Post on 16-Sep-2015
description
transcript
Bio-VeriSys Specification Document
0
NADRA | STATE BANK BUILDING, SECTOR G-5/2ISLAMABAD
Bio-VeriSys SPECIFICATION DOCUMENT
Version: 6.1
1
Version Control
Number Date Author Verified By Version Description
1. 10/02/2015 Muhammad Akram
Amina Ahmed
Usman Javaid
Khurram
Shahzad
6.0- Draft First draft with main content
2. 15/2/2015 Muhammad Akram Khurram
Shahzad
6.0- Draft Added remittance type in
input interface Verify
Fingerprint for OTC
transactions
Added transaction id
instead of session in Get
Last Verification results
Added Verify Fingerprint
responses fields
Separated Primary citizen
data
Separated Secondary citizen
data
3. 21/4/2015 Muhammad Akram Usman Javaid 6.1 Bank account Number filed
in Submit Mobile Bank
Details is not mandatory
Account Level In Submit
Mobile Bank Account
Details is not mandatory
Introduced Remittance
types
Account Number is not
mandatory in Finger
Verification for OTC
Remittance Amount is not
mandatory for Finger
Verification for OTC
2
Contents 1 Intended Audience .......................................................................................................................... 4
2 Introduction .................................................................................................................................... 4
3 Assumptions/Requirements ........................................................................................................... 4
4 Constraints ...................................................................................................................................... 5
5 Technical Interface Specifications ................................................................................................... 6
5.1 Operations .............................................................................................................................. 6
5.2 Verification for Mobile Bank Account ..................................................................................... 6
5.2.1 Fingerprint Verification .................................................................................................. 8
5.2.2 Photograph Verification .................................................................................................. 8
5.2.3 Verification through Secret Identity Demographic Data ................................................ 9
5.2.4 Submit Manual Verification Result ............................................................................... 10
5.2.5 Last Verification Result ................................................................................................. 10
5.2.6 Submit Mobile Bank Account Details ............................................................................ 11
5.3 Verification for OTC Transaction ........................................................................................... 12
5.3.1 Fingerprint Verification ................................................................................................. 14
5.3.2 Photograph Verification ................................................................................................ 14
5.3.3 Verification through Secret Identity Demographics Data ............................................. 15
5.3.4 Submit Manual Verification Result ............................................................................... 16
5.3.5 Last Verification Result ................................................................................................. 16
6 Biometric Standards ...................................................................................................................... 18
6.1 Fingerprint Standards ........................................................................................................... 18
6.2 Photograph Standards .......................................................................................................... 18
7 Annexure A ................................................................................................................................. 19
7.1 Verification for Mobile Bank Account Creation .................................................................... 19
7.1.1 Fingerprint Verification ................................................................................................. 19
7.1.2 Photograph Verification ................................................................................................ 21
7.1.3 Secret Identity Demographics Data .............................................................................. 22
7.1.4 Submit Manual Verification Results .............................................................................. 23
7.1.5 Last Verification Result ................................................................................................. 25
7.1.6 Submit Mobile Bank Account Details ............................................................................ 27
7.2 Verification for OTC Transaction ........................................................................................... 28
7.2.1 Fingerprint Verification ................................................................................................. 28
7.2.2 Photograph Verification ................................................................................................ 30
7.2.3 Secret Identity Demographics Data .............................................................................. 31
7.2.4 Submit Manual Verification Results .............................................................................. 32
7.2.5 Last Verification Result ................................................................................................. 33
3
7.3 Generic Codes description .................................................................................................... 34
4
1 INTENDED AUDIENCE This document is intended for
The Developers who can review projects capabilities and more easily understand where their
efforts should be targeted to improve or add more features to it (design and code the application
and sets the guidelines for future development).
The End users of Bio-VeriSys who wish to read about what this project can do. It also addresses
the end users technical team regarding the details of interfaces necessary to use the NADRAs
Biometric Verification Service.
2 INTRODUCTION NADRA is providing service providers with a Biometric Verification Service named as Bio-VeriSys.
Bio-VeriSys aims to bring efficient and instantaneous verification to a diverse range of transactions
where biometric authenticity is required such as in Branchless Banking Transaction i.e. Mobile bank
Account opening and OTC Transaction. The architecture of Bio-VeriSys has been intelligently
engineered to offer an enterprise, interoperable, scalable and flexible service for the market.
The service is completely finger print device agnostic and uses multiple fingerprint format. Further the
additional modalities of photograph matching and sharing of secret identity demographic data are
also being provided under Bio-VeriSys to include all fail-safe measures.
3 ASSUMPTIONS/REQUIREMENTS
This service will be a point to point connection between NADRA and service providers.
Interfacing with NADRA Bio-VeriSys is through XMLs as more specially specified through XSD
Biometric verification shall be performed at NADRAs server side.
Service Provider shall be issued a unique Franchisee ID and username password for data
exchange and authentication.
Service providers shall be responsible for providing data necessary for performing biometric
verification at server side including candidate finger print, candidate citizen number,
candidate finger position, candidate photograph and candidate manual verification results, if
applicable.
