Tech Behind Digi Yatra
Thanks to Prof Shukla (Sandeep Shukla | LinkedIn) for raising these pertinent questions on this thread on post from (Teja Chintalapati | LinkedIn), which forced me to write this long pending longish post; will try to address some of the points and will be eager to discuss further on the topics of Governance, Transparency, non -discrimination in our system – your insights will go a long way towards defining the next phase of Digi Yatra.?
Have provided some links for basic concepts in interest of larger audience who has been asking similar questions. (Thanks Kalyan Kulkarni sir for providing these resources and also numerous brainstorming sessions which has helped in bringing clarity and drafting some of these points)
Q. what blockchain is used and what is the governance of that blockchain
>> We use Hyperledger Aries framework and respective RFCs for the communication and data exchange layer (DID Communication) between the participants such as Issuer (Digi Yatra), Holder (Passenger) and Verifier (Airport); Leveraging the Aries RFCs enables Digi Yatra to conform with the W3C standards of DID and VC. We use LFDT Indy for Decentralized Ledger or VDR (Verifiable Data Registry). Generally, Indy Ledger is public, permissioned though it does not mandate to be public. Currently we have setup a private network of Indy Ledger that serves and suffices at the moment for Airport Validation use case. However, Digi Yatra is working towards making it a public and fully interoperable ledger for more use cases and integrations.
Sovrin is one (and first) example of public ledger implementations of Indy ledger implementations of Indy ledger/VDR. Just to add - Indy VDR is the open source (Apache-2.0 license) project under the Linux Foundation Decentralized Trust and it is purpose built to store the Decentralized Identifier (public DIDs) and Verifiable Credentials issuance transaction metadata. The Aries RFCs are designed with privacy principles at their core, particularly the concepts of ‘Privacy by Design’ and ‘Privacy by Default’.
Q. what information is pushed to the blockchain?
>> No user information including individual user’s VC hash is pushed to block chain – it is cryptographic hash of the Issuer key which is used to sign and create VC which is pushed to block chain. Here is an explanatory video of how the DID/VC work.
In the Indy VDR based implementation, the PII (Personally Identifiable Information) of the holders is NEVER stored on the VDR. What goes on the VDR is the public DID (derived from the private DID) of the issuer, Credentials Schema & Definition. What DOES NOT go on the VDR is private keys, actual credential payload, holder’s information. Here are two explanatory videos (Video 1 & Video 2) of how the DID/VC work.
Q. Who signs the VC components? Is it Digi yatra who signs?
>> Yes, currently it is Digi Yatra who signs the VC.
Q. Can Digi Yatra Discriminate and decide not to sign and issue VC for a specific person?
>> No such selective workflow is available – system is automated without any human intervention and to eliminate any discriminatory actions. However, suggestions to enhance transparency of the system towards this are welcome.
We are currently audited by multiple agencies who are CERT-In empaneled, and we are also open for independent audits of these workflows and are considering implementing audit trails to log the actions of workflows. Any guidance to these solutions will be helpful. we are conscious of this and will ensure that these workflows are never an individual opine of Digi Yatra, however, will be derived by the policies, governance and mandates from the participating authorities.
Digi Yatra issues a verifiable credential only to the passengers who are verified based on their identity (Currently Aadhaar and we are working to add more ID options as defined by DGCA for access to airport touch points). Digi Yatra aims to make every journey a hassle-free and secure,
领英推荐
Q. What kind of governance and legal framework guarantee non-discriminatory policy of any kind?
>> Currently user consent is the basis for our operations, and we have tried our best to ensure that it is completely non-discriminatory, however, we are happy to discuss and know more about ways to enhance this further and if there are approaches to guarantee any further improvements on the non-discriminatory nature of the system – thanks for highlighting this, we will take up documentation on the non-discriminatory nature in our policy document.
Q. Digi Yatra Claims that they fetch UIDAI data, however they do not store it on their servers - Data is only stored on User's phones - Is there any proof for this claim? How do we trust that after creating VC data is purged and not stored?
>> Firstly, only Minimal and necessary data is fetched from UIDAI (image, name, gender, DOB and Masked Aadhaar (only last four digits are fetched and visible)).
Trust Factor - In last 1 year multiple (including third party) audits on our system have confirmed no data storage in Digi Yatra Central Ecosystem ?– Comprehensive CERT-In Audit by CERT-IN empaneled auditor (in scope was our full platform, apps and Airport Verifier nodes), STQC (recently got our second safe to host certificate for the current version of the App), Infosec Audit by CDAC, Regular UIDAI Infosec audit (as Digi Yatra is UIDAI Sub KUA). External audit by UIDAI auditors. Other than these an external auditor has done our privacy by design audit as well.
Further, our Architecture is Server less with only minimal configuration storage. Currently our CISO function is operated by the CDAC team, and we have embarked on our journey for ISO 27001 compliance certification.
Additionally, we are working on features aligned with ISO 27040 standards for data purging.
Happy to deliberate on more ways to have this trust and transparency as a default feature of system other than audits.
Q. As a data processor entity, Digi Yatra is in a very powerful position as users are trusting us and providing consent that allows access to PII data, so the onus should be on Digi Yatra to provide a proof of zero knowledge or have some kind of governance based in law to collect such consent and data.
>>Yes, onus is totally on us and as data processer we strongly believe that with this powerful position we have greater accountability and responsibility – IT is voluntary service, and we are collecting consent and processing data (and only storing it on user’s mobile device locally) aligned with CAR (Civil Aviation Requirements) from DGCA as per the define Digi Yatra Policy published by Ministry of Civil Aviation.
We have implemented practices to the best of our knowledge for consent and clearly informing about what data is processed, purpose, retention and sharing (most updated version of our privacy policy is available on our website.
There is always scope for continual improvement (We are reviewing and plan to implement ISO/IEC TS 27560:2023 standards for Consent Record) – glad to learn and implement more controls as required to be on the right side and step ahead of ensuring responsibility towards more than 9 million users who have trusted us for more than 40 million verifiable claims at airports.
Once again Thanks, Teja and Prof Shukla for the nudge and help start 2025 with long pending task to start on the updated and detailed FAQ for website, I am all motivated to resolve to write 1 / month! (Hopefully this will last beyond resolution week!).
P.S. Subsequent to this, am sure there might be more queries, always happy to connect and deliberate offline.