ID Validation and Tokenisation
WORK IN PROGRESS
Last updated
WORK IN PROGRESS
Last updated
Copyright © OpenG2P. This work is licensed under Creative Common Attribution (CC-BY-4.0) International license unless otherwise noted.
The tokenisation process involves using the ID Authentication system to verify the registrant's data. If the IDs such as registrant's ID (RID), virtual ID (VID), or unique identification number (UIN) are valid, then the IDA system generates a token. The generated token replaces the sensitive data, like RID, VID, or UIN, with non-sensitive data and it is recorded in the database or the individual/group registries of the Social Registry (SR) module.
Uses an MTS connector to establish a connection to the ID system's APIs in order to valid MOSIP data offline at the backend.
Validates bulk IDs.
Tokenises the ID and populates it in SR.
Here we use the term "validation" (as opposed to "verification" or "authentication") of the ID and the associated demographic information of the individual with the ID system. This is not the same as verifying an individual's identity using biometrics or OTP.
IDA receives requests to generate tokens from the various registration mechanisms, whenever
A program administrator creates an ODK MTS Connector for individual/group registrants to map the ODK forms available in the ODK Central to the SR. | |
Self-registration by a potential beneficiary with their valid RID, VID, or UIN via eSignet. | |
Biometric authentication | WIP |
Social Registry with MTS uses MTS Connector to authenticate registrants, who are registered using the ODK Collect App. The UIN and demographic details provided by registrants are validated by calling APIs of the MOSIP IDA system. The MOSIP IDA responds with an authentication token upon successful validation. MTS is a standalone service offered by MOSIP.
MTS Connectors can take inputs from both ODK Central and SR. Since one MTS Connector takes only one type of input, separate MTS connectors are required for ODK Central and SR.
A high-level representation of the interactions between different components during validation is shown below:
Registrant utilises valid credentials to access the Self Service Portal. While logging using eSignet, an OTP or QR code is typically used in addition to a UIN or VID for self-registration. eSignet makes a call to the connected IDA to the Self Service Portal to verify the authenticity of the registrant's VID or UIN. The IDA generates a token upon successful authentication. The token will be recorded in the relevant registrant SR modules' individual/group registries.
WIP
Is ID number by itself considered Personally Identifiable Information (PII) ?
If ID is random, revokable and tokenized (not used for seeding), it is not PII. But if it is codified, used for seeding everywhere and not changeable, then it can be used to identify the person or know something about them
