CH717006B1 - Procedure for user identification. - Google Patents

Abstract

A computer-implemented method for identifying a user using an identification document (1) comprises the following steps: receiving first data from a terminal (2) on an identification server (3), the first data including a photograph (11) of the user and a security feature ; Checking an authenticity of the identification document (1) based on the security feature; receiving second data from the terminal (2) on the identification server (3), the second data depicting a part of the user's face; Checking a match of the user with a holder of the identification document (1) by determining a similarity between the photograph (11) and the user's facial area; if the results of the checks are positive, the identification server (3) accepts the identification of the user as correct.

Description

field of invention

The invention relates to a computer-implemented method for identifying a user using an identification document and an associated system.

background

In the case of processes or actions to which only a specific person is entitled or in which the determination of the identity of a person is central, the problem of identifying the person regularly arises. Examples are opening a bank account, purchasing a SIM card for a mobile phone or performing certain services with public authorities. Conventionally, the identification is carried out in the presence of the person and using an identification document, e.g. an ID card, an identity card or a passport.

In the case of identification without the person being present, e.g. via the Internet, there is a challenge in being able to determine the identity of the person reliably and without any doubt even without looking at the person and the identification document. In particular, a method for identification should therefore offer as few opportunities for manipulation as possible.

It is therefore an object of the present invention to provide a method with which a person can be identified reliably and unequivocally, even if the person cannot be identified visually by another person.

Presentation of the invention

The object is achieved by a computer-implemented method for identifying a user using an identification document according to claim 1. Identification is understood here in particular as determining the identity of the user or, in other words, verifying that the user is the one to whom he is assigned pretends to be The identification document can be, for example, an ID card, an identity card, a biometric ID card, a passport or a driver's license.

The method comprises the following steps, in particular in the order given: Receiving first data from a terminal on an identification server, the first data comprising a photo of the user and a security feature: The terminal is preferably a device available to many users, e.g. a mobile phone, a notebook or a desktop PC with a camera for Acquisition of image data. The identification server preferably includes a system for data processing at a party interested in identification or at an external service provider. The photograph is usually a portrait or passport photo of a holder of the identification document. In particular, the photo and the security feature are integral parts of the identification document.

In one embodiment, the first data is at least partially stored on a chip of the identification document, e.g. on a biometric ID card or passport. The security feature can include an electronic signature, in particular a digital signature. The first data with photo and security feature can then preferably be read out digitally by the terminal. For this purpose, the end device has an NFC sensor, for example. Checking the authenticity of the identification document using the security feature: If the security feature includes an electronic signature, it makes sense for this step to include checking the authenticity and integrity of the first data using the electronic signature. Authenticity means in particular that the first data actually comes from an alleged issuer of the identification document, e.g. from a passport issuing authority. Integrity means in particular that the first data has not been manipulated, i.e. it is still the original data that the issuer saved on the chip. In particular, the digital signature can be used to check the authenticity. A certificate required to check the electronic or digital signature can be obtained, for example for Swiss passports, from the website of the Federal Office for Information Technology and Telecommunications. In general, the signature and the certificate together form a "trust chain" in which one end is securely anchored to the issuing authority of the identification document and the other end is securely stored on the identification document Receiving second data from the terminal on the identification server, the second data depicting a part of the user's face: The second data thus include in particular a depiction that shows at least part of the user's face. The second data is preferably generated while the method for identification is being run through. In particular, the second data thus includes a photograph of a part of the face that the user creates of himself while the method is running, advantageously with the camera of the mobile radio device.

