Skip to content

Commit

Permalink
GITBOOK-1014: Tokenisation
Browse files Browse the repository at this point in the history
  • Loading branch information
@Suseela-S @gitbook-bot
Suseela-S authored and gitbook-bot committed Sep 15, 2024
1 parent ffad0ef commit 49f26f8
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 9 deletions.
Binary file added .gitbook/assets/authentication-using-mts (1).png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion SUMMARY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,7 @@
* [Record Revision History](social-registry/features/record-revision-history.md)
* [Domain Specific Registries](social-registry/features/domain-specific-registries.md)
* [Single Sign-On](social-registry/features/single-sign-on.md)
* [Tokenisation](social-registry/features/tokenisation.md)
* [Tokenisation](social-registry/development/upcoming-features/tokenisation.md)
* [Search - OpenSearch](social-registry/features/search-opensearch.md)
* [Audit Log - Advanced](social-registry/features/audit-log-advanced.md)
* [Attestation](social-registry/features/attestation.md)
Expand Down
45 changes: 45 additions & 0 deletions social-registry/development/upcoming-features/tokenisation.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
description: WORK IN PROGRESS
---

# Tokenisation

The tokenisation process involves using the [IDA](https://docs.mosip.io/1.2.0/id-authentication) (ID Authentication) system to verify the registrant's data. If the IDs such as registrant's ID (RID), virtual ID (VID), or unique identification number (UIN) are valid, then the IDA system generates a token. The generated token replaces the sensitive data, like RID, VID, or UIN, with non-sensitive data and it is recorded in the database or the individual/group registries of the Social Registry (SR) module.

## Functionality

* Uses an [MTS connector](https://docs.mosip.io/1.2.0/integrations/mosip-token-seeder/mts-odk-importer) to establish a connection to the ID system's APIs in order to valid MOSIP data offline at the backend.
* Validates bulk IDs.
* Tokenises the ID and populates it in SR.

{% hint style="info" %}
Here we use the term "**validation**" (as opposed to "**verification**" or "**authentication")** of the ID and the associated demographic information of the individual with the ID system. This is not the same as verifying an individual's identity using biometrics or OTP.
{% endhint %}

IDA receives requests to generate tokens from the various registration mechanisms, whenever

<table><thead><tr><th width="348"></th><th></th></tr></thead><tbody><tr><td><a href="tokenisation.md#mts-connector"><strong>MTS Connector</strong></a> <strong>(</strong><a href="https://docs.mosip.io/1.2.0/integrations/mosip-token-seeder"><strong>MOSIP Token Seeder</strong></a><strong>)</strong></td><td>A program administrator creates an <strong>ODK MTS Connector</strong> for individual/group registrants to map the ODK forms available in the ODK Central to the SR. </td></tr><tr><td><a href="tokenisation.md#esignet"><strong>eSignet</strong></a></td><td>Self-registration by a potential beneficiary with their valid RID, VID, or UIN via eSignet.</td></tr><tr><td>Biometric authentication</td><td>WIP</td></tr></tbody></table>

## MTS connector

Social Registry with MTS uses MTS Connector to authenticate registrants, who are registered using the ODK Collect App. The UIN and demographic details provided by registrants are validated by calling APIs of the MOSIP IDA system. The MOSIP IDA responds with an authentication token upon successful validation. MTS is a standalone service offered by MOSIP.&#x20;

MTS Connectors can take inputs from both ODK Central and SR. Since one MTS Connector takes only one type of input, separate MTS connectors are required for ODK Central and SR.

A high-level representation of the interactions between different components during validation is shown below:

<figure><img src="../../../.gitbook/assets/authentication-using-mts (1).png" alt=""><figcaption></figcaption></figure>

## eSignet

Registrant utilises valid credentials to access the Self Service Portal. While logging using eSignet, an OTP or QR code is typically used in addition to a UIN or VID for self-registration. eSignet makes a call to the connected IDA to the Self Service Portal to verify the authenticity of the registrant's VID or UIN. The IDA generates a token upon successful authentication. The token will be recorded in the relevant registrant SR modules' individual/group registries.

## Bio-metric authentication

WIP

{% hint style="info" %}
**Is ID number by itself considered Personally Identifiable Information (PII**) ?

If ID is random, revokable and tokenized (not used for seeding), it is not PII. But if it is codified, used for seeding everywhere and not changeable, then it can be used to identify the person or know something about them
{% endhint %}
7 changes: 0 additions & 7 deletions social-registry/features/tokenisation.md
View file

This file was deleted.

