CH713559A2 - Procedure for checking the identity of a person on a server. - Google Patents

Abstract

In a method for checking the identity of a person on a server (10) of a service provider, a terminal (2) of the person is connected to the server (10) via a data communication network. The following steps are executed fully automatically. A picture (101) of an identification document transmitted by the terminal (2) to the server via the data communication network is received. Information about the person to be checked is provided on the server (10). An image (104) of the person to be identified is extracted from the image (101) of the identification document received by the server. A file transmitted by the terminal (2) to the server (10) via the data communication network is received with a visual representation (103) of the person to be checked. A correspondence between the file received on the server and the visual representation (103) of the person and the image (104) of the person to be identified is evaluated by means of a face recognition method. Finally, a successful verification of the identity is confirmed if predetermined criteria, at least to the agreement, are met.

Description

description

Technical Field The invention relates to a method for checking the identity of a person on a server of a service provider, wherein a terminal of the person is connected to the server via a data communication network. The invention further relates to a method for generating a digital certificate for confirming the identity of a person assigned to the certificate and to a device for checking the identity of a person.

[0002] On the basis of corresponding legal regulations, business relationships with certain service providers may only be opened if the customer identifies himself to the service provider with legal certainty. Also for the issuing of certain documents or electronic certificates an identification is necessary, which meets certain regulations.

Thus, certain laws, bilateral and multilateral or international agreements to combat money laundering and terrorist financing require such identification of customers by their financial institution. Identification is also necessary if a person requires certain official IDs or an electronic proof of identity certificate.

Conventionally, the customer has identified himself by personal interview with the service provider or a third-party service provider who performs the identification. Recent legal regulations also permit identification "at a distance", eg. B. by means of a video chat with an employee of the service provider, in which connection official IDs are submitted (eg., Via the video connection).

Because this video identification continues to require the work of an employee on the part of the service provider, it is usually not possible (ie not around the clock and not on all weekdays), it is relatively expensive and has capacity limits due to the given number of available employees ,

DESCRIPTION OF THE INVENTION The object of the invention is to provide a method which belongs to the technical field mentioned at the beginning and which enables efficient identification and has high availability.

The solution of the problem is defined by the features of claim 1. According to the invention, the method comprises the following steps, which are carried out fully automatically: a) receiving an image of an identification document transmitted by the terminal to the server via the data communication network; b) providing information about the person to be checked on the server; c) extracting an image of the person to be identified from the image of the identification document received by the server; d) receiving a transmitted from the terminal to the server via the data communication network file with a visual representation of the person to be checked; e) evaluating a match between the file received on the server with the visual representation of the person and the image of the person to be identified by means of a face recognition method; f) Confirmation of a successful verification of identity, if given criteria, at least to the agreement, are met.

The steps a) - f) can be performed in different order, unless a particular step is not necessarily based on the result of another step. This also applies to the further possible method steps mentioned below.

The terminal may be a mobile terminal such as a smartphone, tablet or notebook computer or a substantially stationary terminal, for. A desktop computer. On the side of the terminal, a dedicated application (App) for carrying out the inventive method can be brought to expiration. Alternatively, the terminal accesses the data communication network to a server (web server), on which a corresponding application (web app) is brought to expiration. This access can be done, in particular, by means of a browser application running on the terminal.

The data communication network is in particular the Internet. In principle, however, within the scope of the method according to the invention, various communication networks and wireless as well as wired transmission technologies can be used, also in combination, e.g. LAN, WLAN, mobile networks, short-range networks, etc.

In particular, the identification document is a document issued by an authority with predetermined characteristics, e.g. a passport, identity card, driver's license, etc. The identification document is associated with a (natural) person and includes inter alia a photograph of the person, in particular a portrait, showing the person's face.

The image of the identification document and the visual representation of the person to be checked can be created directly in the context of the inventive method, in particular with an integrated in the terminal or connected to this camera. If necessary, the creation of the image or the visual representation can take place directly from the locally running application. Alternatively, a previously created with the terminal or transmitted to this image of the identification document or visual representation of the person can be used. For security reasons, it can be advantageous if the image or the visual representation can take place exclusively in real time and exclusively with a dedicated application.