[0008] To prevent manipulations, it is also advantageous that liveness detection is carried out when the second data is created, that is to say in particular that it is determined that the second data actually depicts the user's facial area at the current time. In this way, it can be avoided, for example, that a photo of the owner of the identification document is transmitted as second data, but which does not match the user. Checking that the user matches the owner of the identification document by determining a similarity between the photo and the user's facial area: The similarity is determined by image processing methods, e.g. by correlation, by feature detection or by a distance metric, determined with statistical Methods, e.g. neural networks. if the results of the checks are positive, the identification server recognizes the user's identification as correct: the checks relate in particular to checking the authenticity of the identification document and checking that the user matches the owner of the identification document, as described above. Further checks that are advantageously performed prior to accepting the identification as correct are described below as preferred embodiments. If the user's identification is recognized as correct, the identification server preferably issues a signal which confirms the correct identification and is in particular a prerequisite for further steps such as opening a bank account.

Such a method has the advantage that the user can identify himself from a remote location. In particular, the user does not have to go to a local bank branch when opening a bank account, for example, but can carry out the identification using their identification document and their end device, e.g. a smartphone, to save time.

In the event that the security feature includes an electronic signature that is stored on the chip of the identification document, the security of the method is further increased since the electronic signature is an additional security feature that is difficult to forge or manipulate. By including the electronic signature stored on the chip, when checking the identification document for online identification in some countries, e.g. Switzerland, security measures such as an account transfer of e.g.

However, the above method can also be carried out with an optical security feature, as described below, or include a combination of optical security feature and electronic signature as a security feature.

In one embodiment, the method, in particular according to claim 3, comprises the following steps, in particular in the order given: Receiving first data, in particular first image data, from a terminal device on an identification server, the first image data depicting at least part of the identification document with a photograph and a security feature, in particular an optical security feature: The terminal device is preferably a device that is available to many users, e.g. a mobile phone, a notebook or a desktop PC with a camera for recording image data. The identification server preferably includes a system for data processing at a party interested in identification or at an external service provider. In one embodiment, the first image data includes a photograph of a page of the identification document. A security feature is understood to mean a feature of the identification document that proves the authenticity of the identification document, especially since it is difficult for unauthorized persons to reproduce or manipulate. Typical optical security features are an engraving, an embossing, a security thread, a kinegram, a hologram or an optically variable device (OVD). Checking the authenticity of the identification document by comparing the security feature depicted in the first image data with generally valid properties of the security feature: The security feature is advantageously characterized by a property that is difficult, i.e. only with great effort, to be reproduced or manipulated and that is public or at least trained known to staff so that the existence of the property can be easily verified. The property can, for example, be a quality of the material or an appearance of the security feature. In other words, the generally valid properties are given with the definition of the security feature by an issuer of the security feature or follow directly from the definition. The generally applicable properties are therefore implemented in particular in every security feature that follows the definition. Extracting the photograph from the first image data: The photograph is typically a portrait or passport photograph of a holder of the identification document. In one embodiment, the light image is extracted from the first image data, in particular the photo, by an image processing method, e.g. edge detection or classification. The extraction of the photograph can be performed on the identification server or on the terminal. The extraction step can also be carried out at a different point in time, e.g. before the first image data is received or after the following step. Receiving second data, in particular second image data, from the terminal device on the identification server, the second image data depicting a part of the user's face: the second image data thus include in particular an image showing at least part of the user's face. The second image data are preferably generated while the method for identification is being run through. In particular, the second image data thus includes a photograph of a part of the face that the user creates of himself during the runtime of the method, advantageously with the camera of the mobile radio device. In order to prevent manipulations, it is also advantageous for liveness detection to be carried out when the second image data is created, ie it is determined in particular that the second image data actually depicts the user's facial area at the current point in time. In this way, it can be avoided, for example, that a photo of the owner of the identification document is transmitted as the second image data but does not match the user. Checking that the user matches the owner of the identification document by determining a similarity between the photo and the user's facial area: The similarity is determined by image processing methods, e.g. by correlation, by feature detection or by a distance metric, determined with statistical Methods, e.g. neural networks. if the results of the checks are positive, the identification server recognizes the user's identification as correct: the checks relate in particular to checking the authenticity of the identification document and checking that the user matches the owner of the identification document, as described above. Further checks that are advantageously performed prior to accepting the identification as correct are described below as preferred embodiments. If the user's identification is recognized as correct, the identification server preferably issues a signal which confirms the correct identification and is in particular a prerequisite for further steps such as opening a bank account.