2 changes: 1 addition & 1 deletion utilities-and-tools/4sure-verifier.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ The application features a user-friendly interface that guides users (like field

## Feature and functionality

<table><thead><tr><th width="225">Feature </th><th>Functionality</th></tr></thead><tbody><tr><td><strong>Secure transfer of credentials</strong></td><td>Utilises BLE technology for the secure and encrypted transfer of digital credentials</td></tr><tr><td><strong>National ID integration</strong></td><td>Fully integrated with the MOSIP platform, ensuring compatibility and interoperability with a wide range of identity solutions</td></tr><tr><td><strong>User-friendly interface</strong></td><td>Designed with a focus on ease of use, ensuring accessibility for users of varying technical proficiencies</td></tr><tr><td><strong>Face verification</strong></td><td><p>Incorporates a robust face verification SDK to enhance identity authentication, adding an extra layer of security and trustworthiness to </p><p>the verification process</p></td></tr><tr><td><strong>Authentication process</strong></td><td><p></p><p>The 4Sure application uses a two-step authentication process to verify individuals. First, the national ID of the individual is scanned and then authenticated by capturing it with a live photo. And then, the beneficiary ID is scanned or entered to complete the authentication process.</p></td></tr><tr><td><strong>VC matching</strong></td><td><p></p><p>The application compares the national ID and beneficiary ID provided by the individual to ensure they match. This matching process is done by verifying the UIN which helps to authenticate the individual's identity and verify their VC details.</p></td></tr><tr><td><strong>Offline authentication</strong></td><td><p> </p><p>One of the key features of the 4Sure application is its ability to perform authentication processes offline. This ensures that users can verify their identity even in areas where there is no connectivity.</p></td></tr><tr><td><strong>Integration</strong></td><td><p></p><p>The 4Sure application can be integrated with other systems or applications to enhance its functionality. For example, it can be integrated with ODK to collect the authenticated data of the beneficiaries, Such as the national ID and beneficiary ID data are passed to ODK central and from there moved to the social registry and programs.</p></td></tr><tr><td><strong>Facial authentication</strong></td><td>The application provides facial recognition technology to authenticate individuals, providing a secure and efficient method for verifying identity. Users can simply capture a live photo, which is then compared against the images present on the national ID.</td></tr><tr><td><strong>Identity verification</strong></td><td><p></p><p>With MOSIP integration, the application enables comprehensive identity verification processes. Users can scan and upload IDs such as National ID and Beneficiary ID, which are verified against each other for accuracy and validity.</p></td></tr><tr><td><strong>Security features</strong></td><td><p></p><p>The 4Sure application includes security features to protect the authenticity of the verification process. These features may include encryption of VC details, secure storage of verification certificates, and secure transmission of data.</p></td></tr></tbody></table>
<table><thead><tr><th width="225">Feature </th><th>Functionality</th></tr></thead><tbody><tr><td><strong>Secure transfer of credentials</strong></td><td>Utilises BLE technology for the secure and encrypted transfer of digital credentials</td></tr><tr><td><strong>National ID integration</strong></td><td>Fully integrated with the MOSIP platform, ensuring compatibility and interoperability with a wide range of identity solutions</td></tr><tr><td><strong>User-friendly interface</strong></td><td>Designed with a focus on ease of use, ensuring accessibility for users of varying technical proficiencies</td></tr><tr><td><strong>Face verification</strong></td><td>Incorporates a robust face verification SDK to enhance identity authentication, adding an extra layer of security and trustworthiness to the verification process</td></tr><tr><td><strong>Authentication process</strong></td><td><p></p><p>The 4Sure application uses a two-step authentication process to verify individuals. First, the national ID of the individual is scanned and then authenticated by capturing it with a live photo. And then, the beneficiary ID is scanned or entered to complete the authentication process.</p></td></tr><tr><td><strong>VC matching</strong></td><td><p></p><p>The application compares the national ID and beneficiary ID provided by the individual to ensure they match. This matching process is done by verifying the UIN which helps to authenticate the individual's identity and verify their VC details.</p></td></tr><tr><td><strong>Offline authentication</strong></td><td><p> </p><p>One of the key features of the 4Sure application is its ability to perform authentication processes offline. This ensures that users can verify their identity even in areas where there is no connectivity.</p></td></tr><tr><td><strong>Integration</strong></td><td><p></p><p>The 4Sure application can be integrated with other systems or applications to enhance its functionality. For example, it can be integrated with ODK to collect the authenticated data of the beneficiaries, Such as the national ID and beneficiary ID data are passed to ODK central and from there moved to the social registry and programs.</p></td></tr><tr><td><strong>Facial authentication</strong></td><td>The application provides facial recognition technology to authenticate individuals, providing a secure and efficient method for verifying identity. Users can simply capture a live photo, which is then compared against the images present on the national ID.</td></tr><tr><td><strong>Identity verification</strong></td><td><p></p><p>With MOSIP integration, the application enables comprehensive identity verification processes. Users can scan and upload IDs such as National ID and Beneficiary ID, which are verified against each other for accuracy and validity.</p></td></tr><tr><td><strong>Security features</strong></td><td><p></p><p>The 4Sure application includes security features to protect the authenticity of the verification process. These features may include encryption of VC details, secure storage of verification certificates, and secure transmission of data.</p></td></tr></tbody></table>

{% embed url="https://miro.com/app/board/uXjVNlxHQLA=/?share_link_id=927928050558" %}
Beneficiary e-Card Offline Verification&#x20;
Expand Down

0 comments on commit 49f26f8

Please sign in to comment.