The information to be provided on the server about the person to be checked can be entered manually by the person to be checked, they can - as described below - be extracted from the identification document or they can come from a third party, e.g. from a location that initiated the identity verification process, or from a directory or registry accessible to the server. The information can also be compiled from several sources.

The result of the evaluation of the match can be bivalent ("agrees", "does not match") or multi-valued, it can also be an i. W. stepless mass, e.g. a value between 0 and 100%, act. Especially in the second case, additional identification steps can be triggered to increase the reliability of the identification. Thus, additional visual representations and / or identification documents can be requested or additional, different types of identification steps are carried out as described below. Only when the criteria have been met according to certain specifications will the confirmation be confirmed.

Not all process steps must take place directly on the server of the review performing service provider. Instead, the server may offload certain steps to other servers, if any, from third-party service providers, as described in more detail below. In particular, extracting the image of the person from the image of the identification document and evaluating the match can take place on another server.

The confirmation of the successful verification of the identity (or a negative result verification message) may be made to the person being verified, to a third party, or both.

As will be explained in more detail below, in addition to the required correspondence between the visual representation and the mapping from the identification document further criteria can be specified so that a successful verification can be confirmed.

The process is fully automatic. This means that on the part of the service provider no manual operations such. a real-time interaction in the context of a video chat or a manual image comparison, must take place. Accordingly, there is a high availability, which is not dependent on the presence of a sufficient number of employees on the part of the service provider. The check can take place during 24 hours and on all days of the week. The result is not dependent on subjective influences due to the processing by different employees. Advantageously, the process runs in real time, i. H. the verification is essentially completed during the period in which the person under review interacts with the server.

The inventive method for checking the identity of a person can serve in particular as a prerequisite for the generation of a digital certificate, the digital certificate allows the confirmation of the identity of a person assigned to the certificate. If the check is successful, the digital certificate is created. This includes at least a name of the person, a public cryptographic key and data for the verification of an issuer of the certificate.

However, the method according to the invention can also be used for other purposes, for example as part of the opening of a business relationship between the person and a service provider, e.g. a financial service provider. With the aid of the method according to the invention, it is ensured that the service provider has knowledge of the actual identity of the person checked.

In either case, the method allows verification of identity without the person having to personally audition at a location (e.g., a counter) of the service provider or issuer of the certificate.

The method is used to verify the identity of a natural person (or several natural persons). If a natural person (or collectively a group of natural persons) is authorized to act for a legal entity, the process may also be used in the context of creating a digital certificate which is assigned to a legal person (eg a company, association or other entity) is. In this case, it advantageously includes the further step of examining the action entitlement of one or more natural persons for the corresponding legal entity. This verification may be based on evidence provided by the verified person (s) and / or information available on the server, e.g. from a directory or register.

An inventive device for checking the identity of a person, in particular for carrying out the inventive method comprises a) a platform server of a service provider, b) a plurality of connected via a data communication network to the platform server, modular third-party server, comprising at least: b1) one A document processing server for extracting an image of the person to be checked from an image of an identification document; b2) an image processing server for evaluating a correspondence between a first file having a visual representation of a person and an image of the person to be identified by means of a face recognition method; wherein the platform server receives data from a terminal of the person for extracting and decoding information from the received data, obtaining additional identification-relevant information and performing identification-relevant assessments in parallel and / or serial to the third-party servers and receives response data, and the platform server is controlled in such a way that it receives at least: - receives the image of the identification document from a terminal of the person to be checked via the data communication network; - forwards the image of the identification document to the document processing server and receives first information about the person to be checked as well as the extracted image of the person; - receives from the terminal via the data communication network, the visual representation of the person to be checked; - transmit the extracted image and the visual representation to the image processing server and receive a score of the match; evaluates predetermined criteria, at least to the evaluation of the agreement, and confirms a successful verification of the identity when the criteria are met.

The modular third-party servers may be servers of the service provider or of third parties. The servers can be physical or virtualized. In particular, communication with the platform server is through predetermined interfaces (e.g., SOAP or the like). The terminology "platform server", "document processing server", "image processing server" etc. does not mean that the servers have to be configured differently in terms of hardware, but they serve different purposes and are controlled differently at least at the software level.

