CH717006A2 - Procedure for user identification. - Google Patents

Abstract

A computer-implemented method for identifying a user using an identification document (1) comprises the following steps: receiving first data from a terminal (2) on an identification server (3), the first data including a photo (11) of the user and a security feature ; Checking the authenticity of the identification document (1) on the basis of the security feature; Receiving second data from the terminal (2) on the identification server (3), the second data depicting a part of the face of the user; Checking a correspondence of the user with an owner of the identification document (1) by determining a similarity between the photo (11) and the part of the face of the user; If the test results are positive, the identification of the user is recognized as correct by the identification server (3).

Description

Field of invention

The invention relates to a computer-implemented method for identifying a user using an identification document and an associated system.

background

In processes or actions to which only a certain person is authorized or in which the establishment of the identity of a person is central, the problem of identifying the person regularly arises. Examples are opening a bank account, purchasing a SIM card for mobile phones or performing certain services with public authorities. Conventionally, the identification is carried out in the presence of the person and with the aid of an identification document, for example an ID card, an identity card or a passport.

In the case of identification without the presence of the person, for example via the Internet, a challenge is to be able to determine the identity of the person safely and unequivocally even without the person and the identification document being seen. In particular, a method for identification should therefore offer as few possibilities for manipulation as possible.

It is therefore an object of the present invention to provide a method with which a person can be identified safely and unequivocally, even if the person cannot be visually identified by another person.

Presentation of the invention

The object is achieved by a computer-implemented method for identifying a user using an identification document according to claim 1. Identification is understood to mean in particular the establishment of the identity of the user or, in other words, the verification that the user is who he is to his pretending. The identification document can be, for example, an ID card, an identity card, a biometric ID, a passport or a driver's license.

The method comprises the following steps, in particular in the order given: Receiving first data from a terminal on an identification server, the first data including a photo of the user and a security feature: The terminal is preferably a device that is available to many users, e.g. a mobile phone, a notebook or a desktop PC with a camera for Record image data. The identification server preferably comprises a system for data processing at a party interested in the identification or at an external service provider. The photo is usually a portrait or passport photo of the holder of the identification document. In particular, the photograph and the security feature are integral components of the identification document.

In one embodiment, the first data is at least partially stored on a chip of the identification document, for example on a biometric identity card or passport. The security feature can include an electronic signature, in particular a digital signature. The first data with a photo and security feature can then preferably be read out digitally by the terminal. For this purpose, the end device has an NFC sensor, for example. Checking the authenticity of the identification document using the security feature: In the event that the security feature comprises an electronic signature, it makes sense that this step includes checking the authenticity and integrity of the first data using the electronic signature. Authenticity means in particular that the first data actually come from an alleged issuer of the identification document, e.g. from a passport issuing authority. Integrity means in particular that the first data have not been manipulated, i.e. in particular that they are still the original data that the issuer saved on the chip. In particular, the digital signature can be used to check the authenticity. A certificate required to check the electronic or digital signature can, for example, be obtained for Swiss passports on the website of the Federal Office for Information Technology and Telecommunications. In general, the signature and the certificate together form a "trust chain" in which one end is securely anchored at the issuing authority of the identification document and the other end is securely stored on the identification document Receiving second data from the terminal on the identification server, the second data depicting a part of the face of the user: the second data therefore include in particular an image which shows at least part of the face of the user. The second data are preferably generated while the method is running for identification. In particular, the second data thus include a photographic recording with a part of the face that the user creates of himself while the method is running, advantageously with the camera of the mobile radio device.

