When biometric duplicates are found in ABIS, the MOSIP system sends a request for manual adjudication to the Manual Adjudication System via a queue.
The system integrator can build the Manual Adjudication System, which would be listening to the MOSIP-to-ManualAdjudication queue for any manual adjudication requests and sends a response back in the ManualAdjudication-to-MOSIP system after verifying the data.
The data sent to the Manual Adjudication System is driven by a policy defined in MOSIP and the specification is similar to ABIS identify request.
The manual adjudication stage in registration processor performs the following functions:
Sends the applicant's demographic and biometric information (via queue + Datashare) to Manual Adjudication System (MAS).
Receives decision from MAS and accordingly forwards the packets.
If rejected, notifies the applicant.
requestId: request_id that is associated with each request present in reg_manual_verification table.
referenceId: reg_id that is associated with each request present in reg_manual_verification table.
referenceURL: Datashare url of biometrics, demographics(identity), audits, metainfo, documents of reg_id
gallery: contains the matched ref_id and referenceURL of matched ref_id.
returnValue: 1-Success, 2-Failure
candidateList: It contains matched candidate referenceIds, count and analytics.
Datashare contains biometrics, identity documents, metainfo, audits related to particular rid and the datashare URL contains encrypted form of this data.
Note: Datashare encryption using partner key and decryption in MAS is using private key of that partner.
GET https://datashare-service/v1/datashare/get/mpolicy-default-adjudication/mpartner-default-adjudication/mpartner-default-adjudicationmpolicy-default-adjudication202011110619201EpLEjvD
The structure of the encrypted data downloaded from referenceURL in MOSIP 1.2.0 or later versions. The data downloaded would be URL-safe base64 encoded. Hence, after decoding the data will be in the below format. It will be divided into two parts after splitting using #KEY_SPLITTER#.
Block 1:
Block 1, i.e. the encrypted key data is again split into three parts, • The 1st part is VER_BYTES (version bytes). The Current version constant is set as VER_R2 and this is present in the first 6 bytes of Block 1.
• The 2nd part is the Certificate Thumbprint i.e. the key identifier which is present in the next 32 bytes after VER_BYTES.
• The 3rd part is the Encrypted Random AES Key, encrypted with the RSA OAEP - SHA256-MFG1. This constitutes the remaining 256 bytes of Block 1.
Block 2:
Block 2, i.e. the encrypted actual data is again split into two parts,
• The 1st part is the random 32 bytes which will be used as AAD in AES encryption (first 32 bytes). From this 32 bytes AAD data, the first 12 bytes is IV/Nonce.
• The 2nd part is the encrypted data which is encrypted using AES GCM PKCS5Padding.
The structure of the encrypted data downloaded from referenceURL in MOSIP 1.1.5.5 or prior versions.
The data downloaded would be base64 encoded. Hence, after decoding the data will be in the below format. It will be divided into two parts after splitting using #KEY_SPLITTER#.
Block 1:
Block 1, i.e. the encrypted key data is again split into two parts,
The first part is the Certificate Thumbprint i.e. the key identifier which is the first 32 bytes in Block 1.
The second part is the Encrypted Random AES Key which is encrypted with RSA OAEP - SHA256-MFG1. This constitutes the remaining 256 bytes of Block 1.
Block 2:
Block 2, i.e. the encrypted actual data is again split into two parts,
The 1st part is the Encrypted data, encrypted using AES GCM PKCS5Padding.
The 2nd part is IV/Nonce i.e. the last 32 bytes appended after encrypted data.
partner Id: mpartner-default-adjudication policy Id: mpolicy-default-adjudication
In registration-processor-default.properties, the possible Error codes are as follows:
This stage is applicable only if required biometrics are not present in the packet as per country configuration.
Sends applicant's demographic documents (via Queue + Datashare) to external Verification System (VS).
Receives decision from VS and accordingly forwards the packets.
If rejected, notifies the applicant.
requestId: verification_request_id that is associated with each request present in reg_verification table.
referenceId: reg_id that is associated with each request present in reg_verification table.
referenceURL: Datashare URL of biometrics, demographics(identity) ,audits, metainfo, documents of reg_id .
Response parameters
returnValue: 1-success, 2-failure
Datashare contains biometrics, identity, documents, metainfo, audits related to particular rid and datashare URL contains encrypted form of this data.
Note: Datashare encryption using partner key and decryption in MAS is using private key of that partner.