The data shall be encrypted using the propriety encryption scheme of NADRA for which the
service providers will be provided with public/private key pair and sample code
Service provider will provide finger print data on following allowance template :-
o ANSI
o ISO_19794_2
o SAGEM_PKMAT
o SAGEM_PKCOMPV2
o SAGEM_CFV
o RAW_IMAGE
o WSQ
5
The three modalities of Bio-VeriSys shall be called by the service provider in a predefined
sequence. The failure of any modality and exhaustion of number of attempts enables the next
modality in sequence to be called by the Service Provider. The predefined sequence of
modalities is :-
o Finger print verification
o Photograph verification
o Verification through secret identity demographic data
Feedback from Service provider is mandatory to be shared with NADRA that preliminary
includes Mobile Account Number, Mobile Account Level, Contact Information , Remittance
Amount. However detailed feedback data would be analyzed and finalized later during the
integration.
4 CONSTRAINTS Following are the key constraints of the Bio-VeriSys web service:
If citizen status is not verified in National Citizen Database e.g. citizen marked as duplicate,
suspect, alien, fraud, then verification will not be carried out and the service will respond with
an appropriate message to service providers, directing the customer to visit NADRA center.
Once the session has been created, service providers can verify a customer by using any of
the available four fingers. Each finger can have only two verification attempts. Hence service
asks for another finger for verification in case a finger had two failed verification attempts.
In one session service provider can verify one finger 2 times out of 4 available finger( total 8
attempts)
Once verification is successful session will be expired.
Each session is a billable entry.
The implemented service restricts the service provider to have maximum five verification
attempts in a day for a citizen.
The implemented service shall restrict the service provider to call maximum two photograph
verifications per session.
The implemented service shall restrict the service provider to call Secret identity
demographics data for maximum two times per session.
6
5 TECHNICAL INTERFACE SPECIFICATIONS The data exchange interfaces between NADRA Bio-VeriSys and Service Providers is through XML web
services. The accompanying XSDs are also shared along with this specification document.
5.1 Operations The following is a list of the methods that are available for performing Bio-VeriSys transaction. Each
method is initiated with a request to NADRA Bio-VeriSys that carries all the data corresponding to the
nature of request in XML format. Bio-VeriSys responds back with a response XML carrying the
responses corresponding to its accompanying request.
NADRA shall also share XML definition in form of XSD for request/response interfaces. The Service
provider request is composed of Franchisee ID and an XML containing the method Signature and all
the parameters of that request. The response includes XML which contains response data specified in
XSD.
Citizen verification through Bio-VeriSys starts by consuming finger print verification functionality. The Service has exposed two methods for fingerprint verification.
5.2 Verification for Mobile Bank Account In first step Service verifies the citizen from National Citizen Database and replies with the appropriate
message. If the person is a valid citizen and the data provided for verification is according to the
specified XML format, the web service performs 1:1 fingerprint verification. If the provided fingerprint
is verified, the Service will return citizen data along with the verification results. And if the fingerprint
verification is not successful, the service will return 4 available finger index.
In case the 4x available fingerprints have not been verified, service provider is allowed to request for
photograph verification within the same session.
Verification For Mobile Bank Account
Verification For OTC Transaction
NOTE:
Service will generate unique session id.
This session id is billable entry and will remain valid for next 30 minutes
The 8 attempts for fingerprints verification can be requested.
Each fingerprint can be submitted only twice for verification.
If the verification is successful, the session will expire automatically.
7
The service provider application sends in valid Photograph (according to the standards specified in
section 7.2) for verification. If the provided photograph is verified, the Service will return citizen data
along with the verification results. .Otherwise the service allows the application to request for manual
verification through the secret identity demographics data.
The service provider can request secret identity demographics data and the web service in result shall
return the required data and photograph for manual verification of the customer.
After the successful verification, the service provider platform shall create a Mobile Bank Account and
submits the account details i.e. Mobile Bank Account number, Account level to the Bio-VeriSys Service.
Bio-VeriSys verification for Mobile Bank Account
act Verification Flow-Mobile bank Account
Service Provider
Su
bm
it W
al l
et
de
tai l
s
perforrm 1:1 Fingerprint
matching
Fingerprint VerifiedSend verification result as
"successful" & CNIC data
Session time< 30 Min &
fingerprints attempts
8
5.2.1 Fingerprint Verification
DESCRIPTION This operation is used by Service provider for finger print verification for Mobile Bank Account creation. The biometric data of Primary/Sender Citizen Number is sent to Bio-VeriSys which will verify the citizen through the provided fingerprint.
INPUT The operation takes input as mentioned in Annexure A: 7.1.1 Fingerprint Verification for
Mobile Bank Account Creation
PROCESS Verify Citizen Status from National Citizen Database: If person is not verified, operation will
return appropriate message along with session id. Fingerprint verification will not be carried out.
Verify fingerprints availability: If fingerprints are not available, person should be advised to visit
NADRA NSRC for modification of CNIC.
Verify Fingerprints:
o If verification is successful, it will return session ID along with citizen data and the session will
be closed for given citizen no.
o If verification is unsuccessful it will return session id, and 4x available finger index. Fingerprint
verification can be re-called for any of 4x available fingers with the same session id. Maximum
8 number of finger print verifications attempts will be allowed for each session.