To prevent manipulation, it is also advantageous that when the second data is created, a liveness detection is carried out, that is to say in particular that it is established that the second data actually depicts the part of the user's face at the current point in time. In this way, it can be avoided, for example, that a photo of the owner of the identification document is transmitted as the second data, but it does not match the user. Checking a match between the user and an owner of the identification document by determining a similarity between the photo and the part of the face of the user: The similarity is determined in particular by image processing methods, e.g. by a correlation, by feature detection or by a distance metric statistical methods, e.g. neural networks. If the test results are positive, the identification server recognizes the user's identification as correct: The tests relate in particular to checking the authenticity of the identification document and checking that the user agrees with the owner of the identification document, as described above. Further tests, which are advantageously carried out before the identification is recognized as correct, are described below as preferred embodiments. If the identification of the user is recognized as correct, the identification server preferably outputs a signal which confirms the correct identification and is, in particular, a prerequisite for further steps such as, for example, opening a bank account.

Such a method has the advantage that the user can identify himself from a remote place. In particular, when opening a bank account, the user does not have to go to a bank branch on site, but can carry out the identification in a time-saving manner using his identification document and his end device, e.g. a smartphone.

In the event that the security feature comprises an electronic signature which is stored on the chip of the identification document, the security of the method is further increased since the electronic signature is an additional security feature that is difficult to forge or manipulate. By including the electronic signature stored on the chip, when checking the identification document for online identification in some countries, e.g. Switzerland, security measures such as an account transfer of e.g. 1 centime, which are otherwise required by the regulator, are no longer required.

However, the above method can also be carried out with an optical security feature, as described below, or comprise a combination of an optical security feature and an electronic signature as a security feature.

In one embodiment, the method, in particular according to claim 3, comprises the following steps, in particular in the specified order: Receiving first data, in particular first image data, from a terminal on an identification server, the first image data depicting at least part of the identification document with a photograph and a security feature, in particular an optical security feature: The terminal is preferably a device that is available to many users, e.g. a mobile phone, a notebook or a desktop PC with a camera for recording image data. The identification server preferably comprises a system for data processing at a party interested in the identification or at an external service provider. In one embodiment, the first image data comprise a photograph of a page of the identification document. A security feature is understood to be a feature of the identification document that proves the authenticity of the identification document, in particular since it is difficult for unauthorized persons to reproduce or manipulate. Typical optical security features are an engraving, an embossing, a security thread, a kinegram, a hologram or an optically variable device (OVD). Checking the authenticity of the identification document by comparing the security feature depicted in the first image data with generally applicable properties of the security feature: The security feature is advantageously characterized by a property that is difficult, i.e. only with great effort, to be reproduced or manipulated and which is common to the general public or at least trained Staff is known so that the presence of the property can be easily checked. The property can be, for example, a quality of the material or an appearance of the security feature. In other words, the generally applicable properties are given with the definition of the security feature by an issuer of the security feature or follow directly from the definition. The generally applicable properties are therefore implemented in particular in each security feature that follows the definition. Extracting the photo from the first image data: The photo is usually a portrait or passport photo of the owner of the identification document. In one embodiment, the light image is extracted from the first image data, in particular the photo, by an image processing method, e.g. edge detection or classification. The extraction of the photo can be carried out on the identification server or on the terminal device. The extraction step can also be carried out at a different point in time, for example before the first image data is received or after the following step. Receiving second data, in particular second image data, from the terminal on the identification server, the second image data depicting a part of the face of the user: The second image data therefore include in particular an image that shows at least part of the face of the user. The second image data are preferably generated while the method is running for identification. In particular, the second image data thus comprise a photographic recording with a part of the face that the user creates of himself while the method is running, advantageously with the camera of the mobile radio device. To prevent manipulation, it is furthermore advantageous that a liveness detection is carried out when the second image data is created, that is to say, in particular, that it is established that the second image data actually depicts the part of the user's face at the current point in time. In this way it can be avoided, for example, that a photo of the owner of the identification document is transmitted as the second image data, but this does not match the user. Checking a match between the user and the owner of the identification document by determining a similarity between the photo and the part of the face of the user: The similarity is determined in particular by image processing methods, e.g. by a correlation, by feature detection or by a distance metric statistical methods, e.g. neural networks. If the test results are positive, the identification server recognizes the user's identification as correct: The tests relate in particular to checking the authenticity of the identification document and checking that the user agrees with the owner of the identification document, as described above. Further tests, which are advantageously carried out before the identification is recognized as correct, are described below as preferred embodiments. If the identification of the user is recognized as correct, the identification server preferably outputs a signal which confirms the correct identification and is in particular a prerequisite for further steps such as opening a bank account.

