Glossary

ABIS

AID

Auth

The process of verifying one’s identity.

CBEFF

CTK

Device

Hardware capable of capturing biometric information.

Device Provider

An entity that manufactures or imports the devices in their name. This entity should have legal rights to obtain an organization-level digital certificate from the respective authority in the country.

Device Provider Certificate

A digital certificate is issued to the "Device Provider". This certificate proves that the provider has been certified for L0/L1 respective compliance. The entity is expected to keep this certificate in secure possession in an HSM. All the individual trust certificates are issued using this certificate as the root. This certificate is issued by the countries in conjunction with a trusted registry.

Device Registration

The process of a device obtaining a certificate from the management server.

FPS

Frames Per Second.

FTM

Foundational Trust Provider.

FTM Provider

An entity that manufactures or guarantees the trustworthiness of the foundational trust module. This can be the device provider as well.

FTM Provider Certificate

A digital certificate issued to the "Foundational Trust Provider". This certificate proves that the provider has successfully gone through the required Foundational Trust Provider evaluation. The entity is expected to keep this certificate in secure possession in an HSM. All the individual FTM trust certificates are issued using this certificate as the root. This certificate would be issued by the countries in conjunction with a trusted registry.

Handle

A handle as username is a unique identifier used instead of system generated usernames/passwords for enabling login, identification, or online interactions.

Header in signature

The header in the signature means the attribute with "alg" set to RS256 and x5c set to base64encoded certificate.

ID Schema

A standard JSON schema that defines a dataset that can be stored in the Identity repository for a resident.

ISO format timestamp

ISO 8601 with format yyyy-mm-ddTHH:MM:ssZ (Example: 2020-12-08T09:39:37Z). This value should be in UTC (Coordinated Universal Time).

KYC

Know Your Customer. The process of providing consent to perform profile verification and update.

L0 Certified Device/L0 Device

A device is certified as one where the encryption is done on the host machine device driver or the SBI service.

L1 Certified Device/L1 Device

A device certified as capable of performing encryption in line with this specification in its trusted zone.

MA

MDS

Management Server

A server run by the device provider to manage the life cycle of the biometric devices.

MOSIP

MV

Open Source

Open source refers to freely available software for anyone to use, modify, and share, ensuring trusted and transparent technology that adheres to global standards.

Payload

Payload is the byte array of the actual data, always represented as base64 url encoded.

Pre-registration

A resident-facing web-based portal that allows a resident to provide basic demographic data, upload document proofs, and book an appointment at a preferred registration centre, to complete the rest of the registration process.

Registration

A process that allows an individual to provide basic demographic information and biometrics to register and avail a Unique Identification Number (UIN).

SBI

SDK

Software Development Kit.

Signature

All signatures should be as per RFC 7515.

Signature(Base64)

Base64 url encoded signature bytes.

UIN

A unique number assigned to a resident. UIN never changes and is non-revocable. UIN is randomized, so one should not be able to derive any Personal Identifiable Information (PII) from the number itself.

Vendor-Neutral

An approach that is not dependent on or restricted to a specific vendor, allowing interoperability and flexibility to integrate with a wide range of MOSIP compliant technologies/service providers.

VID