Advantageous embodiments include the following features: In one embodiment, the method also includes the steps - determining identity data from the first image data: Identity data can include, for example, a name, an address, a date of birth or an identification number of the owner of the identification document. Identity data can in particular be determined from the first image data using image processing methods, e.g. with text recognition. This step can also include the assignment of further identity data to the identity data determined directly from the image data, in particular by retrieving the further identity data from a database in which they are linked to the determined identity data. - If the results of the checks are positive, assigning the identity data to the user: If the identity data are determined from the image data, the user does not have to enter them in a time-consuming manner. This enables the identity data to be ascertained in a time-saving manner, in particular also in a standardized form as is present on the identification document and/or in the database.

In a further embodiment, the method additionally comprises the steps Determining a type of identification document: The type can be, for example, an ID card, an identity card, a passport or a driver's license. Furthermore, the type can be marked by an institution issuing the identification document, e.g. a national authority. The type can in turn be determined using image processing methods, e.g. feature detection and classification with statistical models, or also banal via user input. Loading of the generally applicable properties of the security feature belonging to the type of identification document: The presence of at least one specific security feature in a precisely defined form is usually associated with the type of identification document. Thus, when the type is determined, the security features present in this type and their properties can be loaded from a database, for example.

The next two embodiments relate to the nature of the security feature and how this can be used in the method for identification: The security feature is preferably made in such a way that it looks different from different perspectives, in particular that a color or a color changes in the security feature displayed shape changes. In order to be able to check this feature, the first image data includes a number of images of the security feature from different perspectives. Examples of such a security feature are a kinegram, a hologram or an OVD The multiple images from different viewing angles are achieved in particular by tilting the terminal device relative to the identification document or by moving the terminal device relative to the identification document between the images. When taking the multiple images, the user is preferably guided by instructions being output on the terminal device.

Alternatively or additionally, the security feature of the identification document can be such that it looks different when the lighting changes, in particular that a color or a shape represented in the security feature changes. In order to be able to check this feature, the first image data includes a number of images of the security feature with different lighting, in particular with different brightness of the lighting. Examples of such a security feature are in turn a kinegram, a hologram or an OVD.The lighting of the security element is therefore preferably changed between the recording of the images, whether by dimming or switching a light source on/off, by changing the angle to the incident light, by a Change in distance to a light source etc.

In one embodiment, the end device is a mobile device with a light source with at least two brightness levels. At least two images of the first image data are correspondingly recorded at different brightness levels of the light source. As available to many users, the terminal is preferably a mobile phone with a flash.

[0018] Further advantageous embodiments are characterized by at least one of the following properties: the security feature includes at least one of the following features: a frame around the photograph, a pattern or an engraving, the security feature is at least partially attached to the photograph and includes in particular one of the above features, the security feature comprises an OVD or a kinegram.

Another aspect of the invention relates to an identification server comprising a processor adapted to carry out the method described. A further aspect relates to a computer program product, comprising program code which, when executed by the identification server, causes the latter to carry out the method described.

Brief description of the drawings

[0020] Further configurations, advantages and applications of the invention result from the dependent claims and from the following description with reference to the figures. The figures show: FIG. 1 an identification document, a terminal and an identification server in an embodiment of the invention; FIG. 2 shows a flowchart with a method for identifying a user according to an embodiment of the invention; FIGS. 3 to 5 each show an identification document and a terminal in further embodiments of the invention; FIG. 6 shows an identification document, a terminal and an identification server in a further embodiment of the invention; FIG. 7 shows a flowchart with a method for identifying a user according to a further embodiment of the invention.