Advantageously, to provide the information about the person to be checked for obtaining coded information, a machine-readable zone of the identification document is evaluated on the basis of the server received image of the identification document, and for obtaining the information, the coded information is decoded. "Decoding" in the present case can only mean that the encoded information is associated with multiple fields (e.g., name, date of birth, place of birth or hometown, etc.), but the information may also be in cipher form and deciphered. Furthermore, the information may also be present, for example, in graphically coded form (for example as a barcode, 2D code or QR code) and be converted into alphanumeric information by the decoding.

Alternatively or additionally, the information is obtained in other ways, e.g. manually entered by the person to be checked and transmitted from the terminal to the server via the data communication network or obtained from a third party (e.g., from a directory or registry).

If the identification document comprises a data memory which can be read by a terminal available to the person (for example a smartphone with NFC functionality), information present on this data memory can also be read out and transmitted to the server.

Preferably, a match between the information obtained from the machine-readable zone of the identification document and existing second information about the person is evaluated, and the evaluation of the match is included in the criteria to be met.

In this way it can be ensured that the presented identification document is actually assigned to the person to be checked, e.g. a name, date of birth, place of birth or hometown, or other information. Ultimately, only those information should be confirmed as validated (and confirmed as appropriate by means of a certificate), which have actually been verified and are not based solely on information provided by the individual.

Preferably, the visual representation of the person to be examined comprises several views of the person, in particular a cinematic representation of the person. Compared to a single view, this makes it difficult to attempt counterfeiting, and the reliability of the check can be increased. The several views of the person are, in particular, staggered and / or spatially different views. In addition, auditory information can also be recorded and transmitted to the server. But this can also be omitted.

In the context of the inventive method, additional information about the person can be received via the data communication network from the terminal, after which their assignment to the person is verified. This additional information may be entered by the person or otherwise provided on the terminal. It may be information (e.g., the address, membership in associations, etc.) whose assignment is to be confirmed, or may be e.g. Biometric information that allows for greater security of identity verification.

The confirmation of successful verification may be communicated to a third party along with at least a subset of the first information about the person. In particular, in the context of the transmitted information, it is noted which of the information is confirmed as correct (eg name, home address, e-mail) and which only as supplementary information (eg a transaction or customer number, additional information optionally entered by the person, etc.). available.

The information about the person to be checked may include address data of the person. The verification of the assignment of the address data to a name of the person can be done by at least one of the following steps: a) matching the address data and the name with an address database or a publicly accessible register; b) receiving from the terminal to the server via the data communication network transmitted image of a billing document, which includes name and address information, in particular a billing document of a trusted biller, extracting the name and address information and matching the address data and the name with the name and address information; c) receiving a confirmation code on the server, wherein the confirmation code of the person has been delivered by mail on the basis of the address data and wherein a confirmation of the successful verification of the identity takes place only if there is a match of the confirmation code with the delivered confirmation code.

To be able to verify the assignment on the basis of an accounting document, the third-party servers advantageously comprise a second document processing server for extracting name and address information from an invoice document, the platform server being controlled to receive one of the person's terminal via the data communication network Transferring an accounting document to the second document processing server and receiving the extracted name and address information and an evaluation of the authenticity of the accounting document, after which the platform server reconciles the address data and the name with the name and address information.

The illustration of the invoice document can be created directly in the context of the inventive method, in particular with an integrated in the terminal or connected to this camera. If necessary, the mapping can be created directly from the locally running application. Alternatively, a previously created with the terminal or transmitted to this image of the invoice document can be used. For security reasons, it can be advantageous if the mapping can only take place in real time and exclusively with a dedicated application.

In particular, the trusted biller is an invoice from a provider of a public nature, e.g. A provider of electricity, water, gas, telephone or similar invoices are suitable, provided they include the name of the person to be checked and an address (or other information) of the person to be checked, which is to be confirmed in the process. The method may additionally provide that, for the purpose of checking the authenticity of the invoice document, a request is made to the trusted biller online via a corresponding interface. In this case, for example, the database of the biller is used to check whether a customer or transaction number on the bill corresponds to the number stored in the database and / or is assigned to the correct name.

