Resident Identity Card>), it is an offense: to counterfeit or modify programs or program interfaces prepared by DSI for access to chip data without permission; to analyze password of the certification system used by DSI for verifying the authenticity of resident identity card and cardholder's identity electronically without permission, in order to obtain protected data; to counterfeit or damage the component of certification in DSI's official website for verifying the authenticity of resident identity card and cardholder's identity electronically, or interfere with its operation; to damage the certification system used by DSI for verifying the authenticity of resident identity card and cardholder's identity electronically, or interfere with its operation; to counterfeit or modify without permission the certification system used by DSI for verifying the authenticity of resident identity card and cardholder's identity electronically.
|
|
|
|
|
