Adobe Sign Authentication Method: Government ID

Overview

Powered by advanced machine learning algorithms, Adobe Sign’s Government ID process empowers companies across the globe with the ability to secure a high-quality authentication of their recipient's identity.  

Government ID is a premium identity authentication method that instructs the recipient to upload the image of a government-issued identity document (driver’s license, national ID, passport), and then evaluates that document to ensure it's authentic. 

Supported documents include:

  • Global Passport
    • All ICAO-compliant passport books
  • Driver license / National ID / Residence Permits
    • United States of America
    • Great Britain
    • Canada
    • France
    • Germany
    • Ireland
    • Italy
    • Netherlands
    • Spain

The service evaluates the document image to verify that it is genuine and unaltered by validating dozens of elements within the document, including:

  • Document structure
  • Biographical data
  • PDF417 barcode (if applicable)
  • Machine-readable zone (if applicable)
  • Security features
  • Photo zone
  • Signature
Biometric comparison: In addition to the document verification, an optional biometric comparison can be enabled upon request. The biometric comparison guides the recipient to take a real-time image (a "selfie") and then evaluates that image relative to the image on the uploaded document. The biometric comparison requires the recipient to respond to on-screen prompts to display "liveness", ensuring previously taken static images are not used.
  1. Recipients are first made aware of the agreement via an email notification which contains a Review and sign button to access the agreement contents:

    Email call to aaction

    When the Review and sign button is clicked, the authentication challenge is triggered.

  2. The recipient is prompted to provide a phone for a smartphone that can accept text messages,

    This is required for the image capturing application that compares the ID document to the government database.

    • There is a 15-minute time limit to complete the verification process that starts once the email link is clicked.
    • Once the text message is sent, a blue message appears indicating the message is sent, and the link in that message has a five-minute expiration.
    Link sent message

    Note:

    If the signature process is started on a smartphone, this phone number step is skipped.

  3. A text message is delivered to the provided phone number with a link to the ID service.

    Once the link is clicked, the recipient is given the option to authenticate with either a Driver's License / ID card or a Passport.

    Gov ID first steps

    Note:

    During the process of gathering and verifying the document content, the original notification page displays a status message that the details are being verified:

    gov_id_verificationinprocess

  4. When using a driver's license or ID card the app prompts the recipient to take an image of:

    • The front of the card
    • The back of the card
    • Themselves (Optional based on account configurations)

    If using a Passport, only one image of the passport is required.

    Gov ID Front and back

  5. Optional real-time self-image for biometric comparison to the document image.

    If the real-time "selfie" option is enabled for the account, the recipient is instructed to perform some live action to demonstrate that the recipient is real and reacting to the prompts of the image capture application.

    When the "liveness" test is passed, the app captures the image and performs the biometric comparison to the identity document's image.

  6. Once the identity is successfully verified, the recipient is granted access to the agreement and can complete their actions on the original device where the email was opened.

    • The name of the recipient as presented on the ID is imported to the signature field and can not be edited
    Gov ID Success

    The recipient has five attempts to verify their ID successfully. If they all fail five attempts, the agreement is canceled, and the sender is notified.

    Failed authentication

Layer 1 - Document validation:

The first layer of technology provides a seamless and secure method to validate an identity document presented in a digital transaction; ensuring that the document is genuine and unaltered.

Combining a best-in-class capture experience with a proven ID document verification engine ensures trusted digital identity proofing with a seamless user experience.

Government ID verification is available for all Latin-based languages and supports thousands of international and domestic identity documents, including:

  • Passports
  • ID Cards
  • Driver’s Licenses

To achieve reliable results, the service delivers each of the following:

  • Guided document capture - Users are instructed how to take a quality photo for optimal processing
  • Document classification – “Computer vision” algorithms recognize and classify thousands of government-issued documents, allowing for reliable data extraction and document validation
  • Data extraction - Going beyond simple optical character recognition, this service deconstructs the document and analyzes the content of each field
  • Evaluation of authenticity elements - A combination of artificial intelligence techniques validate dozens of elements within the identity document, including:
    • Document structure - Physical attributes of the ID document are evaluated for correct size, material, shape, color, layout, etc.
    • Biographical data - Printed data that identifies the individual is evaluated for font usage, color, acceptable values, etc.
    • PDF417 barcode (if applicable) - OCR results of the biodata from the front are compared with the data extracted from the PDF417 barcode at the back
    • Machine-readable zone (if applicable) - The Machine Readable Zone (MRZ) printed area is checked for font usage, presence, check digits, etc.
    • Security features - Both visual and invisible security features of the ID are checked for presence, position, content, etc.
    • Photo zone - Portrait, or main picture, is evaluated for having a human face, orientation, color, etc.
    • Signature - The signature section is checked for presence, font type, matching with known samples, etc.