OUTPUT The operation produces a response as mentioned in Annexure A: 7.1.1. Fingerprint
Verification for Mobile Bank Account creation
5.2.2 Photograph Verification
DESCRIPTION The purpose of this function is to match the photograph acquired by the service provider with the photograph available for the citizen in the National Citizen Database.
PRE-REQUISITES This operation can be availed by the Service provider after completely exhausting the finger print verification modality i.e. by verifying all available finger prints options.
INPUT The operation takes input as mentioned in Annexure A: 7.1.2. Photograph Verification
NOTE: Session id is a billable entry
9
PROCESS Verify fingerprint functionality completely exhausted: This operation validates that fingerprints
are available in database and verification of all fingerprints have been failed.
ICAO Compliance: Photograph will be checked for ICAO compliance.
Verify Photograph:
o If verification is successful, it will return session ID along with citizen data and the session
will be closed for given citizen no.
o If verification is unsuccessful, service will reply with the message and secret identity
demographics data functionality is enabled.
OUTPUT The operation produces a response as mentioned in Annexure A: 7.1.2 Photograph
Verification
5.2.3 Verification through Secret Identity Demographic Data
DESCRIPTION This operation is used to retrieve citizens secret identity demographics data and photograph from citizen database for manual verification.
PRE-REQUISITES This operation can be availed by the Service provider after exhausting the photograph verification modality i.e. Fingerprint verification of all the available fingerprints, and photograph have failed.
INPUT The operation takes input as mentioned in Annexure A: 7.1.3. Citizen secret Identity
Demographic data
PROCESS Verify fingerprint & photograph functionality completely exhausted: This operation validates
that verification of all the fingerprints and photograph have been failed.
Secret identity demographics data: This function returns the following secret identity
demographics data for manual verification.
Mother Name
Birth Place
Native Language
Religion
Photograph
NOTE: Session ID will expire after two attempts of calling Secret Identity demographic data modality
10
OUTPUT The operation produces a response as mentioned in Annexure A: 7.1.3. Citizen secret
Identity Demographic data
5.2.4 Submit Manual Verification Result
DESCRIPTION This operation is used to provide feedback to Bio-VeriSys that manual verification of person was successful through secret identity demographics data and service will respond with citizen data
PRE-REQUISITES This operation can be availed by the Service provider when secret identity demographics data functionality has been called and person has been manually verified.
INPUT
The operation takes input as mentioned in Annexure A: 7.1.4. Submit Manual Verification Results
PROCESS Verify Secret question data retrieval was successful: This operation validates that service
provider has successfully retrieved secret question data.
Submit results: This function will check the manual verification results submitted in request
parameters. If result is successful, function will return citizen data.
OUTPUT The operation produces a response as mentioned in Annexure A: 7.1.4. Submit Manual
Verification Results
5.2.5 Last Verification Result
DESCRIPTION The Service provider will request for the last verification result from Bio-VeriSys before re-sending the request to verification modality of Photograph Verification or Fingerprint Verification.
PRE-REQUISITES This operation is called by the Service provider whereby the instantaneous verification result from the verification modality of Photograph Verification or Finger Verification is not received in the stipulated time.
INPUT The operation takes input as mentioned in Annexure A: 7.1.5. Last Verification result
PROCESS
Verify Session and last verification results: This function checks whether session exists and any
verification was done against citizen number.
Verification result: If a verification was done against citizen number, service will provide
appropriate message against verification along with citizen data if verification result was
successful.
11
OUTPUT The operation produces a response as mentioned in Annexure A: 7.1.5. Last Verification
result
5.2.6 Submit Mobile Bank Account Details
DESCRIPTION When verification is successful, service provider is liable to submit Mobile Bank Account details. Service provider will call following functionality to submit Mobile Bank Account detail which includes Mobile Bank Account number and account level.
PRE-REQUISITES This operation can be availed by the service provider verification is successful and account has been created by bank.
INPUT The operation takes input as mentioned in Annexure A: 7.1.6. Submit Mobile Bank
Account Details
PROCESS
Verify verification results: This operation verifies that verification has been done successfully
through any of the above mentioned modalities and session has not expired.
Save Mobile Bank Account Details: Function saves Mobile Bank Account details information and
return the results.
OUTPUT The operation produces a response as mentioned in Annexure A: 7.1.6. Submit Mobile
Bank Account Details
12
5.3 Verification for OTC Transaction In first step Service verifies the citizen from National Citizen Database and replies with the appropriate
message. If the person is a valid citizen and the data provided for verification is according to the
specified format, the web service performs 1:1 fingerprint verification. If the fingerprints are verified,
then the verification results along with other specified data will be returned. If verification is not
successful, service will return 4 available fingerprints.
In case the 4x available fingerprints have not been verified, service provider is allowed to request for
photograph verification within the same session.
The Service provider application sends in the valid Photograph (according to the specified standards)
and the web service performs the photograph verification. The service will respond with success
message and specified data. Otherwise the web service allows the application to request for manual
verification through secret identity demographics data.