Ways to carry out the invention

Figure 1 shows elements that are used in a method according to an embodiment of the invention: an identity card (ID card, identification document) 1, a mobile phone (terminal) 2 and a server (identification server) 3. The ID card 1 is, for example, the Swiss ID and comprises a passport photo 11, a frame 12 around the passport photo 11, an engraving 13, e.g. the number "13", and a pattern 14 of lines which partially run across the passport photo 11. Certain properties of frame 12, engraving 13 and pattern 14 are precisely defined by the issuer of ID card 1, e.g. the type of transition from passport photo 11 to frame 12, the nature and arrangement of engraving 13 and the course of the lines of the pattern 14. These elements can thus be used as security features, by means of which anyone, or at least a person who knows the specific properties, can check the authenticity of the ID card 1.

Furthermore, the ID card 1 in FIG. 1 includes a kinegram 15, the shape of which is reminiscent of a rock crystal in the case of the Swiss ID. The kinegram 15 also serves as a security feature since it has defined properties and is difficult to reproduce. In addition, the ID card 1 includes identity data 16, in the case shown the name "Hans Meier". In general, other identity data 16 can also be noted on the ID card 1 in addition or as an alternative, e.g. an ID number or address. Advantageously, the identity data 16 includes machine-readable characters such as are present on a machine-readable passport according to ICAO Standard Document 9303 or ISO/IEC 7501-1 in a machine-readable zone provided for this purpose (machine-readable zone, MRZ). The ID card 1 can also have a different shape and include other elements, in particular in a different arrangement. On the other hand, the defined and standardized properties of the ID card 1 of a specific type, e.g. a Swiss ID, are always the same, and these are what make it possible to check for authenticity.

The mobile phone 2 in Figure 1 includes a camera 21 for taking pictures and / or videos in a field of view 22 of the camera 21 and a flash (light source) 23. The server 3 includes a processor for executing the method and the necessary permanent and temporary storage. The server 3 is normally located at the institution that is interested in identifying the user, i.e. in the case of an account opening, e.g. at the bank or at an authority. Alternatively, the server 3 can also be outsourced to a service provider who carries out the identification on behalf of the institution and at the end of the process passes on information to the institution as to whether the user has been correctly identified or not. To carry out the method, the server 3 has a data connection 31 to the mobile phone 2, which is particularly suitable for transmitting images and/or videos and includes at least one of the following connection types: mobile radio, WLAN, Bluetooth, LAN, Ethernet cable.

A method according to an embodiment of the invention, which can be carried out with the arrangement of Figure 1, is shown in Figure 2 as a flow chart. In step S1, the user who wants to identify himself to the institution uses the camera 21 of the mobile phone 2 to take a first picture of his ID card 1, on which the passport photo 11 and at least one of the security features 12 to 15 are shown. The first image is sent from the mobile phone 2 to the server 3 via the data connection 31 and is received by the server in step S2. In step S3, the authenticity of the ID card 1 is checked on the server 3 using security features depicted in the first image.

In one embodiment, the security features 12 to 14 that are associated with the photograph 11 are used for the check in step S3. In particular, it is checked whether, alternatively or cumulatively, the frame 12, the engraving 13 and/or the pattern 14 has general properties that follow from the definition of these elements. If this is not the case, the ID card is classified as fake, the identification process is aborted and negative identification information is output in step S0. Alternatively or cumulatively, the kinegram 15 can also be checked by comparing its depiction in the first image with generally valid properties.

The generally applicable properties are implemented as at least one criterion that can be tested using image processing methods based on the first image. The generally valid properties can relate to the definition of the security feature itself, e.g. a precise geometric arrangement of the pattern 14, or to an optical effect which is caused by the security feature in a defined form and is visible in the first image, e.g. a color effect or a color change in the case of several images from the kinegram 15. The generally applicable properties and criteria can be set up on the one hand on the basis of the definition of the security feature. On the other hand, they can be set up by artificial intelligence using machine learning methods, e.g. by neural networks. In particular, the universal properties and the criteria are established through supervised learning by showing the artificial intelligence various real and fake ID cards, each together with the information whether the ID card is real or fake, i.e. counterfeit. In this way, resilient and reliable criteria for the authenticity check can only be defined on the basis of the first image.

