Authenticate a Shopping App
Learn how to utilize MasterCard ID Service with Samsung to provide specific authorized user data from Digital ID. The aim of this exercise is to define list of authentication parameters necessary in the purchase process of age-restricted products on AnyShop app, a sample app.
Introduction to Digital ID
What makes a person to be one who they claim to be? Every person is surrounded by a unique group of attributes such as face, fingerprint, ID number, birthday, address, and knowledge. We can say we identify people correctly if we collect personal attributes from trusted authorities in a secured manner.
Digital ID makes a person easily prove their identity and share their attributes to service providers who require a person’s verified data for their services. To achieve this, we need multiple roles in an ID ecosystem where each role has responsibilities and provides secure storages and channels.
In our ecosystem, we have the following roles:
Digital Identity Service Provider
MasterCard ID Service provides the technology platform and operational service to allow the secure storage and transmission of Digital Identity data from the user to the Relying Party having been verified to a required level of assurance by an Identity Verifier Provider. MasterCard also defines the commercial model and liability frameworks (the operating rules) allowing participants in the system to trust the data.
A Trust Provider manages the user relationship, and is responsible for acquiring new users. They provide the tools (via a MasterCard-developed SDK) to enable the users to manage their Digital Identity. Samsung is a core trust provider in this case. The ecosystem is on top of the state-of-the-art technologies of Samsung which are resilient biometrics authentications, security mechanisms backed by Knox, and more.
Identity Verification Provider
An Identity Verification Provider verifies data asserted by the Trust Provider and the user. This is done by using data mastered by the Identity Verifier that is not aggregated from other data sources.
A Relying Party provides products and services to users, relying on the data available in user’s account. This data has been verified by one or more Identity Verification Providers to a level of assurance required by the Relying Party to meet regulatory, legislative, or operational needs.
Users are defined as the citizens of the service who are making an identity assertion.
Code Lab Activity
AnyShop is an application which simulates the online purchase process of age-restricted products. Age verification is carried out using Digital ID. The following application flow depicts this specific use case:
Select type of age-restricted product to order
Add items to cart
Quantify the amount of product
Confirm the identity
Select Continue with ID option
Provide application code
Confirm the identity
Share required information
Final age verification screen