# Integration between PSBio and SPIDX

This document describes the integrated operation of the PSBio and SPIDX solutions.

## Overview

**PSBios** are entities capable of performing biometric identification to ensure the authenticity and uniqueness of individuals for issuing digital certificates. PSBios form a distributed biometric database. Digital certificate issuers are *Certification Authorities* (CAs). Each CA can have several service endpoints called *Registration Authorities* (RAs), where individuals perform biometric collection and obtain certificates.

The PSBio architecture ensures the preservation of the identity of verified individuals. Identification data such as name and CPF are restricted to the CA where the certificate is being issued (CA-RA messages), and the uniqueness check on the PSBios network (CA-PSBio messages) is performed through an encrypted identifier (IDN) that cannot be used to obtain the individual's biographical data.

The PSBio interfaces, requirements and APIs are defined by ITI (National Institute of Information Technology), allowing different vendors to implement PSBio solutions capable of forming a distributed biometric database.

The **SPIDX** is a solution for biometric collection and registration on mobile devices. SPIDX is composed of:

* **SPIDX App**, an application/component running on the Android and iOS devices of individuals requesting certificates (RA clients).
* **SPIDX Server**, an online service hosted by SPIDX.

## Operation of PSBio with SPIDX

The diagram below describes the operation of an integrated SPIDX and PSBio solution:

![PSBio Operation with SPIDX](https://118801336-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHMy9gZsTdEehR3FxRxgN%2Fuploads%2Fgit-blob-a3cce09582cbfaba4e1cf55c9dfbb0236d5462b9%2Fspidx_psbio.png?alt=media)

The **Client**, who wishes to obtain a digital certificate, must have the *SPIDX App* installed on their mobile device (smartphone/tablet).

1. When requesting the issuance of the digital certificate, the **RA** starts the flow by creating a remote biometric collection request to the **CA**. This call is made by the RA's SPID Client to its CA's SPID Server.
2. In operation with SPIDX, the SPID Server (RA) makes a biometric collection request to the **SPIDX Server**, an online service of SPIDX.
3. The SPIDX Server sends a biometric collection request to the **SPIDX App** on the mobile device (Client). The app performs the biometric collection using the device's sensors, and sends the biometric data to the **SPIDX Server**.
4. The SPIDX Server notifies the SPID Server (CA) that the biometric collection has been completed.
5. The SPID Server (CA) requests the biometric data from the SPIDX Server (SPIDX), and receives it.
6. The SPID Server (CA) requests from the **PSBio** the biometric verification of the collected data. The **PSBio** responds to the SPID Server (CA) indicating whether there is a duplicate or not.
7. Throughout the entire procedure above, the **SPID Client** (RA) remains waiting for the biometric collection and verification, periodically performing **status checks** (*polling*) of the transaction on the SPID Server (CA). When there is a definitive response (Authorization or Refusal for certificate issuance), the SPID Client (RA) can finalize the operation.