A resident should be able to prove their presence using the verifier's phone

[rakhimosip]

Problem statement:

A resident should be able to prove presence using the verifier’s phone.

Prerequisite:

• The verifier should have a smartphone with secure hardware

• The verifier installs and sets up the mobileID app on their smartphone which has the selfie auth feature

• The resident should be able to share their credential (VC) with the verifier’s phone

Proposed solution:

• The resident scans the QR code of the verifier’s app to initiate sharing of VC

• The resident is prompted with a consent asking for permission to click their picture for selfie authentication

  • When the resident clicks on the consent checkbox, the 'Verify presence and share' button will be disabled as the face-auth will be performed on the verifier's app (requesting device)
  • When the resident unchecks this consent checkbox the 'Verify presence and share' button will be enabled and the face-auth can be performed on the resident's phone using the same button. Requirement details here

• After giving consent the resident can click on the Share button and initiate sharing

• On receiving VC on the verifier’s phone the app brings up the camera to capture the resident’s picture and then initiates a match with the picture in the received credential using the SDK.

  • On a successful match, the app creates a verifiable presentation and also signs it.

  • A successful match message also will be shown

  • A failed match will be conveyed by a corresponding message

• This info should also be displayed in the history tab

  • On the resident's phone consent should be logged as shown below
  • '9721931281 shared. Consent is given for presence verification'
  • On the verifier's phone
  • '9721931281 received. Presence verified' -> when the app receives ID and face-auth is successful.
  • '9721931281 received. Presence verification failed' -> when the app receives ID and face-auth fails.

• If the resident does not give consent to capture a face image and chooses the 'Accept request and choose ID' option, then a normal share without face auth will happen

NOTE: Creating a Verifiable Presentation when a successful auth happens has been removed from the scope of this feature.

Process flow:

Mock UI When resident scans QR code on relying party's device, they see the following screen

Open questions

• Where will the auth status be stored? In VC? ANSWER As a verifiable presentation

• How will additional metadata be stored and VC signed? ANSWER As a verifiable presentation

• What happens to the shared VC if face auth fails? Should relying party’s app discard the VC? Or store it?

Tech Notes:

Re-use already available SDKs for selfie auth

============================ SUBTASKS

• [ ] Adding consent information in the QR code
• [ ] Reading the consent information in the QR code and displaying it to the resident.
• [ ] Wireframe for displaying consent text
• [ ] After VC is received, perform authentication by integrating with SDK

[rakhimosip]

As per the discussion today with the team, updated the requirement-> Creating a Verifiable Presentation when a successful auth happens has been removed from the scope of this feature.

CC @kyanthony @pmigueld @Anushree09-N @santhoshsunder

[rakhimosip]

As per the discussion, yesterday with the team updated the requirement -> When the resident clicks on the consent checkbox, the 'Verify presence and share' button will be disabled as the face-auth will be performed on the verifier's app (requesting device)

CC @kyanthony @pmigueld @Anushree09-N @santhoshsunder

[jannahadlaon]

Tested on: Android: QA4_io.mosip.residentapp-0.4.1-rc1-newlogic_20221123_1723.apk iOS: inji 0.4.1 (3) (TestFlight)

WORKS AS EXPECTED @pmigueld @kyanthony @danicaerediano

STEPS

1. Share ID
2. On the sharing device click on the consent box
3. Verify that Accept request and verify button is disabled
4. Add reason for sharing
5. Select ID
6. Click on Accept request and choose ID
7. Click on Accept request and verify button on the Receiving device
8. Verify that after clicking the button, camera pop up
9. Capture photo of yourself iOS build: Should show success message (since Face-matching in iOS is mocked) Android: Error should appear
10. Click on Try again in the error message
11. Capture photo of the person in the ID
12. Verify that Success message is shown
13. Verify that transaction was logged correctly in History

Screenshot iOS Sharing device: https://user-images.githubusercontent.com/102940764/203693859-e8da96fe-0fc3-40b4-8351-8dd77d4fb4b5.mov Receiving device:

Android Error message: Sharing device: Uploading XRecorder_24112022_122604.mp4… Receiving device:

[rakhimosip]

@pmigueld @Anushree09-N based on our discussion today, I have updated the story with the following note:

• This info should also be displayed in the history tab
  • On the resident's phone consent should be logged as shown below
  • '9721931281 shared. Consent is given for presence verification'
  • On the verifier's phone
  • '9721931281 received. Presence verified' -> when the app receives ID and face-auth is successful.
  • '9721931281 received. Presence verification failed' -> when the app receives ID and face-auth fails.

[jannahadlaon]

Tested on Android: QA4_io.mosip.residentapp-0.4.1-rc3-newlogic_20221205_0904.apk iOS: Inji 0.4.1 (4)

WORKS AS EXPECTED @pmigueld @danicaerediano @Anushree09-N @kyanthony @rakhimosip @Sujithbn

NOTE: For iOS, Face authentication is mocked so we will always have a successful result for face verification

Test devices: iPhone SE - iOS 15.4 iPhone 11 - iOS 16.1.1 Samsung Galaxy A23 - Android 12 Samsung Galaxy A20s - Android 11

Screenshots Android

iOS

[Raginikrishnamurthy]

Verified the above story with Google near by protocol where consent feature was available. This feature is excluded in ble protocal, hence is obsolete and closing it.