FREQUENTLY ASKED QUESTIONS — DOCUMENTS

1. Can you authenticate any document? What criteria does a document need to be authentication-ready? (OR) What type of documents can't you authenticate? Why?
2. Can your software detect photo substitution?
3. Do you support I-9 documents such as school report card, hospital record, or day care/nursery record? What does the scanner look for to authenticate these documents?
4. What are the detection rates of your system?
5. Do you have a list of supported documents?
6. Can you tell us what specific tests you run for each document?
7. Who sets the default scores for any particular test, and how can they be changed?
8. Can we add our own tests to the ones you do for each document?
9. How do we add our own documents to your document authentication library?
10. Can you validate currency?
11. I don't understand your scoring system. I just want a pass or fail -- either the document is authentic or it is not?
12. How do you train documents? (OR) What is document training?
13. What training might a partner or "super user" (e.g. a government document forensic expert) be able to do?
14. Can I send you new documents for analysis?
15. How do I get updates to the library?
16. How do you know when there are new documents to add to the library?
17. How long does it take to add a new document to the library?
18. When you get a sample of a new document, how do you know it is authentic?
19. Can you guarantee that a fake document is fake or that a genuine document is valid?
20. Can you provide an official statement on FAR (false acceptance rate) and FRR (false rejection rate) metrics?
21. What is the Library Customization tool? Who would use it and why?

1. Can you authenticate any document? What criteria does a document need to be authentication-ready? (OR) What type of documents can't you authenticate? Why?

   
   First of all, AssureTec specializes in authenticating identity documents. Only a document that has some security features built into it can be authenticated. For example, a document that is printed on plain paper with visible ink only would most likely be deemed not secure enough for authentication with any certainty -- for the simple fact that anyone with an intent to create a fake document has a very low threshold of difficulty in producing it. Many U.S. birth certificates, for example, are very low on document security.

   Most identity documents such as U.S. driver's licenses and passports -- at least most modern ones -- have a variety of document security features built in. For example, optically variable ink (OVI) could be used to print a part of the document. Or a secure laminate, such as 3M Confirm, could be used. The more security features built into the document, the harder it would be to create a fake or substitute. (A subsitute is one where a genuine document is tampered with.)

   In theory, we can authenticate any document. However, the degree to which the authentication makes sense would directly correspond to how secure the document is to begin with.

2. Can your software detect photo substitution?

   
   The AssureID Professional Platform is the world's most advanced forgery detection system for identity documents. It automatically identifies ID documents and performs a number of forensic-quality tests that are specific to each document type. An example of a forensic-quality test is the response of a document in ultraviolet light.

   These forensic-quality tests allow checking of photo protection features that are incorporated in the document. This allows examination of the expected UV and NIR properties, guilloche, OVD presence, embossing, perforation, retroreflective laminate (3M Confirm) background patterns and overlay patterns (visible, UV, NIR). Discrepancies in the expected response to the examination are reported to the inspector as a "risk score." This greatly enhances the ability to detect photo substitutions in all documents, but has greater reliability when the document under examination incorporates design features intended to combat photo substitution.

   The inspector still needs to maintain their awareness of physical clues to photo substitution, especially on documents that do not use digital printing and/or other security features to protect the photo. AssureID enables rapid examination of the document under various light sources and automates comparison against expected properties. This type of in depth analysis cannot be done by an inspector in an acceptable period of time for a front-line process. Since the software quickly identifies acceptable or totally unacceptable documents, the inspector can spend more energy on documents that are identified as suspect.

   In addition to the areas examined automatically, the entire document image in each of the light sources is available for magnification and viewing by the inspector to confirm results and check closer for subtle hints of tampering that cannot automated without causing an unacceptable rate of false alerts. Variations from document to document of the same type can naturally caused by wear, aging, and manufacturing inconsistencies. Tolerances established for a document typically must be set to allow for these variations. Closer examination and tighter tolerances can be set to detect specific properties of photo substitution for high risk documents where the trade-off between false alert and better detection are warranted. This type of “tuning” requires close cooperation with the inspecting agency.

   There is no other automated authentication tool available that offers the range of inspection techniques, accuracy, and depth of document authentication library provided by the AssureID Platform.

3. Do you support I-9 documents such as school report card, hospital record, or day care/nursery record? What does the scanner look for to authenticate these documents?

   
   Currently, we do not have any support in our library for report cards, hospital records, and day care records. While support for each of these types of documents is feasible, the problem stems from a lack of document standards. That is, you will likely receive large numbers of variations of school report cards (and hospital records and day care records). Each variation would need to be supported by the AssureTec library in order to automatically classify the type of document, extract information from the document, and authenticate the document.

