Ek Pahichan

• 

  Ek Pahichan acting as a mediator between vendors

Inspiration

The Ek Pahichan project was inspired by our vision to make life easier for citizens while also maintaining data security. We have envisioned a system that prioritizes security, streamlines operations, and improves convenience for the user. This project will transform identity verification in Nepal, empower citizens with secure and convenient access to essential services, and ultimately contribute to Nepal's digital progress. Ek Pahichan addresses the challenge of repeatedly sharing sensitive information with various services. Through a centralized system, it ensures that the verification process and data held within are not only accurate but also serve as a comprehensive means of authentication across all services.

What it does

The core of our solution lies in offering three distinct interfaces tailored to three user types:

1. Merchant Portal: Merchants can seamlessly integrate a "Verify with EkPahichan" option. When a user chooses this, they're directed to an O-Auth-inspired page, where they grant consent for data sharing. For sensitive data requests, the user is prompted to input their decryption passphrase, allowing for client-side data decryption and transmission of specific fields directly to the merchant.

2. Consumer Interface: Consumers sign up using their phone number and a password. Following this, they upload a legally binding identity document. This data is then sent to a government-operated and managed verification server for cross-referencing with existing databases. A final manual intervention is incorporated during the KYC process to ensure the highest level of accuracy.

3. Data Encryption & Trust: Currently, trust is based on the integrity of the government server. However, our vision is to transition to zero-knowledge-proof systems, allowing for mathematical trust rather than just institutional trust. For heightened data security, sensitive information is encrypted client-side using RSA. Subsequently, the RSA private key itself is encrypted with AES using the user's passphrase. As a result, when accessing sensitive data, the user's passphrase first decrypts the private key client-side, which in turn decrypts the desired information.

By integrating these mechanisms, Ek Pahichan serves as an innovative identity verification platform, ensuring convenience, accuracy, and robust data protection for Nepal's digital future.

How we built it

Building the Ek Pahichan project was an exhilarating journey, shaped by dedication, team collaboration, and a shared vision. Our diverse team brought together a blend of expertise and creativity that made it possible to tackle the multifaceted challenges of this initiative. From the onset, we leaned heavily on teamwork and communication. Regular brainstorming sessions and stand-ups ensured that every team member was aligned with the project's goals. We divided tasks based on expertise but maintained a collaborative environment, open to feedback and quick pivots when necessary.

Technically speaking, our toolkit was comprehensive:

Backend: We implemented ExpressJs to craft a robust backend service, ensuring efficient request handling and seamless data processing.

ORM & Database: Prisma served as our ORM, offering an intuitive way to interact with our PostgreSQL database, streamlining data transactions and ensuring data integrity.

OCR: Tesseractjs was our choice for Optical Character Recognition, enabling us to accurately convert document images into machine-encoded text – a vital aspect for our identity verification. Frontend & Design: ReactJS was employed for crafting a Single Page Application (SPA), ensuring a responsive and dynamic user experience. The aesthetics were elevated using TailwindCSS, and to add those subtle, user-engaging animations, we used framer-motions.

Development & Deployment Workflow: Adhering to the Software Development Life Cycle (SDLC) principles as closely as possible, given our tight 48-hour deadline, was crucial. We utilized GitHub as our version control system, promoting efficient team collaboration and code management. Once our solution was ready and rigorously tested, deployment was achieved on an EC2 instance through Docker, ensuring containerized consistency. For process management, we leveraged PM2, and our server was set up using Nginx, guaranteeing optimal performance and security.

In essence, while our time was limited, our ambition was limitless. Through unwavering teamwork, the right tools, and a dash of caffeine, the Ek Pahichan project came to life, epitomizing innovation in the realm of identity verification for Nepal.

Challenges we ran into

Our Challenges:

1. Balancing User Experience (UX) and Privacy: Crafting an interface that is both user-friendly and safeguards privacy was a tightrope walk. The decision to opt for double encryption, where even the private key was encrypted, came from this very challenge. Requesting user consent every time we had to decrypt data was our way of ensuring transparency and trust while maintaining a user-friendly experience.

2. Technical Learning Curve: Our team was a mix of seasoned developers and enthusiastic newcomers. As a result, there were multiple instances where team members faced technical roadblocks. Some developers were fresh off learning frontend technologies, while others were getting acquainted with backend tools. The onus fell on our team leads to mentor, guide, and ensure that the new members were comfortable, contributing, and learning in the process.

3. Vision Misalignment: As often happens in intense development environments, there was a point where our idea team and our coding team veered off in different directions regarding the app's vision. This misalignment led to disputes and conflicts, threatening the overall progress of our project.

4. Team Dynamics: Given our individualistic approaches and the tight deadline, some team members found themselves at odds with one another. The intensity of the hackathon environment magnified these disagreements.

Solutions to those Challenges:

To address these challenges:

1. Open Communication: The key to resolving our internal disagreements was open dialogue. By sitting down, discussing our perspectives, and ensuring regular updates, we could realign our vision and maintain project momentum. It was essential to establish a culture where no one assumed anything and always communicated their concerns and updates.

2. Guidance and Mentorship: Our team leads played a pivotal role in guiding newer developers, ensuring they were on the right track, and assisting them in overcoming technical obstacles. This not only ensured the project's progress but also served as a valuable learning experience for our less experienced team members.

