USCIS explores remote identity verification for immigration services

U.S. Citizenship and Immigration Services (USCIS) issued a Request for Information (RFI) from industry on remote document authentication and identity verification technology.

The agency says it wants to modernize processes that have long depended on manual, in-person review of identity documents which are unsuitable for remote or geographically distributed users.

The agency said many of its processes have historically relied on face-to-face document checks, creating operational challenges and limiting flexibility.

To address this, USCIS is specifically looking for an information technology solution that would allow identity documents to be verified remotely while still supporting agency security and compliance needs.

The agency said it is looking for an enterprise-level, remote capability that can support multiple USCIS programs and use cases through a common API-based platform and verification engine, with USCIS teams handling program-specific configurations and integrations.

The system would need to work across all major mobile phones and web browsers, allowing members of the public to submit identity documents and selfies remotely rather than relying solely on an in-person review.

USCIS also said the same core platform should be reusable in both remote and in-person settings.

According to the RFI, the core functions USCIS is seeking include document authentication, facial comparison with presentation attack defense, and extraction of identity document data for integration into existing USCIS systems and applications.

The agency said a viable tool must be able to authenticate U.S. and foreign identity documents, extract structured data and high-quality images in real time, and guide users through image capture while checking for problems such as glare or blur.

USCIS also wants support for barcode and machine-readable zone scanning, OCR and intelligent document processing, and, where applicable, biometric chip, RFID, and mobile integrations.

USCIS said the solution must be entirely software-based and must not require hardware. For cloud-based offerings, the agency said vendors should meet FedRAMP Moderate authorization or equivalent security requirements.

The RFI also calls for strong encryption protections for data at rest and in transit, including the use of FIPS 197 AES algorithms with at least 256-bit encryption validated under FIPS 140-3, consistent with Department of Homeland Security (DHS) policy.

The system also would need to demonstrate sufficient scalability to support at least 10 million transactions annually.

The request goes well beyond asking whether vendors can authenticate documents. USCIS is also asking companies whether their tools can run in USCIS-controlled Amazon Web Services cloud environments, whether they allow remote photo capture of both identity documents and selfies, and whether they support offline capture in low-connectivity situations for later upload and authentication.

The agency is asking what data formats vendors provide for document images, extracted fields and face crops, how quickly results are returned, and what transaction volumes can be supported.

The RFI also asks vendors to explain whether their products use AI or machine learning, whether models are trained on customer data, how training data is sourced and governed, and whether the company currently offers agentic models.

Vendors are also being asked to list which domestic and foreign identity documents their systems can cover, explain how often document libraries or models are updated, and describe whether authentication is rules-based, template-based or machine learning-based, as well as whether the technology is fully proprietary.

In addition, USCIS is asking vendors to provide, if available, rates and testing conditions for metrics such as system error, failure to extract, document false rejection, document false acceptance, field-level accuracy, character error and field completeness.

It also asks for metrics related to face matching and spoof detection, including false non-match, false match, bona fide presentation classification error and attack presentation classification error, and whether those evaluations were conducted internally or by an independent third party.

USCIS also asks whether vendors have participated in DHS Science and Technology testing and whether they would be willing to provide APIs for government testing.

Responses to the RFI are due by Tuesday, April 14, at 2:30 p.m. Eastern.

Article Topics

Amazon Web Services (AWS)  |  identity document  |  identity verification  |  immigration  |  RFI  |  United States  |  USCIS