Advantageous embodiments include the following features:

In one embodiment, the method further comprises the steps Determining identity data from the first image data: identity data can include, for example, a name, an address, a date of birth or an identification number of the owner of the identification document. Identity data can in particular be determined from the first image data using image processing methods, e.g. with text recognition. This step can also include the assignment of further identity data to the identity data determined directly from the image data, in particular by calling up the further identity data from a database in which they are linked to the specific identity data. In the event of positive results of the tests, assigning the identity data to the user: If the identity data are determined from the image data, the user does not have to enter them in a particularly time-consuming manner. This enables the identity data to be determined in a time-saving manner, in particular also in standardized form as they are present on the identification document and / or in the database.

In a further embodiment, the method additionally comprises the steps Determining a type of identification document: The type can be, for example, an ID card, an identity card, a passport or even a driver's license. Furthermore, the species can be identified by an institution issuing the identification document, e.g. a national authority. The determination of the type can in turn be determined via image processing methods, e.g. feature detection and classification with statistical models, or also banally via user input. Loading of the general properties of the security feature belonging to the type of identification document: The type of identification document is usually associated with the presence of at least one specific security feature in a precisely defined form. Thus, if the type is determined, the security features and their properties that exist for this type can be loaded from a database, for example.

The next two embodiments relate to the nature of the security feature and how this can be used in the method for identification: The security feature is preferably such that it looks different from different angles, in particular that there is a color or one in the security feature the shape shown changes. In order to be able to check this feature, the first image data comprise several images of the security feature from different viewing angles. Examples of such a security feature are a kinegram, a hologram or an OVD. The multiple images from different viewing angles are achieved in particular by tilting the terminal device relative to the identification document or by moving the terminal device relative to the identification document between the images. The user is preferably guided by issuing instructions on the terminal when taking the plurality of images.

Alternatively or additionally, the security feature of the identification document can be designed so that it looks different when the lighting changes, in particular that a color or a shape shown in the security feature changes. In order to be able to check this feature, the first image data include several images of the security feature with different lighting, in particular with different lighting brightness. Examples of such a security feature are in turn a kinegram, a hologram or an OVD.Thus, the lighting of the security element is preferably changed between the recording of the images, be it by dimming or switching a light source on / off, by changing the angle to the incident light, by a Change of distance to a light source etc.

In one embodiment, the terminal is a mobile device with a light source with at least two brightness levels. At least two images of the first image data are correspondingly recorded at different brightness levels of the light source. As available to many users, the terminal is preferably a mobile phone with a flash.

Further advantageous embodiments are characterized by at least one of the following properties: the security feature comprises at least one of the following features: a frame around the photograph, a pattern or an engraving, the security feature is at least partially attached to the photograph and includes in particular one of the features mentioned above, the security feature comprises an OVD or a kinegram.

Another aspect of the invention relates to a system for data processing, in particular an identification server, comprising a processor which is adapted to carry out the method described. Still further aspects relate to a computer program, comprising instructions which, when the program is executed by a computer, cause the computer to carry out the described method, and a storage medium with the computer program.

Brief description of the drawings

[0020] Further refinements, advantages and applications of the invention emerge from the dependent claims and from the description that follows with reference to the figures. The figures show: FIG. 1 an identification document, a terminal and an identification server in one embodiment of the invention; FIG. 2 shows a flow chart with a method for identifying a user according to an embodiment of the invention; FIGS. 3 to 5 each show an identification document and a terminal in further embodiments of the invention; FIG. 6 shows an identification document, a terminal and an identification server in a further embodiment of the invention; FIG. 7 shows a flow chart with a method for identifying a user according to a further embodiment of the invention.

