Digital ID — An ID For All
This article was possible thanks to the Thai Blockchain Association
Another digital implementation in Thailand that will disrupt its financial industry. Thailand has always had a trend to become cashless society comparing with 82% Internet users as a percentage of the total population. Thailand e-commerce industry increase from $2 billion from 2017 to $3.5 billion in 2018 and expected to reach over $5.8 billion by 2022 reported by Digital 2018 Global Overview Report. Therefore, we can also see proportionate growth of the e-commerce market to financial sector especially e-payment service. Recently, Ministry of finance, together with Electronic Transaction Development Agency (ETDA) by Ministry of Digital Economy and Society has announced its digital ID procedure and requirement to facilitate e-payment industry specifically for fintech startups to achieve a lower cost of KYC/CDD operation
Definitions
Entity — Users who are both natural persons (Thai and foreigners) and juristic persons.
Relying Party (RP) — Service provider must verify user identity before using the service, which the identity and attributes of the users must be confirmed by the Identity provider (IdP).
Identity Provider (IdP) — Identity verification service provider. Register and manage authentication of users.
NDID platform & proxy — Data link provider for identity verification.
Authoritative Source (AS) — In the enrollment process, a reliable source (AS) is an entity that is reliable, accessible or containing current and accurate information. Its purpose is to verify the identities of applicants in accordance with the request by IdP. In the authorization process, its purpose is to provide information about users, which may require the users’ consent.
Relating Parties in Digital ID:
1. Relying Party (RP): Educational Loan Fund
2. Identity Provider (IdP): Bank
3. Users: Borrower
Related Process for Digital ID can be broken down into 3 Steps:
1. Enrollment — The process that the applicant register with the IdP to go through identity verification, once finished, the application will have a subscriber status.
In the application process, the user goes through identity proofing. In this process, the user is required to bring valid documents to verify their entity, which can be verified using user attributes, for example, National ID Number or Driver’s License Number. After the identity for using the service has been created, the user must come up with an authenticator. For example, passwords, questions, and answers, private key, or fingerprints. The next process is to create a credential to connect the identity and authenticator. For example, Public Key Certificate, National ID Number, or Database Entry.
2. Authentication — The subscriber confirms and verifies their identity with IdP.
For the authentication process, the user must ask to use the service, where they will be redirected to the IdP to verify their identity using the authenticator they created. After the user has been verified they will have to verify with the RP again.
3. Data-access authorization — The process allows the subscriber to access their information in control of AS
In this process, the user will be asked for their personal information, which will be redirected to the service provider for approval, and will be asked to verify their identity with the service provider. They can either verify their identity using authenticator issued by the AS or IdP. Information will then be sent to RP.
Reliability Level
Identity Assurance Level (IAL) — the level of accuracy in proving the identity of the applicant. IAL will be used to identify in the registration process.
IAL 1
This level does not require applicant identification. IdP will trust the information provided in the application form.
IAL 2
At this level, the applicant will have to verify through face-to-face interaction and online to verify at least 1 reliable identity
IAL 3
This level will prove the applicant’s identity. The applicant must travel to apply in person (face-to-face) and showing at least 2 reliable identification, which IdP will record biometric data of applicants to prevent impersonation and duplicated registration.
