xDoc Injection Attack Detection Integration
TrustX supports xDoc Injection Attack Detection (IAD) capability for document capture. xDoc IAD determines whether a submitted document image contains the presence of a genuine digital image that has been introduced to bypass the biometric sensor. This feature is currently in limited availability for testing purposes.
This document will describe the necessary steps to integrate xDoc IAD within a Process Definition and view the results of the capture process.
When using xDoc document capture alongside xFace Injection Attack, it is necessary that the xFace capture flow is performed before xDoc document capture in the Process Definition.
Configuring xDoc IAD
xDoc IAD can be integrated in a Process Definition using the 'Capture xDoc IAD v2.5.0 - Front' and 'Capture xDoc IAD v2.5.0 - Back' found in the Process Designer. This section will describe how to configure the Process Designer to introduce xDoc IAD as part of a document capture flow.
Step One - Create a Process Definition
To create a new Process Definition:
- Login to the Backoffice application.
- Click the 'Process Definitions' tab from the left-side vertical menu, then click the 'New Process Definition' button from the top -right of the page.
- A pop-up will appear where users can choose to create a Process Definition from scratch or from a template. In this example, a Process Definition with document capture only will be used.
Step Two - Add xDoc IAD Activities
A typical document capture flow will use a 'Capture Document' activity to where an identity document will be captured. In this guide, the standard document capture flow will be updated to use the 'Capture xDoc IAD v2.5.0 - Front' and 'Capture xDoc IAD v2.5.0 - Back' to capture the front and back sides of a document and perform injection attack detection against the captured document images.
The example Process Definition above shows a typical document capture process using the 'Capture Document Image - Front v3' activity.
- Click the 'Capture Document Image - Front v3' activity within the Process Designer and find the 'bin' icon to remove the activity from the flow.
- Once the previous activity has been removed, it can be replaced with the 'Capture xDoc IAD v2.5.0 - Front' activity. Find the activity in the Process Designer pallet, or search using the search field, then drag the new activity into place where the previous activity was found.
- The 'Capture xDoc IAD v2.5.0' activity will perform document capture and injection attack detection against the captured image.
Step Three - Connect xDoc Activity
The activity provides three boundary events.
- Failed xDoc - Triggers when the captured document image fails the injection attack detection check.
- Exceed Failed xDOc Count - Triggers when the number of capture attempts fails the count set within the activity input parameters.
- Timer Boundary Event - Triggers when the end-user exceeds the allotted time required to capture a document image.
- To begin, connect the 'Front side Document Capture Entry' gateway to the 'Capture xDoc IAD v2.5.0 - Front' activity using a sequence flow arrow. Additionally, connect the activity to the Document Quality Assessment activity.
- Connect all boundary events. In this example, the Failed xDoc event has been connected to the Front side Document Capture Entry gateway, while the Timer and Exceed Failed xDoc Count events are connected to the Write Summary Report activity.
Step Four - Configure the xDoc IAD Activity
The 'Capture xDoc IAD v.2.5.0 - Front' and 'Capture xDoc IAD v.2.5.0 - Back' activities provides input parameters that enable users to update various configuration options of the activity.
To access the parameters, click the activity to open the right-side contextual menu.
Capture xDoc IAD v.2.5.0 - Front input parameters:
| Parameter | Description | Type | Default | |
|---|---|---|---|---|
| Advanced configuration | An optional field that will allow the override of capture parameters without explicitely naming all the parameters. | string | {"delayStartInMilliseconds": 200,"lastPassedFrameDelayInMilliseconds":150} | |
| Allow back | An optional field that will enable back capture. | boolean | ${false} | |
| Camera resolution | Determines the capture resolution. Supported values are 1440p and 1080p. By default, the capture resolution is set to 1440p. | string | 1440 | |
| Camera Liveness Threshold | Sets the liveness threshold score | double | ${0.5} | |
| Camera Orientation | Orientation for camera capture. | string | PORTRAIT | |
| Cropping Tolerance | The cropping tolerance. | double | ${0.06} | |
| Document Aspect Ratio | Document aspect ratio. | string | ${_documentType == 'PASSPORT' ? 1.42 : 1.58} | |
| Document Key | The identifier of the document. | string | doc1 | |
| Document Side | The identifier of the document. | string | FRONT | |
| Exception On Max Attempts Exceeded | Determines whether to throw an exception when the max attempts has been reached. | boolean | ${false} | |
| Flash experience | Determines whether a flash is triggered upon successful capture of a document image. | boolean | ${false} | |
| For test | When enabled, injection attack detection check will be bypassed without requiring a separate face capture step. | boolean | ${false} | |
| List of Screens | The list of screens to be presented to the user during the capture process. Possible values include: instructions, capture, and preview. | list[strings] | ["instructions", "capture"] | |
| Max Attempts | The maximum number of retry attempts allowed before the 'Exceed failed xDoc count' error is thrown. | integer | ${3} | |