In a preferred embodiment, the server may receive information about a person-initiated electronic money transfer, after which a match of the information with the first information is verified.

In this case, the third-party servers advantageously further comprise a transaction server for processing electronic money transfer and for communicating electronic money transfer information to the platform server, the platform server being controlled to compare this information upon receipt of the information existing information about the person to be checked.

The server can initiate the electronic money transfer via the data communication network on the terminal of the person. The actual process is then triggered as usual by the person or at least confirmed. The initiation or at least the payment process can be done via the transaction server or another server.

The money transfer is also preferably a debit card debit, a Sofortbezahlvorgang or another, inference to the paying party giving, executed at short notice payment process. In the short term, here it means that it is a payment transaction which occurs during a typical online transaction, e.g. a purchase in a webshop, can be completed completely, e.g. that the financial statements, including notification to the payee, are made within 5 minutes or faster.

In the context of the inventive method, a comparison of the person in the review process attributable information with publicly available information about this person, in particular with information from social electronic networks, carried out, the comparison provides a degree of agreement, which in the to be fulfilled Incorporates criteria.

Advantageously, the third-party servers further comprise a social media server for collecting information relating to the person to be checked on one or more social networks and for generating a degree of agreement of the collected information with the existing information about the person.

For matching, search algorithms are automated to one or more information sources, e.g. Social media channels, applied. The information obtained is then checked to see if it shows an assignment of the relevant information to the person to be checked.

The server may preferably receive location data and optionally calendar and / or contact data via the data communication network from the terminal, after which a comparison of the location data and optionally the calendar and / or contact data with information available on the server, in particular to a residential and / or workstation address of the person, the reconciliation provides a measure of conformity, which flows into the criteria to be met.

In this context, the third-party servers advantageously further comprise a matching server for matching location data associated with a terminal of a person and optionally calendar and / or contact data with personal information, in particular a residential and / or workstation address, and for generating a corresponding degree of agreement in which the platform server is controlled in such a way that it transmits the location data received from the terminal of the person to be checked via the data communication network and optionally calendar and / or contact data to the matching server, receives the corresponding measure of conformity and includes this in the evaluation of the predetermined criteria.

On the basis of the location data, for example, frequent locations of the user of a mobile terminal can be determined. If these correspond to the assumed place of residence or the place of work of the person to be checked, this is proof of the correct assignment of residence or place of work. When evaluating the movement profile, various criteria can be defined depending on the occupational activity (office work, field service). By means of time and calendar information as well as contact data, the assignment of the place of residence and / or work and / or further information to be confirmed can be further checked.

Preferably, the server receives a transaction number which has been transmitted to the person to be checked via a connection independent of the connection between the server and the terminal and which is present on the server, wherein a confirmation of the successful verification of the identity only occurs if a match the received with the present on the server transaction number.

A "transaction number" does not necessarily have to be information which is present as a numeric character string. It may also be in another form, which may be represented by a transaction number, e.g. as an alphanumeric string or in graphic form according to a defined representation.

The transaction number may in particular be transmitted to the person to be checked in one of the following ways: via a short message (SMS) or another private short message service (e.g., WhatsApp or the like) (mTAN); - by post (e.g., as TAN list or indexed TAN list iTAN); - by phone; - via the Internet to a terminal other than that used in the verification procedure; via a specially protected connection to the used terminal, e.g. as a push TAN in a dedicated application (preferably protected by a password).

The transaction number can also be generated by a TAN generator in the person to be checked. Such devices produce regularly or on demand new TANs.

From the following detailed description and the totality of the claims, there are further advantageous embodiments and feature combinations of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS The drawings used to explain the embodiment show:

Fig. 1 is a schematic representation of a device for carrying out a method according to the invention; and

Fig. 2 is a schematic representation of the sequence of the inventive method.

Basically, the same parts are provided with the same reference numerals in the figures.

Means for Carrying Out the Invention A device for carrying out a method according to the invention is shown schematically in FIG. The device comprises a platform server 10 of a service provider 3 and a terminal 2 of a person 1 whose identity is to be checked. The terminal 3 and the platform server 10 are both connected to the Internet 4 and exchange data about this.

