apidays LIVE India 2022: Accelerating India’s digitisation with APIs May 11 & 12, 2022 Building a Modular Open Source Identity Platform Sanath Kumar Varambally, Knowledge Management Consultant & Vishwanath V, Architect at Modular Open Source Identity Platform (MOSIP) ------------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/ Deep dive into the API industry with our reports: https://www.apidays.global/industry-reports/ Subscribe to our global newsletter: https://apidays.typeform.com/to/i1MPEW

1. MOSIP
Standardizing Biometric Device
Integration
for Identity Verification

2. 2022 SERIES OF EVENTS
New York
JULY
(HYBRID)
Australia
SEPTEMBER
(HYBRID)
Singapore
APRIL
(VIRTUAL)
Helsinki & North
MARCH
(VIRTUAL)
Paris
DECEMBER
(HYBRID)
London
OCTOBER
(HYBRID)
Hong Kong
AUGUST
(VIRTUAL)
JUNE (VIRTUAL)
India
MAY
(VIRTUAL)
APRIL (VIRTUAL)
Dubai & Middle East
JUNE
(VIRTUAL)
Check out our API Conferences
www.a pida ys .globa l
Want to talk at one of our conferences?
apidays.typeform.com/to/ILJeAaV8

3. MOSIP
A robust and secure,
open source platform
for building
foundational identity
systems
The MOSIP
program is
housed in the
university
Our Donors
Mission
Enable countries to
● Issue unique digital identity to residents
● Deliver services with identity verification
● Rollout identity led development and
transformation
Vision
A digital future, interoperable, inclusive
and trusted
Digital public good for identity
Source code
github.com/mosip
Documentation
docs.mosip.io

6. ▪ User-enabled
data entry
▪ Appointment
booking
• Online or
offline mode
• Fingerprint, iris
& photo
• Credential
Issuance
• Mobile ID/Card
printing
• Demographic &
Biometric
• Yes or No &
E-KYC services
• Lock your
credentials
• Generate
credentials
on-demand
Locale/Multi Language Support
Notification to residents at
various stages
Tokenization & Virtualisation of ID
• Manage relying
parties
• KYC/data share
policies
Pre Registration Registration
ID
Issuance Authentication
Resident*
Services
Partner
Management
MOSIP MODULES

7. ● Proprietary interfaces and data formats
● Incompatible technology stacks
● Evolving Modalities
○ Integratable with future Biometric Modalities
● Secure and trustable
● Support cryptographic traceability
● Purpose Driven capture
MOTIVATION FOR STD. BIOMETRIC INTERFACE

8. ● Multiple platform support (Desktop, Tablets, Mobile Phones)
● End to end trust enabled
● Secure
● Flexible and language agnostic
● Standard data formats
DESIGN PRINCIPLES

9. Secure Biometric Interface (SBI) Service
Management
Server
Authentication
Application
MOSIP
Authentication
Endpoint
Encrypted &
Signed
Biometric Data
SBI
Service
HOST machine for Authentication
USB, BT
etc
Capture
Request
Standard Interfaces
1. Discovery
2. Info
3. Capture
FTM
Biometric
Device

10. Trusting the Management Server
1. "ABC Biometrics" obtains a CA signed certificate from a valid CA registered in the MOSIP ecosystem
2. "ABC Biometrics" now uploads the CA signed the CA signed certificate to the MOSIP partner management
portal to get a MOSIP signed certificate which is later uploaded to the Management server

11. Trusting the Device

12. Trusting and Securing Biometrics

13. SBI Communication Interfaces
Device
Discovery
•• Device discovery would be used to identify MOSIP compliant devices in a system by
the applications
Device Info
•• The device information API would be used to identify the MOSIP compliant devices
and their status by the applications
Capture
•• Used to capture a biometric from MOSIP compliant devices by the applications.
Response will provide the actual biometric data in encrypted and digitally signed
form

14. Device Discovery
Windows/
Linux
•• All the device API will be based on the HTTP specification.
•• The device always binds to 127.0.0.1 with any of the available ports
ranging from 4501 - 4600.
•• The IP address used for binding has to be 127.0.0.1 and not localhost.
•• The applications that require access to MOSIP devices could discover
them by sending the http request to the supported port range
Android
•• All devices on an android device should listen to the following
intent io.mosip.device
IOS
•• All device on an IOS device would respond to the url schema
MOSIPDISC://?ext=&type=

15. SBI Capture Response
{
"biometrics": [{
"specVersion": "SBI spec version",
"data": “Data JSON string in JWT format
(header.payload.signature)”,
"hash": "hash in hex format (previous hash +
hash of the current biometric data before encryption)",
"sessionKey": "Encrypt session key with MOSIP
public key and encode with base64 URL safe
encoding.",
"thumbprint": "SHA256 representation of the
certificate that was used for encryption of session key",
"error": {
"errorCode": "101",
"errorInfo": "Invalid JSON Value"
}
}]
}
Data JSON:
{
"digitalId": "digital Id in JWT format",
"deviceCode": "Same as serialNo in digital ID",
"deviceServiceVersion": "SBI service app version",
"bioType": "Finger",
"bioSubType": "UNKNOWN",
"purpose": "Auth or Registration",
"env": "Target environment",
"domainUri": "URI of the auth server",
"bioValue": "Encrypt biodata (ISO) with random 256
bit AES key (session key) and encode with base64 URL safe
encoding.",
"transactionId": "Unique transaction id",
"timestamp": "Capture datetime in ISO format",
"requestedScore": "Floating point number to
represent the minimum required score for the capture",
"qualityScore": "Floating point number representing
the score for the current capture"
}

16. References
Secure Biometric Interface Specification -
https://docs.mosip.io/1.1.5/biometrics/mosip-device-service-specification
Know more about MOSIP -
https://www.mosip.io/
MOSIP Github Page -
https://github.com/mosip
MOSIP Updates -
https://community.mosip.io/

17. Thank You