If the ID card 1 is classified as genuine in step S3, the user takes a second picture of himself in step S4 of FIG. 2, on which his face or at least part of his face can be seen. The second image is in turn sent from the cell phone to the server 3 via the data connection 31 and is received by the latter in step S5. In step S6, a check is made as to whether the person depicted in the second image matches the owner of the ID card 1, ie in particular is the same person as in the photograph 11. For this purpose, the photograph 11 is extracted from the first image. The extraction can already be carried out beforehand and in particular already on the mobile phone 2 . In this case, the server 3 receives the extracted light image 11 from the mobile phone 2, for example in step S2 together with the first image or in step S5 together with the second image.

The verification of the identity of the user with the holder of the ID card in step S6 is done by determining a similarity between the photograph 11 and the face or part of the face on the second image. The second image is advantageously replaced by a video or two second images, so that it can be determined that the person depicted in the second image is actually sitting live in front of the mobile phone 2 and is not just depicted in a photo that another person has in the Camera 23 stops. This is done, for example, by the user moving during the video or between the two second images and then checking whether the movement is realistic (motion detection). Alternatively, such a liveness detection can also be achieved via further sensor data of the mobile phone 2, e.g. by including a proximity sensor.

If the similarity between the face in the photograph 11 and the face in the second image does not exceed a certain level, the identification of the user is classified as incorrect, the identification process is aborted and negative identification information is output in step S0. However, if the similarity exceeds the certain level, the identification of the user is classified as correct and corresponding positive identification information is output in step S7.

The method described is preferably implemented in a computer program that runs on the server 3 . This communicates via the data connection 31 with an application (app) or a web application in the browser (web app) on the mobile phone 2. The app is advantageously designed in such a way that it guides the user through the identification process, i.e. in particular outputs instructions when and how to take the first and second picture or video. Furthermore, it is advantageous that the app is implemented in a secure manner, that is to say in particular that it prevents the first and/or second image or video and possibly the extracted light image from being manipulated.

Basically, the user enters his personal data, e.g. name, address, date of birth, e.g. at the beginning of the method in step S1 in the app. The data is also transferred to server 3 and verified there, e.g. by comparison with a recognized personal database, e.g. Swiss Post.

Instead of entering the personal data manually, an optional extension of the method in FIG. 2 makes use of the identification data 16 on the ID card 1: the identification method starts in step S1 with the recording of the first image and without entering personal data. This data is then extracted from the first image, which also depicts the identification data 16 . This can happen in step S2 or S3, for example. In addition, the server 3 can compare or enrich the extracted data with further data from a connected database. This is particularly helpful when not all of the identification data 16 can be correctly extracted from the first image.

Figures 3 to 5 show further embodiments of the method that make use of the universal properties of the kinegram 15 to check the authenticity of the ID card 1 advantage. The corresponding checks can therefore be implemented additionally or alternatively in step S3 of FIG. However, they also affect how the user takes the first picture or several first pictures or a first video with his mobile phone 2 in step S1, which are then received by the server 3 in step S2.

Figure 3 refers to the property of the kinegram 15 to show different colors or different shapes from different viewing angles. Due to the standardized definition of the kinegram 15, this always happens in a similar way, so that in turn, general properties and criteria can be derived from it as to what a real kinegram looks like on an image or video from a specific perspective.

Correspondingly, according to Figure 3, the user is asked to take two first pictures of the ID card 1 from different angles or a first video, during which the user tilts the ID card 1 or the mobile phone 2 relative to the ID card 1 emotional. The tilting 24 of the ID card 1 about a defined axis, e.g. horizontal or vertical, is particularly practical, since the user generally has to carry out the movement process as precisely as possible according to the instructions of the app, so that the generally applicable properties of the kinegram 15 are actually reflected in the first images or can be found in the first video.

