MOSIP (Modular Open Source Identity Platform), the open-source platform designed to provide foundational digital identity systems for countries, has a new standard for the support of QR codes containing identity data.
“169 – QR Code Specifications: CBOR Identity Data in QR Code” is a framework that defines a generic data structure and encoding mechanism for storing the identity data of registered individuals in any ID platform. It also details the transport encoding method in a machine-readable optical format, specifically QR codes. The aim is to enhance offline authentication capabilities, ensuring that identity verification remains reliable even in scenarios with limited or no internet connectivity.
The rationale behind this standard concerns finding ways to support higher-level authentication mechanisms in offline settings that normally wouldn’t allow access to digital identity credentials. Biometric-based authentication, such as facial recognition, provides a high level of assurance, but maintaining this assurance level for offline authentication poses significant challenges, especially for people without smartphones or in areas with poor internet connectivity.
To address these challenges, the proposed standard introduces a CBOR-based QR code that embeds a low-resolution image of the individual and a minimal demographic dataset within the QR code. This QR code, digitally signed by ID authorities, can be printed on physical cards. The signed data within the QR code can be used for facial authentication, enhancing interoperability and security.
The support opens a significant opportunity for vendors pioneering QR code-based identity solutions, such as TECH5’s T5-Cryptograph, which encodes biometric data in a digital container that can be sent to its rightful owner via email and thereby stored on a device for offline use. TECH5 is already actively involved in MOSIP efforts, having ensured its T5-ABIS and biometric SDKs were compatible with MOSIP back in 2019.
The full Claim 169 standard can be found on MOSIP’s open source documentation site, offering further details about its design and the functionality it’s meant to support. It outlines the CBOR map structure, a binary data serialization format similar to JSON but designed to be more compact and efficient, and lists optional attributes such as unique ID, version, language, full name, date of birth, gender, address, email ID, phone number, nationality, and others. The standard also supports the use of CBOR Web Token (CWT) with ED25519/ECC keys to generate smaller signatures and more condensed data, accommodating the size limitations of QR codes.
–
May 30, 2024 – by Alex Perala
Follow Us