   Authenticating these types of documents, if supported by the AssureTec library, is another challenge. These documents were not designed, nor were they intended, to provide proof of identity. Thus they do not have any intentional security features that can be readily relied upon. Production variations will occur frequently due to changes to printing material and ink as well as layout and design changes. Security-conscious documents (e.g. drivers licenses and passports) have a much more stingent quality control process that dictates these materials and changes.

   However, while we cannot easily authenticate these documents, it is possible for us to scan images of these documents and present them to the user for manual verification.

   If the set of documents required can be constrained (to a particular type of report card or specific format hospital record), it will be possible to add support to automatically identity and extract information from the document, and possibly perform limited authentication.

4. What are the detection rates of your system?

   
   Since the AssureID Professional Platform can detect forgery of a wide range of documents, and each document has its own set of security features to resist tampering (or not), we could only measure detection rate on a document-by-document basis. We have not published any numbers in this regard because there is no standard set of samples to conduct the tests against. Evidence from various government agencies that performed evaluations of multi-vendor systems indicates that our system performs impressively compared to other systems, sometimes with 99% accuracy in detecting fake documents. (Also see answer to question on FRR and FAR.)

5. Do you have a list of supported documents?

   
   Yes. If you are a current user of our software, you can find the list in our release notes. Otherwise, please contact sales@assuretec.com.

6. Can you tell us what specific tests you run for each document?

   
   No. This information is proprietary. We don't reveal this because we do not want criminals to learn how to beat the system (although it would be quite difficult to do so). The Document Authentication Library is a compilation of these tests. It is shipped in a secure encrypted format so that it does not fall in the wrong hands.

7. Who sets the default scores for any particular test, and how can they be changed?

   
   AssureTec sets the default scores. To see how to change the default scores, please see the AssureID Professional SDK Programmer's Guide, which would be at C:Program FilesAssureTecAssureIDsdk if you have installed the AssureID Professional SDK.

8. Can we add our own tests to the ones you do for each document?

   
   Normally, we don't do it. Nor do we provide tools for customers to modify the Document Authentication Library. However, if you belong to an organization that has a special need in this area, we might be able to accommodate it for a fee. Please contact sales@assuretec.com.

9. How do we add our own documents to your document authentication library?

   
   There are two types of documents that could be added to the Document Authentication Library: (i) general documents, such as a country- or state-specific travel document; and (ii) customer-specific documents, that are applicable only to a specific customer. We are constantly adding general documents to our library and these will become available as part of our library update service. If you have a document of either type that you would like added to the library, please contact sales@assuretec.com. Please note that there may be charge for this service depending on the general applicability, turnaround time requirement, etc. Also, if you are considering adding a document of type (ii), please note that a system is only as secure as its weakest link. If the document that you wish to add has little to no security, you may be compromising the integrity of the entire system at your location.

10. Can you validate currency?

    
    In theory, yes. We can currently validate some Euro currency -- for demonstration purposes only. We have focused on identity documents because that's what our customers are asking for. If you have a need in this area, please contact sales@assuretec.com.

11. I don't understand your scoring system. I just want a pass or fail -- either the document is authentic or it is not?

    
    We can understand the customer's need to have a simple "yes" or "no" answer. However, our system is a tool that performs automated document authentication -- it is not the final arbiter. For pristine documents with a high degree of security features, our system will tend to be quite accurate. However, many identity documents are neither pristine nor built with a high degree of security features. This is why we have a risk-based scoring system rather than a simple"yes" or "no" answer.

    For example, a perfectly valid New York state driver's license could be in a damaged condition, preventing, say, its bar code from being read. That will cause AssureID to flag the document as being somewhat risky. However, an operator who looks at the affected region can tell that there was some damage due to wear and tear, but that all other aspects of the document look OK. So the final judgment will still have to be made by the operator.

12. How do you train documents? (OR) What is document training?

    
    The Document Authentication Library is a collection of document-specific authentication tests for over 1,600 ID documents (as of April 2007) from all over the world. It was built by training specific documents -- one at a time. Engineers and forensic document experts at AssureTec examine each new document type under various lighting conditions, looking for unique security features to test for. They encode these tests into the library using an AssureTec internal tool called the Document Authentication Wizard. This process is called document training.