Ways of Carrying Out the Invention

Figure 1 shows elements that are used in a method according to an embodiment of the invention: an identity card (ID card, identification document) 1, a mobile phone (terminal) 2 and a server (identification server) 3 is for example the Swiss ID and comprises a passport photo 11, a frame 12 around the passport photo 11, an engraving 13, for example the number “13”, and a pattern 14 of lines that partially run over the passport photo 11. Certain properties of the frame 12, the engraving 13 and the pattern 14 are precisely defined by the issuer of the ID card 1, for example the type of transition from passport photo 11 to frame 12, the nature and arrangement of the engraving 13 and the course of the lines of the pattern 14. These elements can thus be used as security features by means of which anyone, or at least one person who knows the specific properties, can check the authenticity of the ID card 1.

Furthermore, the ID card 1 in Figure 1 comprises a kinegram 15, the shape of which is reminiscent of a rock crystal in the case of the Swiss ID. The kinegram 15 also serves as a security feature, since it has defined properties and is difficult to reproduce. In addition, the ID card 1 includes identity data 16, in the case shown, the name “Hans Meier”. In general, other identity data 16 can also be noted on the ID card 1 in addition or as an alternative, e.g. an ID number or address. The identity data advantageously include 16 machine-readable characters as they are present on a machine-readable passport in accordance with ICAO standard document 9303 or ISO / IEC 7501-1 in a machine-readable zone (MRZ) provided for this purpose. The ID card 1 can also have a different shape and comprise other elements, in particular in a different arrangement. On the other hand, the defined and standardized properties of the ID card 1 of a certain type, e.g. a Swiss ID, which enable verification of authenticity in the first place, are always the same.

The mobile phone 2 in Figure 1 comprises a camera 21 for taking pictures and / or videos in a field of view 22 of the camera 21 and a flash (light source) 23. The server 3 comprises a processor for executing the method and the necessary for it permanent and temporary storage. The server 3 is normally located at the institution that is interested in the identification of the user, i.e. when an account is opened, e.g. at the bank or at an authority. Alternatively, the server 3 can also be outsourced to a service provider who carries out the identification on behalf of the institution and, at the end of the method, forwards information to the institution as to whether the user was correctly identified or not. To carry out the method, the server 3 has a data connection 31 to the mobile phone 2, which is particularly suitable for the transmission of images and / or videos and comprises at least one of the following connection types: cellular radio, WLAN, Bluetooth, LAN, Ethernet cable.

A method according to an embodiment of the invention, which can be carried out with the arrangement of Figure 1, is shown in Figure 2 as a flow diagram. The user who would like to identify himself to the institution takes a first picture of his ID card 1 with the camera 21 of the mobile phone 2 in step S1, on which the passport picture 11 and at least one of the security features 12 to 15 are depicted. The first image is sent from the mobile phone 2 via the data connection 31 to the server 3 and received by the server in step S2. In step S3, the authenticity of the ID card 1 is checked on the server 3 on the basis of security features shown in the first image.

In one embodiment, the security features 12 to 14, which are related to the photo 11, are used for checking in step S3. In particular, it is checked whether, alternatively or cumulatively, the frame 12, the engraving 13 and / or the pattern 14 has generally applicable properties that follow from the definition of these elements. If this is not the case, the ID card is classified as false, the identification process is aborted and negative information is output for identification in step S0. Alternatively or cumulatively, the kinegram 15 can also be checked by comparing its image in the first image with general properties.

The generally applicable properties are implemented as at least one criterion that can be tested with image processing methods on the basis of the first image. The generally applicable properties can relate to the definition of the security feature itself, e.g. an exact geometric arrangement of the pattern 14, or to an optical effect that is caused by the security feature in a defined form and is visible in the first image, e.g. a color effect or a color change in the case of several images from the kinegram 15. The generally applicable properties and criteria can be established on the one hand on the basis of the definition of the security feature. On the other hand, they can be set up by artificial intelligence using machine learning methods, e.g. by neural networks. In particular, the generally applicable properties and the criteria are established through monitored learning by showing the artificial intelligence various real and fake ID cards, in each case together with the information whether the ID card is real or fake, i.e. forged. Resilient and reliable criteria for authentication can only be defined on the basis of the first image.