| MRZ Enabled | Set whether MRZ scanning will be enabled. By default, MRZ scanning is enabled for passport documents. | boolean | ${false} | |
| PDF417 Enabled | Set whether PDF417 scanning will be enabled. By default, PDF417 scanning is disabled. | boolean | ${false} | |
| Report Metrics | When enabled, report metrics will send document capture session data to TrustX for debugging purposes. This functionality is enabled by default. | boolean | ${true} | |
| SDK version | The SDK version used for the capture. | string | v4.1.x | |
| Scale Frames Down if Slow | When set to true, the number of frames required for a successful capture will be reduced. | boolean | ${true} | |
| Starting Component ID | The name of the capture step to be sent to the UI | string | document-capture-plus-v1 | |
| Tag 1 | The name of the capture step to be sent to the UI | string | Tags are values that the user can put into the activity to “tag” the capture process. These values may not be provided and are optional. | |
| Tag 2 | The name of the capture step to be sent to the UI | string | Tags are values that the user can put into the activity to “tag” the capture process. These values may not be provided and are optional. | |
| Tag 3 | The name of the capture step to be sent to the UI | string | Tags are values that the user can put into the activity to “tag” the capture process. These values may not be provided and are optional. | |
| Timeout in Seconds | Camera timeout in seconds. | integer | ${60} | |
| UI Component ID | The name of the screen used in the capture UI. | string | instructions | |
| Use Legacy Processing Screen | If enabled, the legacy processing screen will be shown to the end-user. | boolean | ${false} |
Capture xDoc IAD v.2.5.0 - Back input parameters:
| Parameter | Description | Type | Default | |
|---|---|---|---|---|
| Advanced configuration | An optional field that will allow the override of capture parameters without explicitely naming all the parameters. | string | {"delayStartInMilliseconds": 200,"lastPassedFrameDelayInMilliseconds":150} | |
| Camera resolution | Determines the capture resolution. Supported values are 1440p and 1080p. By default, the capture resolution is set to 1440p. | string | 1440 | |
| Camera Liveness Threshold | Sets the liveness threshold score | double | ${0.5} | |
| Camera Orientation | Orientation for camera capture. | string | PORTRAIT | |
| Cropping Tolerance | The cropping tolerance. | double | ${0.06} | |
| Document Aspect Ratio | Document aspect ratio. | string | ${_documentType == 'PASSPORT' ? 1.42 : 1.58} | |
| Document Key | The identifier of the document. | string | doc1 | |
| Document Side | The identifier of the document. | string | BACK | |
| Exception On Max Attempts Exceeded | Determines whether to throw an exception when the max attempts has been reached. | boolean | ${true} | |
| Flash experience | Determines whether a flash is triggered upon successful capture of a document image. | boolean | ${false} | |
| For test | When enabled, injection attack detection check will be bypassed without requiring a separate document capture step. | boolean | ${false} | |
| List of Screens | The list of screens to be presented to the user during the capture process. Possible values include: instructions, capture, and preview. | list[strings] | ["instructions", "capture"] | |
| Max Attempts | The maximum number of retry attempts allowed before the 'Exceed failed xDoc count' error is thrown. | integer | ${3} | |
| MRZ Enabled | Set whether MRZ scanning will be enabled. By default, MRZ scanning is enabled for passport documents. | string | ${_documentType == "PASSPORT"} | |
| PDF417 Enabled | Set whether PDF417 scanning will be enabled. By default, PDF417 scanning is disabled. | boolean | ${false} | |
| Report Metrics | When enabled, report metrics will send document capture session data to TrustX for debugging purposes. This functionality is enabled by default. | boolean | ${true} | |
| Scale Frames Down If Slow | When enabled, reduces the number of required frames of a document capture in the event that the capture processing is too slow. | boolean | ${true} | |
| SDK version | The SDK version used for the capture. | string | v4.1.x | |
| Starting Component ID | The name of the capture step to be sent to the UI | string | document-capture-plus-v1 | |
| Tag 1 | The name of the capture step to be sent to the UI | string | Tags are values that the user can put into the activity to “tag” the capture process. These values may not be provided and are optional. | |
| Tag 2 | The name of the capture step to be sent to the UI | string | Tags are values that the user can put into the activity to “tag” the capture process. These values may not be provided and are optional. | |
| Tag 3 | The name of the capture step to be sent to the UI | string | Tags are values that the user can put into the activity to “tag” the capture process. These values may not be provided and are optional. | |
| Timeout in Seconds | Camera timeout in seconds. | integer | ${60} | |
| UI Component ID | The name of the screen used in the capture UI. | string | instructions | |
| Use Legacy Processing Screen | If enabled, the legacy processing screen will be shown to the end-user. | boolean | ${false} |
Viewing xDoc IAD Results
xDoc injection attack detection results can be viewed from the Backoffice application. Results for xDoc IAD can be found in the individual Process Instance page where an xDoc IAD image was captured as part of the Process Definition.
Under the Documents section, the Document Injection will be listed as part of the completed tests.
Under the Checks section, docInjectionDetectionFront and docInjectionDetectionBack will provide results for xDoc IAD checks.
