SYS-03 // CASE STUDY

Identity Verification

Secure Government Identity Verification System — high-security Android integration for real-time electronic ID NFC chip reading (APDU), MRZ document capture, and on-device biometric liveness checks.

NFC / SMART CARDS BIOMETRIC LIVENESS ENCRYPTED CLIENT

01 — OVERVIEW

What is this System?

This client is a highly secured, modular Android application deployed internally for government agents. It provides a secure mechanism to authenticate citizens by reading the embedded secure chip on electronic passport and identity cards via NFC (ISO/IEC 14443 standard), verifying the printed Machine Readable Zone (MRZ) details, and performing on-device face biometric checks to verify identity ownership.

ISO 14443
NFC SMART CARDS
AES-256
LOCAL DATA ENCRYPTION
< 3 Sec
NFC READ SPEED
BIOMETRIC
ANTI-SPOOFING

THE CHALLENGE

Combating Identity Fraud & Impersonation

During census, verification, and critical service provisioning, identifying fraud or manual card tampering is incredibly difficult. Agents require an automated system to verify digital card signatures, authenticate cryptographic certificates on the smart card chips, and ensure the person presenting the card is its true owner in real-time.

THE SOLUTION

Cryptographically Secured Verification Client

An Android application integrated with Google ML Kit for MRZ reading, custom NFC APDU stack leveraging JMRTD to bypass basic access controls and establish secure BAC/PACE channels, and on-device face detection running liveness test vectors. Certified data gets signed locally using secure KeyStore RSA keys before sending.

02 — ARCHITECTURE

System design

Strict sandbox client architecture: hardware keys reside inside the Android Keystore, NFC APDU transceiver communicates directly over the terminal transceiver, and biometric payloads are processed isolated from persistent storage.

SCAN LAYERS CameraX MRZ Reader Biometric Liveness ML Kit + CameraX NFC ENVELOPE APDU / JMRTD stack BAC / PACE Channel KEYSTORE SECURE Hardware Keys RSA / SHA-256 Sign ENCRYPTED SEND SSL Pinning Encrypted Payload GOVERNMENT DB Digital Signature Identity Registry
STAGE 1
Optical MRZ Read & Extract

The application camera utilizes ML Kit OCR to read the standardized Machine Readable Zone (MRZ) on the physical card document. This generates the cryptographic passport key needed to establish basic communication with the smart chip.

STAGE 2
ISO 14443 NFC APDU Handshake

With the generated MRZ key, the Android NFC antenna transmits APDU commands to open a secure channel (BAC/PACE) on the smart card chip. Digital photos and encrypted biographical details are securely read.

STAGE 3
Liveness Anti-Spoofing Check

Real-time camera frames run an on-device facial detection liveness workflow, ensuring that a live human is presenting the ID instead of a static image, video playback, or paper mask.

STAGE 4
Cryptographic Verification & Upload

A secure signature is generated using a device-specific RSA key stored within the Android Keystore Hardware Enclave. The signed payload is transmitted securely to government verification databases.

03 — CAPABILITIES

Features & Tech Highlights

High-security features implemented to achieve complete identity record verification without compromises.

CHIP COMMUNICATION

NFC ISO/IEC 14443

Low-level smart card APDU transceive logic designed for reliable chip reading under Iraqi and international card frameworks.

  • JMRTD protocol parser
  • BAC & PACE security
  • Fast card communication stack

CAMERA OCR

MRZ Data Scanning

Real-time Machine Readable Zone scanning utilizing camera OCR frameworks for lightning-fast auto-completion.

  • ZXing and ML Kit Text OCR
  • Checksum checking validation
  • Automatic key derivation

ANTI-SPOOFING

On-Device Biometrics

On-device biometric verification validating user matches. Protects against card misuse or stolen identity cards.

  • Face landmark detection
  • Interactive liveness checks
  • Direct photo comparison

CRYPTOGRAPHY

Android Keystore Enclave

All cryptographic operations utilize private keys generated inside the secure Android Keystore hardware module.

  • RSA/AES key generation
  • On-device digital signatures
  • Encrypted cache files

NETWORK SECURITY

SSL Pinning & Security

Secure web service layer with certificate pinning, preventing intermediate network interception or payload injection.

  • OkHttp Certificate Pinning
  • JWT signed requests
  • Secure API endpoints

ARCHITECTURE

Clean Modular Codebase

Isolated modules following clean architecture principles to prevent unauthorized module crosstalk and access leakages.

  • Hilt dependency injection
  • Isolated core libraries
  • Strict boundary checks

04 — VERIFICATION WORKFLOW

Verification Pipeline

Step-by-step verification pipeline executed by field officers for real-time authentication.

STEP 01
Scan MRZ

Point camera at identity document MRZ line to scan biographical data and calculate security access key.

STEP 02
Tap NFC Chip

Hold the smart identity card against the device back NFC reader to securely extract biographical and photo data.

STEP 03
Face Match

Officer triggers front camera to capture user's face, performing anti-spoofing and local biometric match checks.

STEP 04
Sign Package

The application signs the complete verification record inside the hardware key storage enclave.

STEP 05
Submit & Audit

The encrypted validation token is submitted to the central database, generating a secure audit trail receipt.

05 — TECH STACK

Technologies used

State-of-the-art secure Android stack designed for government-level cryptographic requirements.

CORE & COMPONENT

Kotlin Jetpack Compose Hilt DI Coroutines Flow APIs MVVM

SECURITY & CRYPTO

Android Keystore RSA / AES SHA-256 SSL Pinning APDU Protocols JMRTD

HARDWARE & BIOMETRIC

NFC smart cards ML Kit Face detection CameraX OCR Liveness detection BiometricPrompt

MY CONTRIBUTION

Lead Security & NFC Architect

Architected and led the development of the high-security identity client, including the implementation of the NFC smart card APDU transceive logic, biometric face verification pipelines, and secure Keystore cryptographic sign layers.

  • Engineered custom NFC smart card reader using JMRTD libraries for Iraqi national ID standard
  • Designed local biometric anti-spoofing face detection layer running live camera analysis
  • Integrated secure device signature capabilities using private keys generated inside hardware enclave
  • Maintained clean modular codebase structure to fulfill strict security audit compliance criteria