Centre for Digital Public Infrastructure
english
english
  • THE DPI WIKI
    • πŸŽ‰About the DPI Wiki
    • πŸ”†What is DPI?
    • ✨DPI Overview
    • πŸ“DPI Tech Architecture Principles
      • πŸ”—Interoperability
      • 🧱Minimalist & Reusable Building Blocks
      • πŸ’‘Diverse, Inclusive Innovation
      • πŸ’ Federated & Decentralised by Design
      • πŸ”Security & Privacy By Design
    • 🎯DPI Implementation & Execution Guidance
    • πŸ†šDPG and DPI
    • ❓What DPI can I build?
    • πŸ₯‡First use case for DPI
    • πŸ“˜Inputs for designing a DPI informed digital transformation strategy
    • πŸ’°How much does it cost to build DPI?
    • πŸ“’Is my system a DPI?
      • TL; DR - Is my system a DPI?
  • Mythbusters and FAQs
    • πŸ”―DPI and Mandating Adoption
    • πŸ”―DPI and Private Competition
    • πŸ”―DPI and Privacy / Security
    • πŸ”―DPI and the Digital Divide
  • Technical Notes
    • πŸ†”Identifiers & Registries
      • Digital ID
        • Capabilities on ID system
        • ID-Auth
        • Face Authentication
        • eKYC/ Identity profile sharing
        • Single Sign On (SSO)
        • QR Code for Offline ID
    • πŸ“‚Data Sharing, Credentials and Models
      • A primer to personal data sharing
      • Data standards
      • Verifiable Credentials
      • Building Data Analytics Pipelines
      • eLockers
      • Non-personal Anonymised Datasets
    • πŸ”Trust Infra
      • Digital Signatures and PKI
      • eConsent
      • eSign
    • πŸ›’Discovery & Fulfilment
      • Platforms to Protocols
    • πŸ’ΈPayments
      • Financial Address
      • Interoperable QR Code
      • Interoperable Authentication
      • Interoperable Bill Payments
      • Cash in Cash Out (CICO)
      • Financial Address Mapper (G2P Connect)
      • G2P Payments
  • Initiatives
    • 🌐DPI advisory
    • πŸš€DPI as a Packaged Solution (DaaS)
      • πŸ’‘Why do we need DaaS?
      • 🎯DaaS in a nutshell
      • πŸ“¦Pre-packaged DaaS kits
      • ♻️Reusable DaaS Artefacts
      • 3️⃣A 3-step process from idea to implementation!
      • πŸ“ˆFunded DaaS Program overview
      • πŸ‘©β€πŸ’»Cohort 1: DaaS Offerings
        • Digital authentication
        • Digital credentials
        • ID Account Mapper
      • πŸ–₯️Co-create with us!
      • πŸ’¬Upcoming DaaS cohorts
        • Functional Registries
        • AI Assistant
      • ❓FAQs on DaaS
        • Country x DPG MOU /LoI FAQs
        • Ecosystem Participation Terms FAQs
    • πŸ“‘DPI Residents Program
    • βš–οΈDPI-CPA
    • πŸ’ΈG2P Connect
    • πŸ“¨User Centric Credentialing & Personal Data Sharing
    • βš•οΈDPI for Health
    • 🌍Agri Connect (forthcoming)
  • References
    • Glossary
    • Curated Specifications
  • Additional Info
    • 🀝Licensing
    • ✍️Contact Us
Powered by GitBook
On this page
Export as PDF
  1. Technical Notes
  2. Identifiers & Registries
  3. Digital ID

eKYC/ Identity profile sharing

Every identity system has a few data fields like biometrics, photograph, demographic details, email id/ mobile number, which in combination identifies each individual uniquely . For numerous applications, it is essential to authenticate the user and obtain their profile details from a trusted source.

KYC involves establishing and verifying a person’s/ an organization’s identity to assess and monitor customer risk. KYC requirements in most countries mandate that citizens provide proof of their identity and address. Physically producing and verifying these documents is expensive at scale because of the high transactional costs involved, large TATs, and low trust in the system. As a result, countries reach a point where operational costs around identity verification are a barrier to getting services to the poor and disadvantaged.

This creates a need for a process that’s not only digital, and instant but also fool-proof and non-repudiable.

In ID-based eKYC, identity is verified electronically after which the service provider can access the profile details of your ID from the ID authority database. It’s a value addition on top of ID-auth and allows an individual to share these profile fields to any system.

How does eKYC work?

  1. The user’s identity is verified using ID number and biometric data/ OTP from ID DB via a service provider (refer to e-Auth)

  2. Upon authorisation, the user authorizes the ID authority to release the minimum required demographic information and photograph (KYC packet) to the requesting entity via a standard API.

ID-based e-KYC can be built as an independent service that can be seeded with data for authentication by any ID system. The ID based e-KYC is an extension of auth; however, a key distinction is that any requesting entity can receive and store identity profile data.

Probable challenges & workarounds:

  1. Infrastructure, connectivity & coverage: Procurement of any specialized hardware for authentication can become prohibitively expensive at a national scale. This and accessibility constraints can impede the delivery of services in rural, remote areas.

  • A choice that any government can make in this regard is to allow private players to become e-auth service providers after adequate training & certification. Opting to publish all the hardware standards brings market forces into play, resulting in competitive prices for everyone.

  • Offline mobile-first authentication can will eliminate the need to procure expensive hardware.

  1. Data security & privacy: Concerns about the security of data and possible misuse of the shared information.

  • It’s on the government to balance innovation while ensuring that no one has uncontrolled access to private data. The concerned government departments can choose to identify authorized service providers after licensing and testing. These should be mandated to maintain logs of data access, which can then be scrutinized by the regulators.

  • A user should also have the ability to revoke access to their KYC data by any service provider or entity at any time.

Use cases:

  • Financial inclusion via bank account opening

  • KYC for purchase for mobile sims

  • Securities account opening

  • Enrollment in govt. schemes

References:

  1. Rebooting India - Nandan Nilekani & Viral Shah

PreviousFace AuthenticationNextSingle Sign On (SSO)

Last updated 1 year ago

πŸ†”
https://docs.mosip.io/1.2.0/modules/id-authentication-services
https://govstack.gitbook.io/bb-identity/3-terminology