 

Layer 2 - Biometric comparison:

The second layer of authentication matches the portrait extracted from the ID document with a "selfie" from the user through a biometric facial comparison; affirming that the user submitting the ID document is its rightful owner.

Anti-spoofing techniques

  • Video frame analysis is used to ensure the user can take a quality selfie in optimal capture conditions
  • During the process of capturing the selfie, the recipient is instructed to perform an action (e.g.: Smile!) to demonstrate "liveness"
  • Lighting, focus, and alignment are some of the conditions evaluated

 

Once the recipient's identity is verified, the agreement is opened for review and available for any actions assigned to the recipient (e.g., form filling, signatures).

Note:

The Government ID authentication method is available to the enterprise service plan only but is not available for accounts purchased via the VIP program.


Configuring the Government ID authentication method when composing a new agreement

When Government ID is enabled, the sender can select it from the Authentication drop-down just to the right of the recipient's email address.

Select the authenticaation method

If Government ID isn't on the list, then Government ID isn't enabled for the group that the user is sending the agreement from, and an admin will have to enable it.


Consumption of premium authentication transactions

Government ID authentication is a premium authentication method that has a per recipient charge.

  • Government ID transactions must be purchased and installed before the option can be used
  • Government ID transactions are consumed per recipient configured with the Government ID authentication method
    • One agreement configured with three recipients, two of which authenticate with Government ID, consumes two authentication transactions
  • Authentication transactions are deducted from the account total when the agreement is sent to authoring (as a draft agreement) or sent to the first recipient (as an in-progress agreement)
    • Canceling a draft agreement refunds the authentication transactions to the account total
    • Canceling an in-progress agreement does not refund any authentication transactions
    • Changing an existing authentication method to Government ID consumes one license
    • Changing the authentication method from Government ID does not refund the authentication transaction
      • Changing the authentication back and forth with Government ID only ever consumes one transaction (for any given recipient)
Government ID Track Usage


Signer Identity Report (SIR)

Adobe Sign does not retain the identity information gathered during a Government ID authentication by default. However, account-level admins can request to store the identity information in the Adobe Sign system via the Signer Identity Report (SIR).

The SIR contains data collected during Government ID verification (e.g., signers’ Government ID images, face image, phone number, data extracted from Government ID, etc.).

The SIR:

More information on the SIR can be found here >


Audit Report

The audit report clearly indicates that the recipient identity was verified with a Government ID authentication:

Government ID Audit report event

If the agreement is canceled due to the recipient being unable to authenticate, the reason is explicitly stated.

Failed authentication in the audit report


Best Practices and Considerations

  • If using second-factor authentication for internal recipients, consider the Adobe Sign Authentication method instead of Government ID to reduce the friction of signing and save on the consumption of the premium authentication transactions


Configuration Options

Enable the authentication method under Send Settings

Access to Government ID authentication requires that a contract is in place for an annual volume of recipients. Until this is configured on the back-end, the option is not visible in the administrator's interface.

Once the purchase of the identity transactions has been entered into the system, admins will find the controls for exposing Government ID authentication on the Send Settings page with the other identity authentication methods.

Enable the method by checking the Government ID authentication box.

  • Once the method is enabled, the admin will have the option to set Government ID authentication as the default value for new agreements. The option is not visible until the method is explicitly enabled:
Government ID authentication controls


Optional "Selfie" biometric comparison

Customers that would like to include the biometric comparison between the identity document and a real-time selfie of the recipient can contact the support team to have the feature enabled.


Automatic agreement cancelation when a recipient fails to authenticate

The Government ID service is configured to allow up to four consecutive failed attempts to authenticate the recipient's identity. After the fifth failure, the agreement is automatically canceled in the system, and the agreement owner is notified of the agreement being canceled due to an authentication failure.

The option to configure this threshold is not in the customer-facing interface. Account admins can request that the cancelation threshold be adjusted to another value through the support team.

Failed authentication

Adobe logo

Sign in to your account