Agenda

• Use case introduction
• Basic Topology in Lab for 5G setup
• Use case mapping
• Equipment for phase 1
• Plan for phase 2

Mapping a Use Case in Beyond 5G Infra

1. Context:

Customer Due Diligence (CDD) - Video-KYC and beyond – multi-regulator, identity, authentication, messaging and digital twins

2. Stakeholders:

• Customers (person / legal-entities), Banks, Regulators, Channels (EMV/NPCI etc.), CERSAI, DBT, CERT-IN, Ombudsman (dispute), etc.
• Based on experience of detected / attempted / ‘near-miss’ cases of forged identity, the technology infrastructure including application software as well as work flows shall be regularly upgraded. Any detected case of forged identity through V-CIP shall be reported as a cyber security event under extant regulatory guidelines.
• The fact of the V-CIP customer being an existing or new customer, or if it relates to a case rejected earlier or if the name appearing in some negative list should be factored in at appropriate stage of work flow.
• The authorised official of the RE performing the V-CIP shall record audio-video as well as capture photograph of the customer present for identification and obtain the identification information using any one of the following:
• OTP based Aadhaar e-KYC authentication
• Offline Verification of Aadhaar for identification
• KYC records downloaded from CKYCR, in accordance with Section 56, using the KYC identifier provided by the customer
• Equivalent e-document of Officially Valid Documents (OVDs) including documents issued through DigiLocker
• RE shall ensure to redact or blackout the Aadhaar number in terms of Section 16.
• In case of offline verification of Aadhaar using XML file or Aadhaar Secure QR Code, it shall be ensured that the XML file or QR code generation date is not older than 3 days from the date of carrying out V-CIP.
• The entire data and recordings of V-CIP shall be stored in a system / systems located in India. REs shall ensure that the video recording is stored in a safe and secure manner and bears the date and time stamp that affords easy historical data search. The extant instructions on record management, as stipulated in this MD, shall also be applicable for V-CIP.
• The activity log along with the credentials of the official performing the V-CIP shall be preserved.

Basic Topology @ 5G UCL

Mapping Video-KYC: I n Beyond 5G Context

1. Human/physical actors:

• Customer (human) and banks App running in a Smart-phone
• Authorized official of Regulated Entity on a workstation or smart device

2. Human/physical actors:

• API calls to CBS, CERSAI, India-Stack etc.
• Video / Audio and behavioural analytics – can have multiple engines in parallel
• MEC / Network capability exposure – telco APIs to BFS
• Messaging / authenticating – multi-factor aspects for signing in to the app or accessing VKYC tool

3. Risks-Challenges-Opportunities:

• Rooted device; VPN/tunnelled traffic (falsify geo-location);
• Placement of video-recording/streaming/interaction components
• Alibi of banking-infra / other vertical context