Figure 4 shows a variant of tilting 24 in Figure 3. Here the user takes two first pictures at different distances between ID card 1 and mobile phone 2 or a first video, during which he carries out such a change in distance 25, either the ID card 1 or the mobile phone 2 moves relative to the other object. In this case too, characteristic color or shape changes of the kinegram 15 can be determined in the first images or the first video, which can be used in the check in step S3. This is due in particular to the change in the lighting and/or the field of view 22 of the camera 21 relative to the incident light.

Figure 5 represents a further variant, no relative movements 24 or 25 as in Figures 3 and 4 are necessary, but the illumination of the ID card 1 is changed between the at least two first images or during the first video. The flash 23 of the cell phone 2 is particularly suitable for this purpose, which is controlled in such a way that it produces different levels of brightness on the first images or during the first video. This embodiment is particularly easy to implement, for example by taking two first pictures from the app at a short distance, the flash 23 being switched on in one picture and off in the other picture. In addition, the brightness of the flash 23 can be controlled by the app in more than two stages, so that further optical effects of the kinegram 15 become visible on the first images or the first video.

Figure 6 shows (similar to Figure 1) elements that are used in a method according to a further embodiment of the invention: a biometric passport or ID card 1a, a mobile phone (terminal) 2 and a server (identification server) 3. The biometric Passport 1a comprises a chip 17 on which are usually stored personal data of the user, such as surname, first name, address and date of birth, as well as fingerprints and a photograph of the user's face. The chip 17 can be read electronically via a wireless connection 27, e.g.

Furthermore, an electronic, in particular digital, signature is stored on the chip 17 as a security feature, which was created by the passport authority when the passport 1a was issued. The authenticity and integrity of the data on the chip 17 can be checked with this signature. Reading the chip 17 thus represents a reliable way of checking the authenticity of the biometric passport 1a. Furthermore, by reading the chip 17, the photograph 11 and the user's personal data are available electronically in good quality.

In comparison to the method of FIGS. 1 and 2, in principle there is no need to photograph the passport 1a and check the optical security features 12-15 in FIG. However, a combination with the method described with reference to FIGS. 1 and 2, ie in particular the additional examination of the optical security features 12-15, is conceivable. The above explanations can therefore also be applied to FIGS.

The method according to the further embodiment is described below with reference to the flow chart in FIG. In step S11, the user who wants to identify himself to the institution electronically reads out the electronic signature, the personal data and the photograph 11 of his passport 1a with his cell phone 2. This is normally done by an app that runs on the mobile phone and controls the NFC sensor 26, which reads the data from the chip 17.

It may be necessary for the user's name, date of birth and/or other personal data to be specified in order to be able to read the personal data, the photograph and the electronic signature from the chip 17 . This can be done by the user entering their name and/or date of birth in the app. Alternatively, this step can also be accomplished by photographing and recognizing the identification data 16 in the MRZ of the passport 1a, which saves time and is less error-prone than manual input.

The electronic signature, the personal data and the photograph are then sent from the mobile phone 2 via the data connection 31 to the server 3 and are received by the server in step S12.

In step S13 - similar to Figure 2 - checked the authenticity of the passport 1a using the electronic signature as a security feature. Public key authentication or a digital signature is often used for this. In particular, the server 3 uses a certificate for the authenticity check, which is provided, for example, by the issuing authority of the biometric passport 1a or on a master list of certificates from the International Civil Aviation Organization (ICAO). The signature and the certificate together form a "trust chain" in which one end is securely anchored at the issuing authority of the biometric passport and the other end is securely stored on the chip 17 of the biometric passport 1a.

If the check of the authenticity and integrity of the passport in step S13 comes to a negative result, the identification method ends in step S10 as having failed. An error message is then usually displayed to the user on the cell phone 2 .

On the other hand, if the passport 1a is classified as genuine in step S13, the user takes a picture of himself in step S14 with the camera 21 of the cell phone 2, on which his face or at least a part of his face can be seen. This image is in turn sent from the mobile phone 2 via the data connection 31 to the server 3 and received by the latter in step S15.

