Skip to main content

How MandalaID Works: Technical Implementation

Step 1: Identity Creation Flow

identity-creation-flow.jpg

User Workflow

When a citizen needs a digital identity, the process is streamlined and secure:

Registration Process

  1. Initial Registration (At Hospital, Government Office, or Authorized Center):

    • Citizen presents traditional identity documents
    • Personal information verified against government databases
    • Digital wallet created or connected (mobile or web-based)

  2. DID Generation (Automatic Blockchain Process)

    • System generates a cryptographically unique identifier
    • Random number generation ensures no two DIDs are alike
    • Format follows international standard: did:mandala:unique-hex-code
    • Identity immediately recorded on blockchain (immutable from this point)
    • Process completes in under 3 seconds

  3. User Profile Creation (Linking Identity to Person):

    • Unique user ID generated (e.g., “USER-123456”)
    • Personal details encrypted and stored
    • Profile linked to DID permanently
    • Expiration dates set if required (e.g., for temporary residents)
    • Multiple verification methods added (biometric, PIN, cryptographic keys)

  4. Wallet Integration (User Takes Control):

    • Private keys generated and stored in user’s wallet
    • Recovery phrases provided (12-24 word backup)
    • Mobile app or hardware wallet configured
    • User education on security best practices
    • Test transaction performed to ensure functionality

Step 2: Credential Schema Definition

credential-schema-definition.jpeg

Workflow Legend

Before issuing any credentials, administrators must define what information each credential type will contain. This is done through an intuitive administrative interface:

Visual Schema Builder Process

  1. Access Admin Dashboard:
    • Government officials log in with multi-factor authentication
    • Role-based permissions determine what schemas they can create
    • Audit log tracks all administrative actions
  2. Design Credential Template (No Coding Required):
    • Drag-and-drop interface for adding data fields
    • Field types available: Text, Number, Date, Boolean, Dropdown selections
    • Validation rules: Required fields, format checking, value ranges
    • Preview mode: See how the credential will look to users
    • Template library: Start from pre-built templates for common credentials
  3. Schema Configuration:
    • Schema Name: Clear identifier (e.g., “Birth Certificate v2.0”)
    • Description: Detailed explanation of the credential’s purpose
    • Field Limit: Up to 50 custom fields per credential
    • Version Control: Automatic versioning (1.0, 1.1, 2.0, etc.)
    • Status Management: Set as Active, Testing, or Deprecated
  4. Blockchain Submission (One-Click Deployment):
    • Schema automatically validated for compliance
    • Smart contract creates unique Schema ID (e.g., “SCHEMA-789”)
    • Version history permanently recorded
    • All existing systems immediately recognize new schema
    • Rollback capability to previous versions if needed
  5. Multi-Jurisdiction Support:
    • Different regions can create localized schemas
    • Core fields remain standardized for interoperability
    • Translation support for multiple languages
    • Cultural adaptations (e.g., naming conventions)

Step 3: Credential Issuance

The credential issuance process combines user-friendly interfaces with rigorous security protocols:

Birth Certificate Issuance Workflow

  1. Data Collection (At Point of Registration):
    • Hospital Integration: Direct connection to hospital information systems
    • Smart Forms: Auto-population from existing databases where available
    • Data Validation: Real-time checking for completeness and accuracy
    • Parent Verification: Biometric or document-based parent identity confirmation
    • Medical Professional Sign-off: Doctor or midwife digital signature required
  2. Multi-Layer Validation:
    • Duplicate Prevention: System automatically checks if registration number exists
    • Format Verification: All fields must match expected patterns (dates, names, etc.)
    • Cross-Reference Check: Validation against civil registration database
    • Fraud Detection: AI-powered anomaly detection for suspicious patterns
    • Manual Review Queue: Flagged entries require supervisor approval
  3. Blockchain Submission (Permanent Recording):
    • One-Click Issuance: After validation, single button creates blockchain record
    • Instant Confirmation: Transaction confirmed in 3-6 seconds
    • Parent Notification: SMS/Email sent to parents with credential details
    • Digital Copy Delivery: QR code or link for accessing digital certificate
    • Paper Backup Option: Traditional certificate can still be printed if needed
  4. Post-Issuance Features:
    • Amendment Process: Corrections require authorized approval and are tracked
    • Duplicate Requests: Citizens can request verified copies anytime
    • Integration APIs: Other systems can verify certificates programmatically
    • Statistics Dashboard: Real-time birth registration metrics for planning