The service provider can request secret identity demographics data and the web service in result shall
return the required data and photograph for manual verification of the customer.
NOTE:
Service will generate unique session id.
This session id is billable entry and will remain valid for next 30 minutes
The 8 attempts for fingerprints verification can be requested.
Each fingerprint can be submitted only twice for verification.
If the verification is successful, the session will expire automatically.
Bio-VeriSys Specification Document
13
Bio-VeriSys verification for OTC Transaction
act Verification Flow-OTC transaction
Service Provider
perforrm 1:1 Fingerprint
matching
Fingerprint VerifiedSend verification result as
"successful"
Session time< 30 Min &
fingerprints attempts
Bio-VeriSys Specification Document
14
5.3.1 Fingerprint Verification
DESCRIPTION This operation is used by Service provider for finger print verification by sending biometric data of Primary/Sender Citizen Number for Mobile Bank Account OTC Transactions. This functionality will verify finger prints and will return the results.
INPUT The operation takes input as mentioned in Annexure A: 7.2.1. Fingerprint Verification for
OTC
PROCESS Verify Primary/Secondary Citizen Status From National Citizen Database: If Primary/Secondary
citizen number is not verified, operation will return appropriate message. Fingerprint verification
will not be carried out.
Verify Fingerprints Availability For Primary Citizen: If fingerprints are not available, person
should be advised to visit NADRA NSRC for modification of CNIC.
Verify Fingerprints:
o If verification is successful operation will return session id and session will be closed for
given citizen no.
o If verification is unsuccessful operation will return session id, and 4x available finger
indexes. Fingerprint verification can be re-called for any of 4x available fingers with same
session id. Maximum number of finger print verifications attempts for per session will be
8.
OUTPUT The operation produces a response as mentioned in Annexure A: 7.2.1. Fingerprint
Verification for OTC
5.3.2 Photograph Verification
DESCRIPTION The purpose of this functions is to match the photograph acquired by the service provider with the photograph available for the primary/sender citizen in the citizen database.
NOTE: Session id is a billable entry
NOTE: This functionality will not return citizen data.
15
PRE-REQUISITES This operation can be availed by the Service provider after completely exhausting the finger print verification modality i.e. by verifying all four available finger prints options.
INPUT The operation takes input as mentioned in Annexure A: 7.2.2. Photograph Verification
PROCESS Verify fingerprint functionality completely exhausted: This operation validates that fingerprints
are available in database and verification of all fingerprints have been failed.
ICAO Compliance: Photograph will be checked for ICAO compliance.
Verify Photograph:
o If verification is successful, it will return session ID and the session will be closed for given
citizen no.
o If verification is unsuccessful, service will reply with the message and citizen secret
question data functionality is enabled.
OUTPUT The operation produces a response as mentioned in Annexure A: 7.2.2. Photograph
Verification
5.3.3 Verification through Secret Identity Demographics Data
DESCRIPTION This operation is used to retrieve Primary/Sender Citizens secret questions data and photograph from citizen database for manual verification.
PRE-REQUISITES This operation can be availed by the service provider after exhausting the photograph verification modality i.e. Fingerprint verification of all the available fingerprints, and photograph have failed.
INPUT The operation takes input as mentioned in Annexure A: 7.2.3. Secret Identity
Demographics Data
PROCESS
Verify fingerprint & photograph functionality completely exhausted: This operation validates
that verification of all the fingerprints and photograph have been failed.
Secret Question data: This function returns the following secret identity demographics data for
manual verification.
Mother Name
Birth Place
16
Native Language
Religion
Photograph
OUTPUT The operation produces a response as mentioned in Annexure A: 7.2.3. Secret Identity
Demographics Data
5.3.4 Submit Manual Verification Result
DESCRIPTION This operation is used to provide feedback to Bio-VeriSys that manual verification of person was successful through secret identity demographics data and service will respond with citizen data
PRE-REQUISITES This operation can be availed by the Service provider when secret identity demographics data functionality has been called and person has been manually verified.
INPUT
The operation takes input as mentioned in Annexure A: 7.2.4. Submit Manual Verification Results
PROCESS Verify Secret question data retrieval was successful: This operation validates that service
provider has successfully retrieved secret question data.
Submit results: This function will check the manual verification results submitted in request
parameters. If result is successful, function will return citizen data.
OUTPUT The operation produces a response as mentioned in Annexure A: 7.2.4. Submit Manual
Verification Results
5.3.5 Last Verification Result
DESCRIPTION The Service provider will request for the last verification result from Bio-VeriSys before re-sending the request to verification modality of Photograph Verification or Finger Verification.
PRE-REQUISITES This operation is called by the Service provider whereby the instantaneous verification result from the verification modality of Photograph Verification or Finger Verification is not received in the stipulated time.
INPUT The operation takes input as mentioned in Annexure A: 7.2.5. Last Verification result
NOTE: Session ID shall expire after two attempts of calling secret identity demographics data Modality
17
PROCESS
Verify Session and last verification results: This function checks whether session exists and any
verification was done against citizen no.
