The solution designed here is for offline eKYC in either JSON format or in a QR code based. QR Code approach can be a used with a printed paper. Data may be provided to the verifying agency by the UIN holder in digital or physical format along with share code (password)

1. Digital format: JSON

   1. This format is preferred when high quality photo is required

2. Printed format: QR code

   1. When resident is more comfortable with a physically printed format

   2. Low resolution photo for visual inspection only

JSON based authentication

1. Resident needs to download a password protected ZIP file which contains an JSON file with the below data of the resident from the resident portal (resident needs to provide, UIN or VID, OTP and shared code (password) for ZIP as Input to do so)

   1. Proof of identity (POI)

      1. Name

      2. Date of Birth

      3. Gender

      4. Hashed Mobile Number

      5. Hashed Email ID

   2. Proof of address (POA)

      1. Address line 1

      2. Address line 2

      3. Address line 3

      4. City

      5. Province

      6. Zone

      7. Country

      8. Postal code

   3. Photo

   4. Signature (digital signature)

2. Resident shares the ZIP file along with the shared code (password) to the verifying agency for e-KYC

3. Authentication by the verifying agency can be done by the following ways:

   1. Verifying the signature:

      1. Read the JSON after extracting it from the ZIP file using the shared code (password)

      2. Get the signature from the JSON

      3. Get the public certificate from the online portal/offline db
         (Note: Key might vary based on the date of JSON creation)

      4. Validate the digital signature by using the certificate and the signature to authenticate the resident

   2. Verifying email id or mobile number:

      1. Read the JSON after extracting it from the ZIP file using the shared code (password)

      2. Get the hashed email id or mobile number

      3. Ask the resident for his/her email id or mobile number

      4. Using the algorithm for hashing the email id or mobile number generate the hashed email id and mobile number

         1. Hashing logic for email id
            Sha256 (Sha256 (email id + shared code)) * number of times last digit of UIN
            (Note: If last digit of UIN end with zero we will hash only one time)
            Simple SHA256 hash of the email without any salt

         2. Hashing logic for mobile number
            Sha256 (Sha256 (mobile number + shared code)) * number of times last digit of UIN
            (Note: If last digit of UIN end with zero we will hash only one time)
            Sha256 (Sha256 (mobile number + shared code)) * number of times of last digit of mobile number
            (Note: If last digit of mobile number ends with zero we will hash only one time)

      5. Compare the hash generated with the hash fetched from the XML to authenticate the resident

   3. Verifying the photo:

      1. Read the JSON after extracting it from the ZIP file using the shared code (password)

      2. Get the photo from the JSON

      3. Perform face validation by capturing face and matching against the photo within the e-KYC JSON

QR Code based Authentication

1. Resident can get the QR code for the UIN using,

   1. Generating it through the mobile application

   2. Getting it through the e-UIN card

   3. Getting it through the physical UIN card

2. Resident can show this card to the verifying agency

3. Verifying agency can scan the QR code and get the below data,

   1. Name

   2. Masked UIN

   3. Gender

   4. Date of birth

   5. Address

   6. Compressed photo

   7. Signature

4. Using the mobile application or the desktop application, the verifying agency gets the signature from the QR code

5. Get the public certificate from the online portal/offline db
   (Note: Key might vary based on the date of QR code creation)

6. Validate the digital signature by using the certificate and the signature to authenticate the resident