M.V.P. IDEMIA Interface
This document will entail the interface specifications for the onboarding procedure between the TU Delft IPv8 Blockchain solution (IPv8) and the IDEMIA biometry platform, from IPv8’s point of view. The Public Key based claim is the preferred solution from an ideological “the user is in control” perspective.
Context
This work defines the communication standard between 2 stand-alone apps. We provide an open standard for multiple biometric vendors, this is the key factor for large-scale adoption. As such and for security, the applications should be isolated as much as possible. Therefore any authentication app can talk to the IPv8 app. Alternative identity management apps such as Soverin or uPort can also use this neutral interface definition. This specification is specifically crafted to protect against man-in-the-middle attacks on the phone of a user. To deal with the isolation we need secure bi-directional authentication between apps. A simple REST api is used to communicate. For external communication QR-codes must be used.
There are two keypairs:
- An IDEMIA keypair, assigned by IDEMIA
- An IPv8 keypair, generated by the user through IPv8
Onboarding claim: Public Key based
The onboarding claim has the following format in IPv8:
| Claim property |
Type |
Content |
| Name |
String |
“IDEMIA_ONBOARD_PK” |
| Format |
String |
“IDEMIA_CURVE” |
| Link |
String |
<IDEMIA Public Key> |
Use-case
At the municipality:
- IDEMIA: During the onboarding process in the municipality, the user onboards using the IDEMIA onboarding process (as specified in previous documents).
- IDEMIA: The IDEMIA public key is sent to IPv8.
- IPv8: IPv8 packs the public key into the claim format, as shown above.
- IPv8: The municipality signs the claim format using the IPv8 key.
- IPv8: The user signs the claim format signed by the municipality using the IPv8 key and publishes this.
At the verifier (store/airport/business/etc.):
- IPv8: The user presents the claim to the verifier.
- IPv8: The verifier issues a challenge (random data) to the user.
- IDEMIA: Through the IDEMIA app, the user signs the challenge with his IDEMIA private key
- IPv8: The verifier confirms that the signature belongs to the public key, as advertised through the claim format.
Required interface IDEMIA -> IPv8
| Interface |
Type |
Details |
| sign(String: challenge) |
String |
Sign data using the Private Key for this device |
Required interface IPv8 -> IDEMIA
| Interface |
Type |
Details |
| createPKClaim(String: publicKey) |
None |
Create the IDEMIA_ONBOAD_PK claim for a certain IDEMIA public key |
Onboarding claim: IDEMIA identifier based
The onboarding claim has the following format in IPv8:
| Claim property |
Type |
Content |
| Name |
String |
“IDEMIA_ONBOARD_ID” |
| Format |
String |
“IDEMIA_ID” |
| Link |
String |
<IDEMIA identifier> |
Use-case
At the municipality:
- IDEMIA: During the onboarding process in the municipality, the user onboards using the IDEMIA onboarding process (as specified in previous documents).
- IDEMIA: The IDEMIA identifier is sent to IPv8.
- IPv8: IPv8 packs the identifier into the claim format, as shown above.
- IPv8: The municipality signs the claim format using the IPv8 key.
- IPv8: The user signs the claim format signed by the municipality using the IPv8 key and publishes this.
At the verifier (store/airport/business/etc.):
- IPv8: The user presents the claim to the verifier.
- IDEMIA: The verifier contacts IDEMIA with the identifier and verifies the user based on the reported attributes.
Required interface IPv8 -> IDEMIA
| Interface |
Type |
Details |
| createIDClaim(String: identifier) |
None |
Create the IDEMIA_ONBOAD_ID claim for a certain IDEMIA id |
M.V.P. IDEMIA Interface
This document will entail the interface specifications for the onboarding procedure between the TU Delft IPv8 Blockchain solution (IPv8) and the IDEMIA biometry platform, from IPv8’s point of view. The Public Key based claim is the preferred solution from an ideological “the user is in control” perspective.
Context
This work defines the communication standard between 2 stand-alone apps. We provide an open standard for multiple biometric vendors, this is the key factor for large-scale adoption. As such and for security, the applications should be isolated as much as possible. Therefore any authentication app can talk to the IPv8 app. Alternative identity management apps such as Soverin or uPort can also use this neutral interface definition. This specification is specifically crafted to protect against man-in-the-middle attacks on the phone of a user. To deal with the isolation we need secure bi-directional authentication between apps. A simple REST api is used to communicate. For external communication QR-codes must be used.
There are two keypairs:
Onboarding claim: Public Key based
The onboarding claim has the following format in IPv8:
Use-case
At the municipality:
At the verifier (store/airport/business/etc.):
Required interface IDEMIA -> IPv8
Required interface IPv8 -> IDEMIA
Onboarding claim: IDEMIA identifier based
The onboarding claim has the following format in IPv8:
Use-case
At the municipality:
At the verifier (store/airport/business/etc.):
Required interface IPv8 -> IDEMIA