New biometric ID cards fortify entry into the EU

Smart Engines’ release of new secure AI-powered software is able to scan new biometric ID cards and residence documents of EU citizens as well as new Schengen visas in accordance with the Regulation (EU) 2019/1157 which came into force in August 2021. Michelle Winny spoke with Vladimir Arlazarov, CEO of Smart Engines, Ph.D. to find out more.

Smart Engines is a science company with a focus on AI-related R&D at the forefront of document recognition, image processing, technical vision, machine learning, graph theory and optimisation. Here’s what Vladimir Arlazarov, CEO of Smart Engines, Ph.D. told PCR.

Please could you explain a bit more about Smart Engines deliverance of OCR to new EU electronic ID cards, what does this offer?
Imagine you are in the middle of a queue, heading to an important meeting you can’t be late too, trying to scan your ID so you could get in – and it just doesn’t work. This has happened to most of us, but this wouldn’t happen at all if every terminal or every place/bank/service which required personal verification would have had installed Smart Engines software.

Our software works to reduce friction for the end user because we teach our Artificial Intelligence according to standards: we carefully studied the new ID format and designed our AI-based OCR (Optical Character Recognition) technology to always understand this new format. The Smart ID Engine scans and recognises EU ID cards independently from environmental conditions like capture angles and lighting and ensures personal data privacy and security for EU citizens.

The fact that the new EU electronic ID cards have changed in visual appearance and additional visual security features have been introduced allows us to apply our document template analysis technologies besides text OCR. It is not enough to simply recognise all text fields – our solutions specifically search for the ID cards as they should visually appear, and allow us to control visual security features.

This control almost eliminates the possibility of identity theft in case someone tries to use a scan of your ID, for example: the fact that our AI-based OCR understands the authenticity of your ID will significantly complicate the possibility of using your stolen data in the event this happens.

Please could you explain a bit more about Smart Engine’s new secure AI-powered software and how it provides accurate and fast scanning of new electronic ID cards of EU member states?
Our AI-powered software processes ID document images and recognises them without any data leaving the client’s infrastructure. The main feature of our solutions is that the recognition of ID images must be autonomous. When it comes to personal data, especially biometric ID data, it is in our policy that there must be no compromises. If the process requires sending of any sensitive data through Internet channels (however secure) to third-party services or servers (however reliable), such processes must always be taken with a grain of salt and undergo tight scrutiny. Solutions delivered by Smart Engines are always deployed on the client premises, or even on the end-user devices, to ensure maximum security.

We want to note once again that our software does NOT transfer EU citizens’ data to third-party services and/or third parties for manual processing, does NOT save or store it – the scanning process is performed in the local RAM of the device, and it does NOT require Internet access.

How does this solution address the need to strengthen ID security?
Modern ID documents employ many different technologies, which help to improve their security, as well as facilitate identification processes. For example, machine-readable zone (MRZ) in international passports and travel documents (including most European IDs) was introduced to standardise the way document issuers encode critical information and facilitate its automated entry by specialised hardware. This process is continued with the addition of QR codes and embedded chips. A sophisticated AI-based ID document analysis system (such as Smart ID Engine) can take advantage of these document features: critical data fields which are present in the visual inspection zone (VIZ) and which we recognise with our GreenOCR technology, can be cross-verified with the corresponding fields in the MRZ. The data encoded in QR codes can also be used to verify the information written in the VIZ, but with an additional property of error correction which is used in some QR-codes and other matrix barcodes. All this helps to achieve multiple goals at once: make the personal data more secure; decrease the possibility of fraud; and increase the reliability of AI-based analysis.

Embedded chips add an additional security layer – they typically encode another copy of personal data, as well as specific biometric details such as high-resolution photo and fingerprint. To scan these you need additional hardware besides the camera (an antenna to read the chip), but it is not enough – to decode the information you need to supply access codes, which can be computed after reading the document (specific RFID code in the visual inspection zone, or fields of the MRZ). This is enforced by the manufacturers of ID documents to prevent illicit scanning. Thus, to access the biometric chip a preliminary analysis of the data written on an ID document is still required.

