How does Divao ID verify the identity of an individual?

Divao ID verifies an individual’s identity by scanning and recognizing their identification documents, conducting image forensics, and analyzing traces of alterations. In the Advanced tier of our service, we use facial recognition to compare identity document photos against selfies or videos taken in real time. In the video, we invite individuals to speak random words as a proof-of-life check to ensure the authenticity of the video.

Divao ID understands that not all services require bulletproof verification in their customer onboarding process. Hence, Divao ID conducts customer verification based on the level of assurance (LOA) requested by the service provider to onboard their customers.

How long does it take to recognize and verify an identity document?

It only takes a few seconds.

Where does Divao ID store identification information of individuals?

Divao ID does NOT store any identification information. We analyze identity proofs (selfies, documents, etc), digitally sign them, then encrypt and store an individual’s data in their own device. All the identity proofs will be deleted on our servers once the process is complete.

Divao ID doesn’t store any personal data, data cannot be leaked even if servers of Divao ID are hacked, acquired by another company, or confiscated by any government. This makes Divao ID a secure choice for individual identification and customer onboarding.

Divao ID claims they can verify an individual's identity while keeping their privacy safe and under control. That sounds contradictory: how can one’s identity be verified without exposing their privacy?

Keeping individual’s privacy safe is one of the core values on which we founded Divao, and we do our best in every way to maintain your privacy. On the other hand, we combat identity fraud and verify individuals on behalf of service providers as best as we can. With the help of the latest forensic and cryptographic technology, we’ve developed a unique approach to accomplish these two seemingly contradictory objectives:

  1. Divao ID receives personal identification information from individuals during the identity verification process. The data is kept in volatile memory on our servers for the sole purpose of executing identity verification and is totally erased after the verification process is complete.
  2. the personal information is verified, we issue a digital certificate to the verified data and save the verified personal data as well as the certificates in the their device (usually a mobile phone or desktop).
  3. Individuals can control whether and what data to share their personal data with each service provider. Because the data is pre-verified and digitally signed, service providers do not need to store and verify customer data by themselves. This minimizes the propagation of precious personal data.
  4. In many cases, service providers only need the “proof” that personal identity does exist and their information is correct, but does not need the information itself. For example, an online liquor store only needs to ensure that a customer can prove with their identity card that they are 18 years old or above, but does not need the scanned copy of identity card itself. Divao ID enables the customer to prove his identity (e.g. have a valid California driver’s licence, is over 18 years old, or has a formal name) to service provider, without actually exposing his or her personal information.

Will the identity information verified by Divao ID expire?

Yes, depending on the nature and the expiry date of the source document, different kinds of personal identification data has different “shelf lives” and will need to be verified again once it is expired. For example, a proof of date of birth provided by a government-issued identity card may expire in 10 years from the date of issue. Divao ID will automatically prompt the individual holding the ID document to re-verify when their data has expired.

Does Divao ID use blockchain technology?

No, we don’t. The buzzword “blockchain” in essence is a data structure. What makes “blockchain” special, as we’ve seen in Bitcoin, Ethereum or other blockchain projects, is when combined with cryptography, participants of a peer-to-peer network can achieve a “consensus” to the “truth” of the blockchain state, without the need to trust any central authorities. However, there is a caveat: the blockchain is public by design, and everyone can make a copy of it. Although data in blockchain is generally encrypted, hackers can archive a blockchain and wait until vulnerability is found or the encryption algorithm is discovered to unravel the information inside.

For use cases like currency transactions, public blockchain works because the value of the data, namely transaction details, depreciates over time. Provided that cryptographic algorithm has an average “shelf-life” of 15-20 years, it is long enough for currency transactions that Bitcoin and other blockchain technologies are built on to cause any problems. However, it is not the case for personal identifiable information, which it is valuable and vulnerable regardless of time. A public blockchain full of personal information is an alluring target for hackers. Hence it is not justified to put personal data into a public blockchain, risking data leak (in absolute certainty) in the future.

Divao ID deliberately avoid public blockchain to prevent data breaches. At the same time, Divao ID embraces the decentralization movement that embodies blockchain technologies. Using peer-to-peer network architecture, we empower individuals to control their personal data on their own device. Divao ID does this by verifying, signing and encrypting personal information, and by facilitating service providers to request data directly from customers.

For a comparison of our technology with blockchain, please visit our Technology page.

Why should I use Divao ID to verify my identity online?

Online identification is gaining in popularity and gives individuals the freedom to access online services without going through a long, arduous, sometimes-offline application process. However, most ID verification or eKYC services available in the market cater only to service providers and very few of them makes your privacy their first priority.

Divao ID, a privacy-first ID verification service, verifies and certifies your personal identification information and stores the data in your own device, be it mobile or desktop. When a service provider needs to verify your identity online, they request your data directly from your device, putting you in control of whether and what data to share. The entire process is peer-to-peer and encrypted. Once verified, you can use your ID everywhere, saving your time in online sign-up and applications.

As a Divao ID end-user, where is my personal information stored?

Personal identifiable information is encrypted and stored in the keystore of your device (be in mobile or desktop), safe from hacking and tempering.

How can I share my identification information with service providers? How do I manage my information?

The personal identification verification process is usually initiated by your service providers during the customer onboarding or application process. If you have not verified your ID with us yet, Divao ID will walk you through a short and easy ID verification flow. All you have to do is to take a photo of your ID, verify your information, then take a selfie, and your identity will be certified by us. After your identification information is verified, you will be prompted to choose which personal data you’d like to share with your service provider. Note that some information might be required by the service providers to complete the onboarding or process.

Once verified, you can reuse your Divao ID information with other service providers that use our services. Simply go back to https://divao.io to manage your ID information.

If the data is stored on my smartphone, what happens if I lost my phone?

If you lose the phone and you have no backup of the phone’s keystore, the data verified by Divao ID is also lost. If your mobile phone is locked with a secure PIN, your personal data should still be safe. However, to eliminate the risk of identity theft, we encourage you to email support@divao.io to revoke your identity in the event that you lose your phone. You can always re-verify your identity through Divao ID again with a new device.

Can I transfer my verified identity information to another device?

Yes, you can email support@divao.io to transfer, backup or clone your verified identity information from one device to another.

Can I delete my Divao ID data?

Divao ID do NOT store personal information in any of our server. Hence, you can remove the Divao ID data stored on browser of your device, by removing keychain and local storage data under domain https://divao.io.

However, please be noticed that, the copy of personal information you shared to service provider is out of Divao ID ecosystem, which will still leave in their own servers and is NOT removed.