13. What training might a partner or "super user" (e.g. a government document forensic expert) be able to do?

    
    None. The Document Authentication Wizard, the tool used to populate the Document Authentication Library, is an AssureTec internal tool. This means that only AssureTec can change the Document Authentication Library. There are several reasons for this, but perhaps the most important one is that every change in the Document Authentication Library must go through extensive regression testing to ensure accuracy and viability.

14. Can I send you new documents for analysis?

    
    Depends on what you mean. If you encounter a new document that comes up as unrecognized on our software, and you are an AssureTec partner, we will work with you (and the issuing authority if appropriate) to (i) determine the authenticity of the document and (ii) if authentic, include the document into our Document Authentication Library.

15. How do I get updates to the library?

    
    AssureTec updates the library periodically. So long as you have a valid subscription, you will be able to download these updates from our website by contacting support@assuretec.com. If you don't have a valid subscription, please contact sales@assuretec.com to obtain one. Every update of our software will also automatically include an updated library.

16. How do you know when there are new documents to add to the library?

    
    AssureTec is continually working with its partners to include new document types as they are encountered by our partners rolling out our product at their customer sites. At any given time, we have a backlog of documents to analyze for possible inclusion into our document authentication library. Not all documents in the backlog will result in the addition of a document type to the library. We will work with our partners to prioritize documents of interest to them for inclusion into our library update process.

17. How long does it take to add a new document to the library?

    
    If you are talking about the physical duration, depending on the complexity of the document, it could take our experts anywhere from a few minutes to several hours. Depending on the availability of our experts, the required turnaround time, and other factors, we could turnaround a new document in 1 or 2 business days if the situation demands it. For more specific information, please contact support@assuretec.com if you are an existing customer, or sales@assuretec.com if not.

18. When you get a sample of a new document, how do you know it is authentic?

    
    We do not automatically assume that a document is authentic. We will only enter documents in our library that can be vouched for as authentic. We rely on our partners as well as standards organizations and issuing authorities to determine the authenticity of documents.

19. Can you guarantee that a fake document is fake or that a genuine document is valid?

    
    AssureTec does not provide such guarantees. Please see our response to a question on false acceptance rates (FAR) and false rejection rates (FRR) elsewhere in this document.

20. Can you provide an official statement on FAR (false acceptance rate) and FRR (false rejection rate) metrics?

    
    The concept of FAR, FRR has no meaning for us in the sense of document authentication. We do not Accept nor do we Reject a document. Anyone who claims to be able to provide such a metric is not being honest. If you consider OCR or biometrics ONLY, then there are read rates and FAR/FRR have some meaning.

    Whereas a biometric is a unique measurement of an individual, a document has as many variations as the number of documents of that type that were printed. If we trained on a specific document then compared that document to any other document that was presented then we could state a statistic saying that we falsely accepted a document that was not that specific one a certain percentage of the time and conversely if that specific document was presented and we rejected it then there would be a statistic that would measure the percentage of times it was falsely rejected.

    We have run the same document against itself and in thousands of instances not seen a single reject, i.e. 0% FRR. We have also run sets of forged or altered documents against the trained document and never seen a false accept, i.e. 0% FAR.

    This is obviously not a useful exercise! There is such a tremendous variation in the same document type from a given issuer that very tight measurement tolerances cannot be used without very high number of Cautions or Alerts. This tolerance has to be further loosened to allow for normal wear and aging. When this is done, the probability of a good forgery or alteration going undetected increases. There are many variations amongst issuers in terms of their quality control, materials control, and the number of variations in where/how the documents are produced and personalized. There is also a wide range of variation in the inherent security features and readability of the documents. Lastly, there is a great variation in the durability of the document and the number of years the document is in service.

    In conclusion, the customer must be educated to understand that we are offering a tool to help reduce the FAR/FRR of the inspection process. The decision to accept/reject is still the responsibility of the inspector. All the authentication technology does is allow the evaluation of much more information on potential forgeries or alterations in less time and a much better controlled environment that he/she could possibly do alone. The information is presented to the inspector as a score as to how closely the document matches what we know about the document type. We also provide the image set and data from which we made the evaluation. The more we know about the document the better it can be trained and the better the quality of the help for the inspector.

    It would be nice to be able to statistically quantify performance using such metrics. However, unlike a biometric or OCR test there is not a unique control being measured, i.e. person or alphanumeric character.

21. What is the Library Customization tool? Who would use it and why?

    
    Most customers will never have to use the Library Customization tool. Only those small set of customers who are interested in speeding up their processing times by a fraction should use this tool to whittle down the list of documents checked for to the bare minimum.