Step 4: Real-time Indexing

The indexer serves as the system’s intelligence layer, making blockchain data instantly searchable and analyzable:

How the Indexer Works

  1. Event Capture (Continuous Monitoring):
    • 24/7 Scanning: Monitors every new block (every 6 seconds)
    • Event Types Tracked: 15 different identity-related events
      • Identity registrations
      • Credential issuance
      • Status updates
      • Ownership transfers
      • Verification attempts
    • Zero Data Loss: Automatic recovery if connection interrupted
    • Real-time Processing: Events indexed within milliseconds
  2. Data Transformation (Making Data Useful):
    • Raw to Structured: Blockchain data converted to business-friendly format
    • Relationship Mapping: Links between DIDs, credentials, and users maintained
    • Search Optimization: Data organized for lightning-fast queries
    • Historical Tracking: Complete audit trail of all changes preserved
    • Analytics Preparation: Aggregated data for reporting dashboards
  3. Storage and Access:
    • PostgreSQL Database: Enterprise-grade relational database
    • GraphQL API: Flexible query language for developers
    • REST Endpoints: Traditional API for legacy system integration
    • WebSocket Subscriptions: Real-time updates for live applications
    • Caching Layer: Frequently accessed data served instantly
  4. Business Intelligence Features:
    • Custom Reports: Generate registration statistics, usage patterns
    • Anomaly Detection: Identify unusual activity patterns
    • Performance Metrics: System health and response times
    • Compliance Reporting: Automated regulatory report generation
    • Data Export: CSV, JSON, XML formats for external analysis

Step 5: Verification Process

Credential verification is designed to be instant, secure, and user-friendly:

Verification Workflow

  1. Initiation (Multiple Methods Available):
    • QR Code Scan: User presents QR code on mobile device
    • NFC Tap: Contactless verification for equipped devices
    • Manual Entry: DID number can be typed if needed
    • API Integration: Automated verification for online services
    • Biometric Confirmation: Optional additional security layer
  2. Query Process (Behind the Scenes):
    • GraphQL API Call: Structured query retrieves specific credential data
    • Smart Filtering: Only requested information is retrieved
    • Response Time: Typically under 100 milliseconds
    • Fallback Mechanisms: Multiple nodes queried if primary is slow
    • Cache Check: Recently verified credentials served instantly
  3. Cryptographic Verification (Automatic Security Checks):
    • Signature Validation: Mathematical proof the issuer created this credential
    • Tamper Detection: Any modification would break the signature
    • Issuer Authentication: Confirms the government entity is legitimate
    • Time Validity: Checks if credential is within valid date range
    • Chain of Trust: Verifies the complete authorization chain
  4. Status Confirmation:
    • Revocation Check: Ensures credential hasn’t been cancelled
    • Suspension Status: Temporary holds are detected
    • Update Detection: Newer versions of credential identified
    • Fraud Blacklist: Cross-reference against known fraudulent attempts
    • Compliance Verification: Meets current regulatory requirements
  5. Result Delivery (User Experience):
    • Green Checkmark: Valid credential, proceed with confidence
    • Warning Icons: Issues detected with clear explanation
    • Detailed Report: Optional expanded view of verification results
    • Audit Log Entry: Verification attempt recorded for compliance
    • Notification Options: Alert credential holder of verification (optional)