Skip to content

Complete Server-Side Verification

While it's true that all authenticity checks can be successfully completed on smartphones and edge devices, they alone might not suffice. There's a potential risk of verification results being intercepted and modified by fraudsters directly on the same device. In the "zero trust to mobile" approach, Regula introduces an additional layer of protection against such fraud through Complete Server-Side Verification.

Let's have a look at it step by step.

Step 1: Optical Processing

The first step is optical processing that is performed on the mobile side.

To initiate optical processing, follow the Start Processing guide.

Enable returning the package for reprocessing to the processing results. This is necessary for generating encrypted results on the mobile side.

DocumentReader.Instance().processParams().shouldReturnPackageForReprocess = true;

DocumentReader.Instance().processParams().shouldReturnPackageForReprocess = true

For Complete Server-Side Verification, you need to run the Regula Web Service in your environment. Refer to the Web Service section for instructions on how to do that.

Step 2: RFID Chip Reading

Once the optical processing is completed, encrypted results are generated. The next step is to perform RFID chip reading.

To start the processing, follow the RFID Chip Processing guide.

While reading is performed on the mobile via NFC, the Regula Web Service becomes engaged in generating session keys and challenges, which are subsequently saved to Storage.

To enable RFID reprocessing, refer to the RFID Processing page.

Once the Regula Web Service is up and running, you need to specify its URL on the mobile side. This allows the Regula Mobile SDK to interact with it, facilitating the generation and sending of session keys and challenges.

ReprocParams reprocParams = new ReprocParams("https://api.regulaforensics.com");
DocumentReader.Instance().rfidScenario().setReprocessParams(reprocParams);

val reprocParams = ReprocParams("https://api.regulaforensics.com")
DocumentReader.Instance().rfidScenario().reprocessParams = reprocParams

In cases where the Web Service is inactive or encounters issues, the successful completion of RFID chip processing on the mobile side can be prevented.

To guarantee a check fail in case the Regula Web Service is not available, do the following:

ReprocParams reprocParams = new ReprocParams("https://api.regulaforensics.com");
reprocParams.setFailIfNoService(true);
DocumentReader.Instance().rfidScenario().setReprocessParams(reprocParams);

val reprocParams = ReprocParams("https://api.regulaforensics.com")
reprocParams.failIfNoService = true
DocumentReader.Instance().rfidScenario().reprocessParams = reprocParams

As soon as NFC chip processing is completed on the mobile side, the results will contain not only the optical outcomes but also the results of RFID chip processing.

Step 3: Handling Results

Next, handle the results and prepare them for sending to your service.

To obtain encrypted results, simply invoke the getEncryptedContainers method, which returns JSON.

String encryptedResults = results.getEncryptedContainers();

val encryptedResults = results.encryptedContainers

For example:

{
    "ContainerList": {
        "List": [
            {
                "EncryptedRCL": "...",
                ...
                "result_type": 49
            },
            {
                "License": "...",
                ...
                "result_type": 50
            }
        ]
    },
    "TransactionInfo": {
        ...
    }
}

Step 4: Sending Encrypted Results to Backend

Send the encrypted results to your backend to prepare the request that will be sent to the Regula Web Service for reprocessing.

Step 5: Reprocessing

Now that you have the encrypted results, you can start making up the request.

The request body should include three nodes:

  • processParam: Parameters to be used during the document processing.
  • ContainerList: A list of encrypted containers, such as licenses and other encrypted data.
  • TransactionInfo: Transaction metadata.

To complete this, add processParam to the JSON that was returned by the getEncryptedContainers method in step 3.

For example:

{
    "processParam": {
        "scenario": "FullProcess",
        "alreadyCropped": true
    },
    "ContainerList": {
        "List": [
            {
                "EncryptedRCL": "...",
                ...
                "result_type": 49
            },
            {
                "License": "...",
                ...
                "result_type": 50
            }
        ]
    },
    "TransactionInfo": {
        ...
    }
}

Send the request to Regula Web Service to the following endpoint:

POST /api/process

Request example using cURL

curl --request POST \
--url "https://api.regulaforensics.com/api/process" \
--header "Content-Type: application/json" \
--data '{ "processParam": { "scenario": "FullProcess", "alreadyCropped": true }, "ContainerList": { "List": [ { "License": "...", ... "result_type": 50 }, { "EncryptedRCL": "...", ... "result_type": 49 } ] }, "TransactionInfo": { ... } }'

Info

Please note that the request demonstrated above doesn't contain any data, so you won't receive any results from the Regula Web Service if you run it.

The request demonstrates only the structure that should be followed.

During the reprocessing, the Regula Web Service fetches session keys and challenges from Storage.

This marks the final step of Complete Server-Side Verification. Once the reprocessing is completed, you can then determine whether you should trust the mobile results or not.

Congrats! 🎉

You've successfully set up the Complete Server-Side Verification!