Verification result: If verification exists service will provide appropriate message against the
verification.
OUTPUT The operation produces a response as mentioned in Annexure A: 7.2.5. Last Verification
result
18
6 BIOMETRIC STANDARDS
6.1 Fingerprint Standards Finger prints should be acquired at 500 dpi before conversion to any template format
Maximum information of fingerprint should be acquired
Fingerprint should be placed flat with maximum contact between scanner lens and skin
Image lens should be clean and without any moisture for better biometric acquisition
Fingerprint template should be one of following
o ANSI
o ISO_19794_2
o SAGEM_PKMAT
o SAGEM_PKCOMPV2
o SAGEM_CFV
o RAW_IMAGE
o WSQ
Finger Index definition
Finger Index Description 1 Right Thumb
2 Right Index Finger
3 Right Middle Finger
4 Right Ring Finger
5 Right Little Finger
6 Left Thumb
7 Left Index Finger
8 Left Middle Finger
9 Left Ring Finger
10 Left Little Finger
6.2 Photograph Standards Photograph should be ICAO compliance with following standards:
Photograph should be colored and comply with normal portrait photograph
standards
Maximum size should be 10 KB
Frontal rotation of the face is less than 5 (angle between the eyes).
Same pixel aspect ratio at horizontal and vertical dimensions.
Nose and mouth are at the horizontal center of the image.
The distance from the bottom edge of the image to the imaginary line passing
through the center of the eyes is between 50% - 70% of the height of the image.
The minimum image width conforms to the image width by head width ratio of
7:5. The head width is defined as the distance between the left and right ears.
The distance between the base of the chin and the crown is less than 80% of the
total height of the image
19
7 ANNEXURE A
7.1 Verification for Mobile Bank Account Creation
7.1.1 Fingerprint Verification
7.1.1.1 Request Interface
Field Name Field type Length Constraints (if any)
Description Example
Franchisee ID String 4 Unique The unique Franchisee ID issued to Service provider by NADRA
1234
Username String Max 12 characters
Mandatory Username of Service provider issues by NADRA for Bio-VeriSys
iuser
Password String Max 15 characters
Mandatory Password set by the Service provider for Bio-VeriSys
ipassword
Session ID String 19 Non Mandatory
A unique 19 digit number 1000009010000090
Citizen Number
String 13 Mandatory This is the citizen number for which the session id is being requested
6110119876547
Contact Number
String 16 Mandatory Contact No of citizen e.g. mobile no.
0308-5126899
Finger Index Integer Mandatory Right thumb index 1
Finger Template
Base 64 string
Mandatory This is the finger template corresponding to the finger print index
Template Type String Mandatory Value of Template type from Template Type data type exposed by Service
TemplateType.ANSI
Service Provider Transaction ID
String 19 Unique per session Numeric
This is the unique transaction id that Service provider generates by appending Franchisee ID + Unique 15 digits
6407814020617511501
7.1.1.2 Response Interface
Field Name Field type Length Constraints (if any)
Description Example
Code String 3 Mandatory Code response to request 100
Message String 256 Mandatory Message explaining the response code
Successful
Session ID String 19 Mandatory Unique session id for using Bio- VeriSys. This session ID will be used for the billing to the service providers
4001100000103719929
20
Citizen Number String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
Name String Where verification result is successful
Contains the Urdu name
Father-husband name
String Where verification result is successful
This field will carry father name in Urdu
Present Address String Where verification result is successful
Present address of citizen in
Urdu
Permanent Address
String Where verification result is successful
Permanent address of
citizen in Urdu
Name English String Where verification result is successful and if available and as is.
Citizen Name in English Qadir Bakhsh
Father-husband name English
String Where verification result is successful and if available and as is.
Citizen Father spouse name in English
Rahim Khan
Present Address English
String Where verification result is successful and if available and as is.
Present address of citizen in English
Permanent Address English
String Where verification result is successful and if available and as is.
Permanent address of citizen in English
Finger Index String[] Non Mandatory Where verification result is not successful
This is the list of available finger indexes
1,2,4,6
7.1.1.3 Code description
Sr. No. Code Description 1 100 successful 3 110 citizen number is not verified 4 111 finger not found in citizen database
21
5 112 error generating session id 7 114 invalid verification reference number 8 115 Invalid service provide transaction id 10 120 invalid input finger template 11 121 invalid finger index 12 122 Fingerprint does not matched 13 123 invalid finger template format 14 124 Citizen is not verified. please advise to visit NADRA center 15 125 Invalid citizen number
7.1.2 Photograph Verification
7.1.2.1 Request Interface:
Field Name Field type Length Constraints (if any)
Description Example
Franchisee ID String 4 Unique The unique Franchisee ID issued to Service provider by NADRA
1234
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Username String Max 12 characters
Mandatory Username of Service provider issues by NADRA for Bio-VeriSys
iuser
Password String Max 15 characters
Mandatory Password set by the Service provider for Bio-VeriSys
ipassword
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
Photograph Base 64 string
Max 10 KB Mandatory Photograph of the Primary/Sender Citizen. The colored photograph should comply with normal portrait photograph standards.