Also connected to the Internet 4 are multiple servers that perform particular tasks in the context of the inventive method. The servers can be operated by the service provider 3 or by third-party service providers, they can be designed as physical servers, virtualized servers or software modules. The servers can exchange 4 data with the platform server 10 via the Internet. The servers are a first document processing server 20, an image processing server 30, a second document processing server 40, a transaction server 50, optionally additionally a social media server 60 and / or a matching server 70. Finally, there is a certificate server 80, which is electronic Can issue certificates confirming the identity of a person.

2, the sequence of the inventive method is shown schematically. It is anticipated that a person may wish to establish a business relationship with a financial institution or obtain an electronic certificate for confirmation of their identity (e.g., for legal signing of digital documents). In the case described, this person uses her mobile terminal 2 (smartphone or tablet), which has an Internet connection and on which a dedicated application (app) is installed for carrying out the method. The person thus opens the app and requests the implementation of the identification to open a business relationship or to create a digital certificate.

The person is prompted by the app to photograph an approved identification document (e.g., passport, identity card, driver's license, alien card, or the like) with the camera of the mobile terminal 2. The recording 101 is automatically forwarded to the platform server 10 via the Internet.

The person can capture further person-identifying data 102, which is also transmitted to the platform server 10 and verified in the further course of the process.

The person is further requested to record with the camera of the mobile terminal 2 a video 103 of a certain minimum length, in which at least the head of the person is visible and which shows predetermined views. This video 103 is also transmitted automatically to the platform server 10.

The platform server 10 forwards the capture 102 of the identification document to the first document processing server 20. This extracts the image 104 of the person contained in the identification document as well as the information 105 contained in a machine-readable zone (MRZ) of the document and returns both to the platform server 10.

The platform server 10 forwards the image 104 extracted from the identification document and the video 103 received from the terminal to the image processing server 30. This evaluates a correspondence between the recording and the video, based on a known face recognition method, as described, for example, by R. Brunelli and T. Poggio, "Face Recognition: Features versus Templates", IEEE Trans, on ΡΑΜΙ, 1993, (10) 10: 1042-1052, or one of the numerous articles published since then. Corresponding software is commercially available. The image processing server 30 returns a match metric 106 or, optionally, an error message, e.g. if the resulting shot or video has qualitative defects. In the described method the measure is bivalent: «Agreement established», «Agreement not established». If the match could not be determined, the requesting person is informed accordingly by the platform server via their terminal. She can restart the process and in particular use another identification document and create a new video recording. If the match is found, the procedure continues with the steps outlined below.

In the context of the described method, the residence address of the person should also be checked. If the address is included in the presented identification document and could be extracted by the first document processing server 20, it will be displayed in the app on the terminal 2 of the person and asked to indicate whether it is the current residence address to be confirmed. If this is not the case or if the address could not be determined, the person can enter the address 107 manually in the app. The address 107 is then transmitted to the platform server 10.

In the app, the person is then asked to make with the camera integrated in the terminal a recording 108 of a bill document of a plurality of trusted billers, the bill document contains the person's address to be confirmed. The receptacle 108 is in turn automatically transmitted to the platform server 10 and is forwarded by the latter to a second document processing server 40. It is automatically determined from which biller the bill comes from and it is checked based on stored features, whether the bill is to be classified as genuine. If so, the recipient's name 109 and the corresponding address information 110 are extracted and transmitted to the platform server 10. If the authenticity of the invoice can not be confirmed, if the invoice is from an unauthorized biller or if other errors have occurred, an error message is sent to the platform server.

In the case of received name and address information is checked whether the name matches the name of the person to be checked and if so, whether the address information matches the address to be confirmed. If this is the case, ultimately the residence address can be confirmed.

In order to secure the identity of the requesting person, this is subsequently requested in the app to make an electronic money transfer to an operator of a transaction server 50. For this purpose, a small amount of money is transferred by means of a standard online payment directly from the app from a personalized account of the person to an account of the operator. After verification, the transfer can optionally be canceled or the amount refunded. The transaction server 50 forwards the received payee information 111 to the platform server 10. There it is checked whether this information, in particular the name (possibly also an address) with the person to be checked match.

