Most of the people who have used it love the Digi Yatra app. No more trying to find your government ID or losing it in the rush to board a plane. No need to struggle to find your boarding pass. All you have to do is stand in front of the camera at the terminal entrance to complete your entry.
Siddharth Sharma, head of IT operations at Digi Yatra Foundation, says the usage numbers are staggering, with 8 million downloads and over 38 million uses across 24 airports in just 22 months. “This is one of the biggest successful implementations of self-sovereign or decentralized identity,” he says.
Self-sovereign identity is a digital identity model that gives users control over their online information. According to Sharma, the Digi Yatra app digitally does what past certified copies did. Like the latter, this is certified evidence. The app combines and automates the process at the airport, which requires two documents – a boarding pass and a government ID (identity proof) – which are physically checked by CISF personnel.
How the process works
To register on the app, follow the standard eKYC approach of entering your Aadhaar number, receiving an OTP on your registered phone, and authenticating yourself with the OTP. Once you authenticate, UIDAI will send your Aadhaar details to your phone. Privacy is at the foundation’s core, Sharma said, so the app captures the minimum amount of information necessary.
“For the airport use case, we only need the name, age derived from date of birth, and gender. We don’t need the Aadhaar number, so we only get the masked Aadhaar number. The Aadhaar image is also “We want to make sure it’s you, so it’s being photographed for one purpose only: to verify your proof of existence,” he says.
You will be asked to take a selfie to prove your presence. This data is sent to a face matching engine, which verifies your image with your Aadhaar image. Once these two images match, everything is sent to the Digi Yatra backend, which “digitally stamps” the collected Aadhaar information. This is called VC, or verified credentials.
Sharma said the verified credentials are sent back to the user’s phone and stored in the Digi Yatra wallet. “Anything used to create this will be immediately erased and no data will be kept in a central ecosystem. We don’t have a database,” he says.
In the concept of decentralized or self-sovereign identity, this is called the trust triangle. “This trust triangle includes you as the owner, Digi Yatra Foundation as the issuer, and the airport as the verifier. Going forward, the airport will perform an API (application programming interface) handshake with our ecosystem. And every time we travel, we share the airport and VC directly from our mobile phones. We just establish a secure connection between the two of us and talk to each other,” Sharma said. Masu.
The second document to present is your boarding pass. Just before your trip, scan your boarding pass or upload a PDF of it. Privacy is designed here too, ensuring you only get the details you need. “We only receive what is listed in the QR code on the boarding pass,” Sharma said. “That’s because we follow the standards followed by all airlines around the world.” This consists of basic details such as your name, seat number, PNR, travel dates, origin, destination, and sequence number. will be done.
The name on this is then matched against the name on the VC. If these match, your boarding pass will be linked. This data is only shared with the departure airport and stored in the departure airport’s biometric gallery. When you stand in front of the camera at the terminal entrance, your real-time face at the airport is matched against the VC image shared with the airport in seconds. If this matches, a request is sent to the airline’s system to confirm that you are there on today’s flight. “If we get a ‘yes’, the door opens,” Sharma says.
No data saved
Recently, questions have arisen as to whether other government authorities can access travel data. Sharma said data shared with the airport will be removed from the biometric gallery within 24 hours of flight departure. He said users can opt out by deleting the app, leaving no trace of their data.
Self-sovereign identity uses blockchain technology for certificates and digital signatures on VCs. It uses facial recognition technology and AI to verify selfies with Aadhaar images. The algorithm used to identify the QR code in the boarding pass PDF has a machine learning component.
“These are all compliant with W3C (World Wide Web Consortium) standards,” Sharma said.