GET https://datashare-service/v1/datashare/get/mpolicy-default-adjudication/mpartner-default-adjudication/mpartner-default-adjudicationmpolicy-default-adjudication202011110619201EpLEjvD
The structure of the encrypted data downloaded from referenceURL in MOSIP 1.2.0 or later versions. The data downloaded would be URL-safe base64 encoded. Hence, after decoding the data will be in the below format. It will be divided into two parts after splitting using #KEY_SPLITTER#.
Block 1:
Block 1, i.e. the encrypted key data is again split into three parts, • The 1st part is VER_BYTES (version bytes). The Current version constant is set as VER_R2 and this is present in the first 6 bytes of Block 1.
• The 2nd part is the Certificate Thumbprint i.e. the key identifier which is present in the next 32 bytes after VER_BYTES.
• The 3rd part is the Encrypted Random AES Key, encrypted with the RSA OAEP - SHA256-MFG1. This constitutes the remaining 256 bytes of Block 1.
Block 2:
Block 2, i.e. the encrypted actual data is again split into two parts,
• The 1st part is the random 32 bytes which will be used as AAD in AES encryption (first 32 bytes). From this 32 bytes AAD data, the first 12 bytes is IV/Nonce.
• The 2nd part is the encrypted data which is encrypted using AES GCM PKCS5Padding.
The structure of the encrypted data downloaded from referenceURL in MOSIP 1.1.5.5 or prior versions.
The data downloaded would be base64 encoded. Hence, after decoding the data will be in the below format. It will be divided into two parts after splitting using #KEY_SPLITTER#.
Block 1:
Block 1, i.e. the encrypted key data is again split into two parts,
The first part is the Certificate Thumbprint i.e. the key identifier which is the first 32 bytes in Block 1.
The second part is the Encrypted Random AES Key which is encrypted with RSA OAEP - SHA256-MFG1. This constitutes the remaining 256 bytes of Block 1.
Block 2:
Block 2, i.e. the encrypted actual data is again split into two parts,
The 1st part is the Encrypted data, encrypted using AES GCM PKCS5Padding.
The 2nd part is IV/Nonce i.e. the last 32 bytes appended after encrypted data.
Possible Error codes and Messages from Datashare URL
partner Id: mpartner-default-adjudication policy Id: mpolicy-default-adjudication
| Encrypted Key Data | KEY_SPLITTER | Encrypted Actual Data |
|---|---|---|
| Encrypted Key Data | KEY_SPLITTER | Encrypted Actual Data |
|---|---|---|
| Error Code | Error Message |
|---|---|
| Error Code | Error Message |
|---|---|
| Encrypted Key Data | KEY_SPLITTER | Encrypted Actual Data |
|---|---|---|
| Encrypted Key Data | KEY_SPLITTER | Encrypted Actual Data |
|---|---|---|
| Error Code | Error Message |
|---|---|
| Error Code | Error Message |
|---|---|
Block 1
#KEY_SPLITTER#
Block 2
Block 1
#KEY_SPLITTER#
Block 2
DAT-SER-003
File does not exist or File is empty
DAT-SER-006
Data share not found
DAT-SER-006
Data share usage expired
KER-ATH-401
Authentication failed
KER-ATH-403
Forbidden
RPR-MVS-000
manual verification failed
RPR-MVS-001
Registration Id should not empty or null
RPR-MVS-002
No matched reference id found for given RID
RPR-MVS-025
Manual adjudication failed
RPR-MVS-022
Registration Id should not empty or null
RPR-MVS-022
TablenotAccessibleException in Manual verification
RPR-MVS-021
Manual verification rejected
RPR-MVS-025
Manual verification resend to queue
RPR-SYS-012
IO EXCEPTION
Block 1
#KEY_SPLITTER#
Block 2
Block 1
#KEY_SPLITTER#
Block 2
DAT-SER-003
File does not exists or File is empty
DAT-SER-006
Data share not found
DAT-SER-006
Data share usage expired
KER-ATH-401
Authentication Failed
KER-ATH-403
Forbidden
RPR-MVS-004
No Assigned Record Found
RPR-MVS-025
Multiple rids found for a reference id
RPR-MVS-022
TablenotAccessibleException in Manual verification
RPR-VER-002
Verification failed
RPR-VER-004
Resend for verification
RPR-MVS-016
Reg Id should not be null or empty
RPR-MVS-021
Manual verification rejected