If the ID card 1 is classified as genuine in step S3, the user takes a second picture of himself in step S4 of FIG. 2, on which his face or at least part of his face can be seen. The second image is in turn sent from the mobile phone via the data connection 31 to the server 3 and received by the latter in step S5. In step S6, a check takes place as to whether the person depicted in the second image corresponds to the holder of the ID card 1, that is, in particular, is the same person as the person in the photo 11. For this purpose, the photo 11 is extracted from the first image. The extraction can already be carried out beforehand and in particular already on the mobile phone 2. In this case, the server 3 receives the extracted photo 11 from the mobile phone 2, e.g. in step S2 together with the first image or in step S5 together with the second image.

The checking of the correspondence of the user with the holder of the ID card in step S6 is done by determining a similarity between the photo 11 and the face or part of the face on the second image. The second image is advantageously replaced by a video or two second images so that it can be determined that the person depicted in the second image is actually sitting live in front of the mobile phone 2 and is not only depicted on a photo that another person is in the Camera 23 holds. This is achieved, for example, by the user moving during the video or between the two second images and then checking whether the movement process is realistic (motion detection). Such a liveness detection can alternatively also be achieved via further sensor data of the mobile phone 2, e.g. by including a proximity sensor.

If the similarity between the face on the photo 11 and the face on the second image does not exceed a certain level, the identification of the user is classified as incorrect, the identification process is aborted and negative information for identification is output in step S0. However, if the similarity exceeds a certain level, the identification of the user is classified as correct and, in step S7, positive information is output for identification.

The method described is preferably implemented in a computer program that runs on the server 3. This communicates via the data connection 31 with an application (app) or a web application in the browser (web app) on the mobile phone 2. The app is advantageously designed in such a way that it guides the user through the identification process, i.e. in particular issues instructions, when and how you should take the first and second picture or video. Furthermore, it is advantageous that the app is implemented in a secure manner, that is to say in particular prevents manipulation of the first and / or second image or video and possibly the extracted photo.

Basically, the user enters his personal data, e.g. name, address, date of birth, e.g. at the beginning of the method in step S1 in the app. The data is also transferred to the server 3 and verified there, e.g. by comparing it with a recognized personal database, e.g. the Swiss Post.

Instead of entering the personal data manually, an optional extension of the method in Figure 2 makes use of the identification data 16 on the ID card 1: The identification method starts in step S1 with the recording of the first image and without entering personal data. These data are then extracted from the first image, which also depicts the identification data 16. This can be done in step S2 or S3, for example. In addition, the server 3 can compare or enrich the extracted data with further data from a connected database. This is particularly helpful when not all of the identification data 16 can be extracted correctly from the first image.

Figures 3 to 5 show further embodiments of the method that make use of the generally applicable properties of the kinegram 15 for checking the authenticity of the ID card 1. The corresponding tests can therefore be implemented additionally or alternatively in step S3 in FIG. However, they also have an impact on how the user takes the first picture or several first pictures or a first video in step S1 with his mobile phone 2, which are then received by the server 3 in step S2.

FIG. 3 relates to the property of the kinegram 15 to show different colors or different shapes from different angles. Due to the standardized definition of the kinegram 15, this always takes place in a similar manner, so that it is possible to derive from this in turn general properties and criteria of how a real kinegram looks on an image or video from a certain viewing angle.

Correspondingly, according to FIG. 3, the user is asked to take two first pictures of the ID card 1 from different angles or a first video during which the user tilts the ID card 1 or the mobile phone 2 relative to the ID card 1 emotional. Tilting the ID card 1 around a defined axis, e.g. horizontally or vertically, is particularly practical, since the user generally has to carry out the movement process as precisely as possible according to the instructions in the app so that the generally applicable properties of the kinegram 15 are actually in the first images or the first video can be found.