If this check is also successful, the business relationship with the financial institution can be opened or the certificate can be created. In the second case, before issuing the certificate, the requesting person is informed of the conditions attached and asked to confirm the exhibition.

Based on the successful verification of the identity of the person an electronic certificate 113 is then generated on the certificate server 80 according to an on the certificate server 80 of the service provider itself or another service provider transmitted request from the platform server 10, which the identity of the certificate assigned Person confirmed. It is used in particular for legally valid signing of electronic documents or for proof of identity in online transactions. The certificate contains the following information: a. a serial number; b. the indication that this is a certificate (if applicable with indication of the type of certificate); c. the name or designation of the person who owns the associated private cryptographic key; if there is a possibility of confusion, the name or designation is given a distinguishing addition; d. if applicable, a pseudonym supplementing or replacing the name; e. In the case of companies, an identifier identifying this, in Switzerland z. Eg the so-called company identification number (UID); f. the public cryptographic key; G. the validity period; H. the name, the country of establishment and a forgery-proof electronic seal of the issuer of the certificate.

The certificate 113 (or a link thereto and optionally supplementary information) is then transmitted via platform server 10 to the terminal 2 of the person.

The invention is not limited to the illustrated embodiment. Thus, the method z. B. on a notebook computer or a stationary terminal (eg., A desktop computer) run. Instead of a dedicated application installed on the terminal, a web application can be used.

As mentioned above, not all identification steps need to be performed. Which of the identification steps are to be carried out can also be determined dynamically during the course of the method, in particular as a function of an already achieved security level and / or depending on the data assigned to the person whose correctness is to be confirmed.

Claims (18)