7.1.2.2 Response Interface:
Field Name Field type Length Constraints (if any)
Description Example
Code String 3 Mandatory Code response to request 100
Message String 256 Mandatory Message explaining the response code
Successful
22
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
Name String Where verification result is successful
Contains the Urdu name
Father-husband name
String Where verification result is successful
This field will carry father name in Urdu
Present Address String Where verification result is successful
Present address of citizen in
Urdu
Permanent Address String Where verification result is successful
Permanent address of
citizen in Urdu
Name English String Where verification result is successful and if available and as is.
Citizen Name in English Qadir Bakhsh
Father-husband name English
String Where verification result is successful and if available and as is.
Citizen Father spouse name in English
Rahim Khan
Present Address English
String Where verification result is successful and if available and as is.
Present address of citizen in English
Permanent Address English
String Where verification result is successful and if available and as is.
Permanent address of citizen in English
7.1.2.3 Code Description
Sr. No. Code Description
1 100 successful
2 130 photograph does not match
3 131 this operation will only be enabled if biometric verification of all available fingers is failed
4 132 invalid photograph data
5 133 no eyes detected
6 134 photograph size is greater than specified limit
7 135 image quality is not good
7.1.3 Secret Identity Demographics Data
7.1.3.1 Request Interface
Field Name Field type Length Constraints (if any)
Description Example
Franchisee ID String 4 Unique The unique Franchisee ID issued to Service provider by NADRA
1234
23
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Username String Max 12 characters
Mandatory Username of Service provider issued by NADRA for Bio-VeriSys
iuser
Password String Max 15 characters
Mandatory Password set by the Service provider for Bio-VeriSys
ipassword
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued.
6110119876547
7.1.3.2 Response Interface
Field Name Field type Length Constraints (if any)
Description Example
Code String 3 Mandatory Code response to request
100
Message String 256 Mandatory Message explaining the response code
Successful
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Religion String Mandatory Citizen religion Islam
Mother Name String Mandatory Citizen mother name
Birth Place String Mandatory Citizen place of birth Lahore
Native Language String Mandatory Citizen native language Urdu
Photograph Base 64 string
Max 10 Kb Mandatory Photograph of the Primary Citizen.
7.1.3.3 Code Description
Sr. No. Code Description 1 100 Successful 2 140 Citizen verification system is down. Please try again later. 3 141 This operation will only be enabled if biometric verification of all available fingers and photo
verification are failed
7.1.4 Submit Manual Verification Results
7.1.4.1 Request Interface:
Field Name Field type Length Constraints (if any)
Description Example
24
Franchisee ID String 4 Unique The unique Franchisee ID issued to Service provider by NADRA
1234
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Username String Max 12 characters
Mandatory Username of Service provider issued by NADRA for Bio-VeriSys
iuser
Password String Max 15 characters
Mandatory Password set by the Service provider for Bio-VeriSys
ipassword
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
Verification Result String 16 Mandatory Manual verification result through secret question data
Successful Not successful
7.1.4.2 Response Interface
Field Name Field type Length Constraints (if any)
Description Example
Code String 3 Mandatory Code response to request 100
Message String 256 Mandatory Message explaining the response code
Successful
Session ID String 19 Mandatory Unique session id for using Bio- VeriSys. This session ID will be used for the billing to the service providers
4001100000103719929
Citizen Number String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
Name String Where verification result is successful
Contains the Urdu name
Father-husband name
String Where verification result is successful
This field will carry father name in Urdu
Present Address String Where verification result is successful
Present address of citizen in
Urdu
Permanent Address
String Where verification result is successful
Permanent address of
citizen in Urdu
Name English String Where verification result is successful and if available and as is.
Citizen Name in English Qadir Bakhsh
Father-husband name English
String Where verification
Citizen Father spouse name in English
Rahim Khan
25
result is successful and if available and as is.
Present Address English
String Where verification result is successful and if available and as is.
Present address of citizen in English
Permanent Address English
String Where verification result is successful and if available and as is.
Permanent address of citizen in English
7.1.4.3 Code Description
Sr. No. Code Description 1 100 successful 2 150 invalid citizen number 3 151 no request found against session id 4 152 secret question data was not requested
7.1.5 Last Verification Result
7.1.5.1 Request Interface:
Field Name Field type Length Constraints (if any)
Description Example
Franchisee ID String 4 Unique The unique Franchisee ID issued to Service provider by NADRA
1234
Username String Max 12 characters
Mandatory Username of Service provider issued by NADRA for Bio-VeriSys
iuser
Password String Max 15 characters
Mandatory Password set by the Service provider for Bio-VeriSys
ipassword
Service Provider Transaction ID
String 19 Unique per session Numeric
This is the unique transaction id that Service provider generates by appending Franchisee ID + Unique 15 digits
6407814020617511501
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
7.1.5.2 Response Interface:
Field Name Field type Length Constraints (if any)
Description Example
Code String 3 Mandatory Code response to request 100
26
Message String 256 Mandatory Message contains last verification result
Successful
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
Verification Functionality
String Mandatory Functionality which was called last time
Fingerprint verification
Name String Where verification result is successful
Contains the Urdu name
Father-husband name
String Where verification result is successful
This field will carry father name in Urdu
Present Address String Where verification result is successful
Present address of citizen
in Urdu
Permanent Address String Where verification result is successful
Permanent address of
citizen in Urdu
Name English String Where verification result is successful and if available and as is.