All this boils down to a single main point: the more secure the government-issued ID document is, the more security measures it features, the more value our solutions can bring to the customers. Additional levels of security, which are checked by our AI mean fewer errors and higher reliability, without compromising data privacy.

Please explain how Smart Engines OCR understands new ID template types?
We developed new Deep Visual Memory technology that boosts the localisation and identification of IDs while scanning in a video stream and in photos. This feature is a crucial tool in Smart ID Engine for eliminating manual and time-consuming tasks in ID verification, user onboarding and check-in processes.

Deep Visual Memory is a special AI-based stack of algorithms, one of the latest achievements of Smart Engines scientists in the field of computational geometry and machine learning. The main technology task is to quickly detect the document location, as well as to reduce the number of false system operations during the determination of the ID type. With the new feature, Smart Engines AI-powered solutions instantly extract data from more than 1810 IDs from over 210 territories worldwide.

How does the AI-driven Smart ID Engine extend the number of supported documents?
It happens naturally with new documents’ release. When it comes to new IDs, for instance, we carefully study them, and later on test them: there is the whole process of introducing new templates to our Smart ID Engine, because every new document has to go through the entire development cycle. Governments usually release ID templates (with generated synthetic data) with technical specifications, and we can move on from there – for our technology it’s quite enough to start understanding it. Our methods of machine learning allow us to use only synthetic data following the idea of responsible artificial intelligence in the core of our product. Being responsible means being environmentally friendly, hence “Green” in our GreenOCR technology.

We are constantly adding new identity document types to the system, as well as new templates for those IDs we already support. Thus, our product’s functionality is always up-to-date with our client’s requirements.

Please could you tell us a bit more about the current need for greater personal security and what end users should be considering in order to safeguard their clients identity?
Smart Engines main goal is to be completely secure and safe for the end user and the business. Unfortunately, not everyone follows the same approach to security of users, thus making data leakage the everyday reality of each one of us.

When you give your consent to a bank to use your data, you expect a bank to take care of it – as in, use it inside their database. Banks with advanced IT-departments don’t let their clients’ info go outside, but some use the so-called cloud services to identify and scan documents as they usually have to work with millions of them. These services don’t have the tech to identify documents, they either use real people to identify them, or try to equip themselves with technology like ours. Imagine this distribution scheme: your data → banks → third parties → people who recognise documents manually.

Those who give away their users’ data should think twice: the consequences of the data breach for a bank will be extremely painful both economically and socially. Our products have been designed to meet Green AI principles and are aimed to provide a higher level of privacy protection and security for users and businesses against document fraud.

What threats or challenges does the current scope of personal security face and how can this be addressed?
To convey our thought process on the subject let’s take a look at the food industry. We, as a civil society, made food companies comply with health protocols so now each and every product must be properly labeled with updated nutrition information to assist consumers in maintaining healthy dietary practices. The governments have to regulate the process now and make food and beverage companies follow rules and standards.

The same approach should apply to personal data. When it comes to protecting it, we are at a critical juncture. We give away deep data (big data that is of high quality, relevant, and actionable) without asking where it goes, why and how it influences our future. Once any bank asks your consent to use your data, no matter its agenda, it is necessary to demand disclosure of the entire chain of channels this data will be used at.

On the one hand, users are put in an impossible place here: they will not receive the service if they do not sign a user agreement. On the other hand, changing the approach towards personal data at the legislative level is the main goal of every person as it is in the field of civic control.

Even though banks know how to protect data – because they’ve learned how to protect money – cloud services are not very good at it. There is a need to define and reinforce responsibility for the leakage of personal data of all of those involved. If we take into consideration how the GDPR law is being implemented now, then it becomes obvious that fines for data leaks do not scare companies much and certainly cannot ruin their business even though administrative fines for violation of personal data law requirements were substantially increased.

Given the increasingly prevalent technologies which rely not only on personal data but on the biometric data as well, we need to get companies to disclose the entire personal data distribution scheme the same way we forced food companies to list ingredients on every product.

Read the latest edition of PCR’s monthly magazine below:

Like this content? Sign up for the free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow PCR on Twitter and Facebook.