ID Authentication Services


ID Authentication is built as an independent service that can be seeded with data for authentication by any system, including MOSIP. In the current design, we can have multiple IDA modules running from a single issuer.
The ID Authentication (IDA) module of MOSIP consists of the following services:
  1. 1.
    Authentication Services
  2. 2.
    OTP Service
  3. 3.
    Internal Services

Authentication Services

The services mentioned below are used by Authentication or e-KYC Partners.
  • Authentication Service: used to authenticate an individual's UIN/VID using one or more authentication types.
  • KYC Authentication Service: used to request e-KYC for an individual's UIN/VID using one or more authentication types.

OTP Request Service

OTP Request Service is used by Authentication/e-KYC Partners to generate OTP for an individual's UIN/VID. The generated OTP is stored in IDA DB for validation during OTP Authentication.

Internal Services

  1. 1.
    Internal Authentication Service - The authentication service used by internal MOSIP modules such as Resident Service, Registration Processor and Registration Client to authenticate individuals.
  2. 2.
    Internal OTP Service - used by Resident Service to generate OTP for an Individual for performing OTP Authentication.
  3. 3.
    Authentication Transaction History Service - used by Resident Service to retrieve a paginated list of authentication and OTP Request transactions for an individual.

Credential issuance callback

  • ID Authentication uses the credential data of the individuals for performing authentication.
  • This credential is requested by ID Repository upon any UIN insertion/update or VID creation.
  • The credential is created by Credential Service uploaded to Datashare service and the Datashare URL is sent to ID-Authentication using WebSub message.
  • WebSub invokes the credential-issuance callback in ID Authentication where the credential data is downloaded from Datashare and then stored in IDA DB.

Key generation

ID Authentication needs the below keys to be generated during the deployment for usage in Authentication Service.
  1. 1.
    IDA IDENTITY_CACHE(K18) symmetric key to encrypt and decrypt the Zero-knowledge 10K random keys
  2. 2.
    IDA ROOT master key(K15)), IDA module master key(K16), IDA-SIGN master key
  3. 3.
    Base keys CRED_SERVICE(K22), IDA-FIR(K21), INTERNAL(K19), PARTNER(K20)

Authentication client demo app

This is a reference application to demonstrate how authentication and KYC can be performed by Authentication Partners.
Refer to the repository for more details.
Below is the sample authentication demo UI image.


Developer Guide

To know more about the developer setups, read:


Source code

Last modified 7mo ago
Copyright © 2021 MOSIP. This work is licensed under a Creative Commons Attribution (CC-BY-4.0) International License unless otherwise noted.