The verification of the identity of the user with the owner of the ID card in step S16 is analogous to step S6 above. If the similarity between the face in the photograph and the face in the image does not exceed a certain level, the identification of the user is classified as incorrect, the identification process is aborted and negative identification information is output in step S10. However, if the similarity exceeds the certain level, the identification of the user is classified as correct and corresponding positive information for identification is output in step S17.

[0048] The further statements on the preferred implementation of the method from above apply here analogously.

The method of FIGS. 6 and 7 benefits from an increased security level, in particular compared to the method of FIGS. 1 and 2, which is achieved by the electronic readout of the data including the electronic signature. At the same time, the process is simpler and less error-prone, since in principle there is no need to photograph the passport 1a or extract the photograph.

While the present application describes preferred embodiments of the invention, it is to be understood that the invention is not limited thereto and may be otherwise embodied within the scope of the following claims.

Claims (11)

1. Computer-implemented method for identifying a user using an identification document (1), comprising the steps - Receiving first data from a terminal (2) on an identification server (3), the first data comprising a photograph (11) of the user and a security feature, - Checking an authenticity of the identification document (1) based on the security feature, - Receiving second data from the terminal (2) on the identification server (3), the second data depicting a part of the user's face, - Checking a match of the user with a holder of the identification document (1) by determining a similarity between the photograph (11) and the facial area of the user by image processing methods, - if the results of the checks are positive, the identification server (3) accepts the identification of the user as correct. 2. Method according to claim 1, the first data being at least partially stored on a chip (17) of the identification document (1), wherein the security feature comprises an electronic signature, wherein checking an authenticity of the identification document (1) comprises the following step: – Checking the authenticity and integrity of the first data using the electronic signature. 3. The method according to claim 1 or 2, wherein the first data comprises first image data, wherein the security feature comprises an optical security feature (12-15), wherein the first image data depicts at least part of the identification document (1) with the photograph (11) and the optical security feature (12-15), wherein checking the authenticity of the identification document (1) comprises comparing the optical security feature (12-15) with generally valid properties of the optical security feature, additionally comprising the step - extracting the light image (11) from the first image data. 4. The method according to claim 3, further comprising the steps - determining identity data from the first image data, – if the results of the checks are positive, assignment of the identity data to the user. 5. The method according to any one of claims 3 or 4, further comprising the steps - determining a type of identification document (1), - Loading the type of identification document (1) associated generally valid properties of the optical security feature (12-15). 6. The method according to any one of claims 3-5, wherein the optical security feature (12-15) is designed in such a way that it looks different from different viewing angles, in particular that a color or a shape represented in the optical security feature (12-15) changes, wherein the first image data comprises a plurality of images of the optical security feature (12-15) from different viewing angles. 7. The method according to any one of claims 3-6, wherein the optical security feature (12-15) of the identification document (1) is designed in such a way that it looks different when the lighting changes, in particular that a color or a shape represented in the optical security feature (12-15) changes, wherein the first image data comprises a plurality of images of the optical security feature (12-15) with different lighting, in particular with different brightness of the lighting. 8. The method according to claim 7, wherein the end device (2) is a mobile device with a light source (23) with at least two brightness levels, wherein at least two images of the first image data are recorded at different brightness levels of the light source (23), in particular wherein the terminal (2) is a mobile phone with a flash. 9. The method according to any one of claims 3-8, having at least one of the following properties: - the optical security feature (12-15) is at least partially attached to the photograph (11), - the optical security feature (12-15) comprises at least one of the following features: a frame (12) around the photograph, a pattern (14) or an engraving (13), - the optical security feature comprises an OVD or a kinegram (15). 10. Identification server comprising a processor adapted to carry out the method according to any one of the preceding claims. 11. Computer program product, comprising program code which, when executed by an identification server according to claim 10, causes this to execute the method according to one of claims 1 to 9.