Instead of based on an invoice (or in addition thereto), the address data can be verified by comparison with address databases or with other public registers, with a trusted private database or such a directory. As already described above, social media data and / or location, calendar or contact data can additionally be included on the terminal of the person. The latter data may be transmitted from the person's terminal to the platform server, as long as the person expressly authorizes the transmission on their terminal. In summary, it should be noted that the invention provides a method for verifying the identity of a person, which enables efficient identification and has high availability. claims A method for verifying the identity of a person on a server of a service provider, wherein a terminal of the person is connected via a data communication network with the server, comprising the following steps, which are brought fully automatically: a) receiving a from the terminal to the server via the Data communication network transmitted image of an identification document; b) providing information about the person to be checked on the server; c) extracting an image of the person to be identified from the image of the identification document received by the server; d) receiving a transmitted from the terminal to the server via the data communication network file with a visual representation of the person to be checked; e) evaluating a match between the file received on the server with the visual representation of the person and the image of the person to be identified by means of a face recognition method; f) Confirmation of a successful verification of identity, if given criteria, at least to the agreement, are met. 2. The method according to claim 1, characterized in that to provide the information about the person to be checked for obtaining coded information, a machine-readable zone of the identification document is evaluated on the basis of the server received image of the identification document and that decoded for obtaining the information encoded information become. 3. Method according to claim 2, characterized in that a correspondence between the information obtained from the machine-readable zone of the identification document and existing second information about the person is evaluated and that the assessment of the correspondence flows into the criteria to be met. 4. The method according to any one of claims 1 to 3, characterized in that the visual representation of the person to be examined comprises several views of the person, in particular that it comprises a cinematic representation of the person. 5. The method according to any one of claims 1 to 4, characterized in that are received via the data communication network from the terminal additional information about the person, and that their assignment to the person is verified. 6. The method according to any one of claims 1 to 5, characterized in that the confirmation is transmitted together with at least a subset of the first information about the person to a third party. 7. The method according to any one of claims 1 to 6, characterized in that the information about the person to be checked address data of the person include and that a review of the assignment of the address data to a name of the person by at least one of the following steps: a) matching the address data and the name with an address database or a publicly accessible register; b) receiving from the terminal to the server via the data communication network transmitted image of a billing document, which includes name and address information, in particular a billing document of a trusted biller, extracting the name and address information and matching the address data and the name with the name and address information; c) receiving a confirmation code on the server, wherein the confirmation code of the person has been delivered by mail on the basis of the address data and wherein a confirmation of the successful verification of the identity takes place only if there is a match of the confirmation code with the delivered confirmation code. 8. The method according to any one of claims 1 to 7, characterized in that the server receives information about a triggered by the person electronic money transfer and that a match of the information with the first information is checked. 9. The method according to claim 8, characterized in that the server initiates the electronic money transfer via the data communication network on the terminal of the person and that it is preferably a transfer of a debit card, a Sofortbezahlvorgang or another in the money transfer, inference to the paid Party-giving, short-term payment transaction is. 10. The method according to any one of claims 1 to 9, characterized in that a comparison of the person in the context of the verification process attributable information with publicly available information about this person, in particular with information from social electronic networks, is carried out, the comparison provides a degree of agreement , which flows into the criteria to be met. 11. The method according to any one of claims 1 to 10, characterized in that the server locating data and optional calendar and / or contact data are received via the data communication network from the terminal, after which a comparison of the location data and optionally the calendar and / or contact data with the information available to the server, in particular to a residential and / or workstation address of the person, the adjustment provides a measure of conformity, which flows into the criteria to be met. 12. The method according to any one of claims 1 to 11, characterized in that the server receives a transaction number which was transmitted to the person to be checked via a connection independent of the connection between the server and the terminal and which is present on the server, wherein an acknowledgment the successful verification of the identity takes place only if there is a match between the received and the transaction number present on the server. 13. A method for generating a digital certificate for confirming the identity of a person assigned to the certificate, characterized by the following steps: a) carrying out a method for checking the identity of the person according to one of claims 1 to 12; b) creating a digital certificate comprising at least a name of the person, a public cryptographic key and data for verification of an issuer of the certificate. 14. A device for verifying the identity of a person, comprising a) a platform server of a service provider, b) a plurality of modularly connectable third-party servers connected to the platform server via a data communication network, comprising at least: b1) a document processing server for extracting an image of the person to be checked from a picture of an identification document; b2) an image processing server for evaluating a correspondence between a first file having a visual representation of a person and an image of the person to be identified by means of a face recognition method; wherein the platform server receives data from a terminal of the person for extracting and decoding information from the received data, obtaining additional identification-relevant information and performing identification-relevant assessments in parallel and / or serial to the third-party servers and receives response data, and the platform server is controlled in such a way that it receives at least: - receives the image of the identification document from a terminal of the person to be checked via the data communication network; - forwards the image of the identification document to the document processing server and receives first information about the person to be checked as well as the extracted image of the person; - receives from the terminal via the data communication network, the visual representation of the person to be checked; - transmit the extracted image and the visual representation to the image processing server and receive a score of the match; evaluates predetermined criteria, at least to the evaluation of the agreement, and confirms a successful verification of the identity when the criteria are met. An apparatus according to claim 14, characterized in that the third-party servers further comprise a second document processing server for extracting name and address information from an accounting document, the platform server being controlled to display an image received from the person's terminal via the data communication network of an accounting document is transmitted to the second document processing server and receives the extracted name and address information and an evaluation of the authenticity of the accounting document, whereafter the platform server carries out a comparison of the address data and the name with the name and address information. The apparatus of claim 14 or 15, characterized in that the third party servers further comprise a transaction server for handling electronic money transfer and for communicating electronic money transfer information to the platform server, the platform server being controlled to receive the information upon receipt makes a comparison of this information with existing information about the person to be checked. A device according to any one of claims 14 to 16, characterized in that the third-party servers further comprise a social media server for collecting information relating to the person to be checked on one or more social networks and for generating a degree of agreement of the collected information with the existing information about the person. 18. The device according to claim 14, characterized in that the third server further comprise a matching server for matching a terminal of a person associated with location data and optional calendar and / or contact data with personal information, in particular a residential and / or workstation address, and for generating a corresponding degree of conformity, wherein the platform server is controlled such that it transmits from the terminal of the person to be checked via the data communication network received location data and optional calendar and / or contact data to the matching server, receives the appropriate degree of conformity and this includes in the evaluation of the predetermined criteria ,