Citizen Name in English Qadir Bakhsh
Father-husband name English
String Where verification result is successful and if available and as is.
Citizen Father spouse name in English
Rahim Khan
Present Address English
String Where verification result is successful and if available and as is.
Present address of citizen in English
Permanent Address English
String Where verification result is successful and if available and as is.
Permanent address of citizen in English
27
7.1.5.3 Code Description
Sr. No. Code Description 1 100 successful 2 150 invalid citizen number 3 151 no request found against session id
7.1.6 Submit Mobile Bank Account Details
7.1.6.1 Request Interface:
Field Name Field type Length Constraints (if any)
Description Example
Franchisee ID String 4 Unique The unique Franchisee ID issued to Service provider by NADRA
1234
Username String Max 12 characters
Mandatory Username of Service provider issued by NADRA for Bio-VeriSys
iuser
Password String Max 15 characters
Mandatory Password set by the Service provider for Bio-VeriSys
ipassword
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Citizen Number String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
Mobile Bank Account Number
String Non-Mandatory
Mobile Bank Account number create by bank
104720569822210
Account Level String Non-Mandatory
This is account level for branchless banking
level 0 level 1 level 2 level 3
7.1.6.2 Response Interface:
Field Name Field type Length Constraints (if any)
Description Example
Code String 3 Mandatory Code response to request 100
Message String 256 Mandatory Message contains last verification result
Successful
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
7.1.6.3 Code Description
Sr. No. Code Description 1 100 successful 2 150 invalid citizen number
28
3 155 verification was not completed 4 156 invalid Mobile Bank Account number 5 157 invalid account level
7.2 Verification for OTC Transaction
7.2.1 Fingerprint Verification
7.2.1.1 Request Interface
Field Name Field type Length Constraints (if any) Description Example
Franchisee ID String 4 Unique The unique Franchisee ID issued to Service provider by NADRA
1234
Username String Max 12 characters
Mandatory Username of Service provider issues by NADRA for Bio-VeriSys
iuser
Password String Max 15 characters
Mandatory Password set by the Service provider for Bio-VeriSys
ipassword
Session ID String 19 Non Mandatory
A unique 19 digit number issued by 4.1.3.2
1000009010000090
Service Provider Transaction ID
String 19 Unique Numeric
This is the unique transaction id that Service provider provided for verification
6407814020617511501
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which session id is being requested
6110119876547
Primary/Sender Contact Number
String 16 Mandatory Contact No of citizen e.g. mobile no.
0308-5126899
Finger Index Integer Mandatory Right thumb index 1
Finger Template Base 64 string
Mandatory ISO 19794 Finger print template
This is the finger template corresponding to the finger print index
Template Type String Mandatory Template type must be value exposed in Service definition
Value of Template type exposed by Service
ANSI
Remittance Amount Number 16 Non- Mandatory Remittance amount being sent or received
15000
29
Remittance type String 16 Mandatory Remittance type indicate whether OTC transaction is for transfer or receive money. Remittance Type value defined in Service as Enum
1. money transfer send 2. money transfer receive 3. ibft
Secondary/Receiver Citizen Number
String 13 Mandatory if remittance type is money transfer/receive. Non-Mandatory for
Citizen number or Account number of recipient/secondary applicants
4130891229519
Account Number String 24 Non- Mandatory Account number of recipient/secondary applicants
413089122951969
Secondary/Receiver Contact Number
String 16 Mandatory Contact No of Secondary/Receiver e.g. mobile no.
0333-5126899
7.2.1.2 Response Interface
Field Name Field type Length Constraints (if any)
Description Example
Code String 3 Mandatory Code response to request 100
Message String 256 Mandatory Message explaining the response code
Successful
Session ID String 19 Mandatory Unique session id for using Bio-VeriSys. This session ID will be used for the billing to the service providers
4001100000103719929
Primary/Sender Citizen Number
String Mandatory Contains Primary/Sender citizen number
6110119876547
Primary/Sender Citizen Number Name
String Mandatory Contains the urdu name of the Primary/Sender citizen number
Finger Index String[] Non Mandatory Where verification result is not successful
This is the list of available finger indexes
1,2,4,6
Secondary/Receiver Citizen Number
String Non-Mandatory
Contains the detail of the Secondary/Sender citizen number
4130891229519
Secondary/Receiver Name
String Non-Mandatory
Contains the urdu name of the Secondary/Sender citizen
7.2.1.3 Code description
Sr. No. Code Description 1 100 successful 3 110 citizen number is not verified
30
4 111 finger not found in citizen database 5 112 error generating session id 7 114 invalid verification reference number 8 115 Invalid service provide transaction id 10 120 invalid input finger template 11 121 invalid finger index 12 122 Fingerprint does not matched 13 123 invalid finger template format 14 124 Citizen is not verified. please advise to visit NADRA center 15 125 Invalid citizen number
7.2.2 Photograph Verification
7.2.2.1 Request Interface:
Field Name Field type Length Constraints (if any)
Description Example
Franchisee ID String 4 Unique The unique Franchisee ID issued to Service provider by NADRA
1234
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Username String Max 12 characters
Mandatory Username of Service provider issues by NADRA for Bio-VeriSys
iuser
Password String Max 15 characters
Mandatory Password set by the Service provider for Bio-VeriSys
ipassword
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
Photograph Base 64 string
Max 10 KB Mandatory Photograph of the Primary/Sender Citizen. The colored photograph should comply with normal portrait photograph standards.