Figure 4 shows a variant of the tilt 24 in Figure 3. Here the user takes two first pictures at different distances between ID card 1 and mobile phone 2 or a first video, during which he performs such a distance change 25, so either the ID card 1 or the mobile phone 2 moves relative to the other object. In this case, too, characteristic color or shape changes of the kinegram 15 can be determined in the first images or the first video, which can be used in the test in step S3. This is due in particular to the change in the lighting and / or the field of view 22 of the camera 21 relative to the incident light.

Figure 5 shows a further variant, wherein no relative movements 24 or 25 as in Figures 3 and 4 are necessary, but the lighting of the ID card 1 is changed between the at least two first images or during the first video. For this purpose, the flash 23 of the mobile phone 2 is particularly suitable, which is controlled in such a way that it causes different brightnesses in the first images or during the first video. This embodiment is particularly easy to implement in that, for example, the app takes two first images at short intervals, with the flash 23 being switched on in one image and off in the other. In addition, the brightness of the flash 23 can be controlled by the app in more than two stages, so that further optical effects of the kinegram 15 are visible on the first images or the first video.

Figure 6 shows (analogously to Figure 1) elements that are used in a method according to a further embodiment of the invention: a biometric passport or identity card 1a, a mobile phone (terminal) 2 and a server (identification server) 3. The biometric Passport 1a comprises a chip 17 on which personal data of the user, such as for example surname, first name, address and date of birth, as well as fingerprints and a photo of the user's face are usually stored.

The chip 17 can be read electronically via a wireless connection 27, for example by an NFC sensor 26 contained in the mobile phone 2.

Furthermore, an electronic, in particular digital, signature is stored on the chip 17 as a security feature, which signature was created by the passport authority when the passport 1a was issued. This signature can be used to check the authenticity and integrity of the data on the chip 17. Reading out the chip 17 therefore represents a secure way of checking the authenticity of the biometric passport 1a. Furthermore, by reading out the chip 17, the photo 11 and the personal data of the user are electronically available in good quality.

In comparison to the method of FIGS. 1 and 2, there is basically no need in FIG. 6 to photograph the passport 1a and to check the optical security features 12-15. A combination with the method described with reference to FIGS. 1 and 2, that is to say in particular the additional checking of the optical security features 12-15, is, however, conceivable. The above explanations can therefore also be applied to FIGS. 6 and 7.

In the following, the method according to the further embodiment is described with reference to the flow chart in FIG. The user who would like to identify himself to the institution reads in step S11 the electronic signature, the personal data and the photo 11 of his passport 1 a electronically with his mobile phone 2. This is normally done by an app that runs on the mobile phone and controls the NFC sensor 26, which reads the data from the chip 17.

It may be necessary that the name, date of birth and / or other personal data of the user must be specified in order to be able to read out the personal data, the photo and the electronic signature from the chip 17. This can be done by the user entering their name and / or date of birth in the app. Alternatively, however, this step can also be accomplished by photographing and recognizing the identification data 16 in the MRZ of the passport 1a, which saves time and is less prone to errors than manual entry.

The electronic signature, the personal data and the photo are then sent from the mobile phone 2 via the data connection 31 to the server 3 and received by the server in step S12.

In step S13 - similar to Figure 2 - the authenticity of the passport 1a is checked using the electronic signature as a security feature. Public-key authentication or a digital signature are often used here. In particular, the server 3 uses a certificate for the authenticity check which is provided, for example, by the issuing authority of the biometric passport 1a or on a master list of certificates from the International Civil Aviation Organization (ICAO). The signature and the certificate together form a "trust chain" in which one end is securely anchored at the issuing authority of the biometric passport and the other end is securely stored on the chip 17 of the biometric passport 1a.

If the verification of the authenticity and integrity of the passport comes to a negative result in step S13, the identification method ends in step S10 as having failed. An error message is then usually displayed to the user on the mobile phone 2.