7.2.2.2 Response Interface:
Field Name Field type Length Constraints (if any)
Description Example
Code String 3 Mandatory Code response to request 100
Message String 256 Mandatory Message explaining the response code
Successful
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
31
7.2.2.3 Code Description
Sr. No. Code Description 1 100 successful 2 130 photograph does not match 3 131 this operation will only be enabled if biometric verification of all available fingers is failed
4 132 invalid photograph data 5 133 no eyes detected 6 134 photograph size is greater than specified limit 7 135 image quality is not good
7.2.3 Secret Identity Demographics Data
7.2.3.1 Request Interface
Field Name Field type Length Constraints (if any)
Description Example
Franchisee ID String 4 Unique The unique Franchisee ID issued to Service provider by NADRA
1234
Username String Max 12 characters
Mandatory Username of Service provider issued by NADRA for Bio-VeriSys
iuser
Password String Max 15 characters
Mandatory Password set by the Service provider for Bio-VeriSys
ipassword
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued.
6110119876547
7.2.3.2 Response Interface
Field Name Field type Length Constraints (if any)
Description Example
Code String 3 Mandatory Code response to request 100
Message String 256 Mandatory Message explaining the response code
Successful
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Religion String Mandatory Citizen religion Islam
Mother Name String Mandatory Citizen mother name
Birth Place String Mandatory Citizen place of birth Lahore
Native Language String Mandatory Citizen native language Urdu
32
Photograph Base 64 string
Max 10 Kb Mandatory Photograph of the Primary Citizen.
7.2.3.3 Code Description
Sr. No. Code Description 1 100 Successful 2 140 Citizen verification system is down. Please try again later. 3 141 This operation will only be enabled if biometric verification of all available fingers and photo
verification are failed
7.2.4 Submit Manual Verification Results
7.2.4.1 Request Interface:
Field Name Field type Length Constraints (if any)
Description Example
Franchisee ID String 4 Unique The unique Franchisee ID issued to Service provider by NADRA
1234
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Username String Max 12 characters
Mandatory Username of Service provider issued by NADRA for Bio-VeriSys
iuser
Password String Max 15 characters
Mandatory Password set by the Service provider for Bio-VeriSys
ipassword
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
Verification Result String 16 Mandatory Manual verification result through secret question data
Successful Not successful
7.2.4.2 Response Interface
Field Name Field type Length Constraints (if any)
Description Example
Code String 3 Mandatory Code response to request 100
Message String 256 Mandatory Message explaining the response code
Successful
Session ID String 19 Mandatory Unique session id for using Bio- VeriSys. This session ID will be used for the billing to the service providers
4001100000103719929
33
Citizen Number String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
7.2.4.3 Code Description
Sr. No. Code Description 1 100 successful 2 150 invalid citizen number 3 151 no request found against session id 4 152 secret question data was not requested
7.2.5 Last Verification Result
7.2.5.1 Request Interface:
Field Name Field type Length Constraints (if any)
Description Example
Franchisee ID String 4 Unique The unique Franchisee ID issued to Service provider by NADRA
1234
Username String Max 12 characters
Mandatory Username of Service provider issued by NADRA for Bio-VeriSys
iuser
Password String Max 15 characters
Mandatory Password set by the Service provider for Bio-VeriSys
ipassword
Service Provider Transaction ID
String 19 Unique per session Numeric
This is the unique transaction id that Service provider provided for verification
6407814020617511501
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
7.2.5.2 Response Interface:
Field Name Field type Length Constraints (if any)
Description Example
Code String 3 Mandatory Code response to request 100
Message String 256 Mandatory Message contains last verification result
Successful
Session ID String 19 Mandatory
A unique 19 digit number issued
1000009010000090
Primary/Sender Citizen Number
String 13 Mandatory This is the primary/sender citizen number for which the session id is issued
6110119876547
Verification Functionality
String Mandatory Functionality which was called last time
Fingerprint verification
34
7.2.5.3 Code Description
Sr. No. Code Description 1 100 successful 2 150 invalid citizen number 3 151 no request found against session id
7.3 Generic Codes description
Sr. No. Code Description 1 102 invalid xml 2 103 invalid user name/password 3 104 Invalid session id 4 105 user do not has access to this functionality 5 106 Invalid franchisee id 6 107 invalid citizen number 7 108 Citizen verification Service is down. Please try again later. 8 109 Exception: system has encountered an unexpected error. Administrator has been informed, please
try again later.