If, on the other hand, the passport 1a is classified as genuine in step S13, the user takes a picture of himself with the camera 21 of the mobile phone 2 in step S14, on which his face or at least part of his face can be seen. This image is in turn sent from the mobile phone 2 via the data connection 31 to the server 3 and received by the latter in step S15.

The checking of the agreement of the user with the holder of the ID card in step S16 is done analogously to step S6 above. If the similarity between the face in the photograph and the face in the image does not exceed a certain level, the identification of the user is classified as incorrect, the identification process is aborted and negative information for identification is output in step S10. However, if the similarity exceeds a certain level, the identification of the user is classified as correct and, in step S17, positive information is output for identification.

The further remarks on the preferred implementation of the method above apply analogously here.

The method of FIGS. 6 and 7 benefits from an increased level of security, in particular compared to the method of FIGS. 1 and 2, which is achieved by electronically reading out the data including the electronic signature. At the same time, the method is simpler and less prone to errors, since in principle there is no need to photograph the passport 1a or extract the photograph.

While preferred embodiments of the invention are described in the present application, it should be clearly pointed out that the invention is not limited to these and can also be carried out in other ways within the scope of the following claims.

Claims (11)

1. Computer-implemented method for identifying a user on the basis of an identification document (1), comprising the steps - Receiving first data from a terminal (2) on an identification server (3), the first data including a photo (11) of the user and a security feature, - Checking the authenticity of the identification document (1) on the basis of the security feature, - Receiving second data from the terminal (2) on the identification server (3), the second data depicting a part of the user's face, - Checking that the user agrees with an owner of the identification document (1) by determining a similarity between the photograph (11) and the part of the user's face, - If the test results are positive, the identification of the user is recognized as correct by the identification server (3). 2. The method according to claim 1, wherein the first data are at least partially stored on a chip (17) of the identification document (1), wherein the security feature comprises an electronic signature, wherein checking the authenticity of the identification document (1) comprises the following step: - Checking the authenticity and integrity of the first data using the electronic signature. 3. The method according to claim 1 or 2, wherein the first data comprises first image data, wherein the security feature comprises an optical security feature (12-15), wherein the first image data depict at least part of the identification document (1) with the photo (11) and the optical security feature (12-15), wherein checking the authenticity of the identification document (1) comprises comparing the optical security feature (12-15) with generally applicable properties of the optical security feature, additionally comprehensive the step - Extracting the light image (11) from the first image data. 4. The method according to claim 3, further comprising the steps - Determination of identity data from the first image data, - If the results of the checks are positive, assign the identity data to the user. 5. The method according to any one of claims 3 or 4, further comprising the steps - determining a type of identification document (1), - Loading of the general properties of the optical security feature (12-15) belonging to the type of identification document (1). 6. The method according to any one of claims 3-5, wherein the optical security feature (12-15) is such that it looks different from different angles, in particular that a color or a shape shown in the optical security feature (12-15) changes, wherein the first image data comprise a plurality of images of the optical security feature (12-15) from different viewing angles. 7. The method according to any one of claims 3-6, wherein the optical security feature (12-15) of the identification document (1) is such that it looks different when the lighting changes, in particular that a color or a shape shown in the optical security feature (12-15) changes, wherein the first image data include several images of the optical security feature (12-15) with different lighting, in particular with different brightness of the lighting. 8. The method according to claim 7, wherein the terminal (2) is a mobile device with a light source (23) with at least two brightness levels, wherein at least two images of the first image data are recorded at different brightness levels of the light source (23), in particular wherein the terminal (2) is a mobile phone with a flash. 9. The method according to any one of claims 3-8, having at least one of the following properties: - The optical security feature (12-15) is at least partially attached to the light image (11), - The optical security feature (12-15) comprises at least one of the following features: a frame (12) around the photo, a pattern (14) or an engraving (13), - The optical security feature comprises an OVD or a kinegram (15). 10. System for data processing, comprising a processor which is adapted to carry out the method according to any one of the preceding claims. 11. A computer program, comprising instructions which, when the program is executed by a computer, cause the latter to carry out the method according to any one of claims 1 to 9.