3. Iterative Feedback Loop: By setting up regular checkpoints and feedback loops, we could catch misalignments early on and take corrective action before significant deviations occurred.

In conclusion, while the path was riddled with challenges, both technical and interpersonal, our commitment to the project and our shared goal helped us navigate these hurdles. The result was the successful creation of the Ek Pahichan project.

Accomplishments that we're proud of

Accomplishments We Are Proud Of:

1. Robust Encryption: One of our proudest achievements is the implementation of end-to-end encryption. This design ensures that, irrespective of the environment or context, user data remains secured and confidential at all times.

2. Fail-Safe Data Protection: While every digital system can be a target, we've put immense effort into making ours as secure as possible. Even in the unlikely scenario of a data breach, our encryption mechanisms guarantee that the sensitive user data remains undecipherable, reinforcing our commitment to user privacy.

3. User-centric Design: Our platform's architecture ensures that no entity, not even our service, can access, modify, or misuse user data without explicit consent. This is an outcome of the cryptographic strategies we've incorporated, ensuring data integrity and user trust.

4. Efficient KYC Process: With claims being generated on the admin server, we've managed to streamline the KYC process. Most verifications can be conducted without decrypting or distributing sensitive user data. This not only optimizes the workflow but also minimizes the data footprint, decreasing the potential for breaches or leaks.

5. Win-Win Scenario: We've successfully built a platform that caters to both consumers and merchants. Users gain peace of mind, knowing their data is secure and not scattered across multiple services. Simultaneously, merchants are relieved from the cumbersome task of independently verifying user details. They're handed a simplified, government-backed system that they can trust. For the skeptics, the beauty lies in our cryptographic validations that ensure every transaction and verification is mathematically provable.

6. Scalable Architecture: Our system is designed to be scalable, ensuring that as the user base grows, our platform can handle the increased load without compromising on performance.

7. Inclusive Design: We ensured that the system is accessible and user-friendly for all citizens, including those who might not be tech-savvy. The UI/UX is designed to be intuitive, ensuring a seamless experience for every user demographic.

8. Rapid and Continuous Development: Given the tight timeframe of a hackathon, developing such a comprehensive system within 48 hours is an accomplishment in itself. Our team showcased agility, adaptability, and the ability to deliver under pressure.

9. Interoperability: Our system is designed to easily integrate with other platforms and services. This ensures that other service providers can onboard quickly, further expanding the reach and usability of Ek Pahichan.

10. Data Minimization: Apart from encryption, our design philosophy also focused on collecting only the minimal necessary data from users. This not only bolsters privacy but also limits potential data exposure points.

11. Feedback Loop: Even in the short development period, we incorporated feedback from potential end-users to refine and improve the system, highlighting our commitment to continuous improvement.

12. Sustainability: We have built the platform with a forward-thinking approach. From considering eventual migrations to zero-knowledge proofs to ensuring it's environmentally efficient, our project reflects sustainable tech development.

13. Security Audits: Even within our development cycle, we conducted preliminary security audits to identify potential vulnerabilities and patch them in real time.

14. Continuous Learning Environment: Despite the time constraints, our team emphasized knowledge sharing. Every member, regardless of their initial expertise, left the project having learned something new, enriching their skill set.

15. Disaster Recovery & Redundancy: Our infrastructure is designed with built-in redundancy, ensuring maximum uptime and swift recovery in case of any unforeseen issues.

In sum, our journey with the Ek Pahichan project has been filled with challenges, learnings, and innovations. However, our most significant accomplishment is the trust we've built – an ecosystem where users can interact with services without the constant paranoia of data breaches or privacy invasions. We're proud to have played a part in advancing Nepal's digital identity landscape in such a pivotal way.

What we learned

1. The Value of Teamwork: Building a comprehensive platform in a limited timeframe underscored the importance of teamwork. We realized that when everyone contributes their expertise and collaborates effectively, even the most daunting challenges become surmountable.

2. Importance of Data Privacy: Throughout the development of Ek Pahichan, we gained a deeper understanding of the nuances of data privacy and the critical role encryption and obfuscation play in safeguarding information.

3. User-Centric Design: By integrating feedback and focusing on the end-user experience, we learned the value of creating a design that resonates with the users, ensuring ease of use while not compromising on functionality.

4. Technical Challenges: Working with various technologies such as ExpressJs, Prisma, PostgreSQL, and cryptographic methods presented challenges that expanded our knowledge. From database optimization to front-end responsiveness, our technical repertoire grew significantly.

5. Rapid Problem-Solving: The hackathon setting taught us to think on our feet. When faced with unforeseen technical or design challenges, we had to find swift and effective solutions, sharpening our problem-solving skills.

6. Importance of Communication: Given the misalignment of visions at one point, we realized the critical role that clear, continuous communication plays in project management, especially in high-pressure environments.

7. Scalability Concerns: As we built the platform, we grappled with ensuring that the system remains efficient and effective as user numbers increase. This gave us insights into designing for scalability from the outset.

8. Security First Approach: We understood that in today's digital age, a security-first approach is not just preferable but essential. Every line of code, every design decision had to be evaluated from a security standpoint.

9. Mentorship & Growth: The mixed experience levels in our team provided a firsthand experience of the value of mentorship. Senior team members played an essential role in guiding newer members, and in the process, everyone learned and grew.

10. Stakeholder Trust: By focusing on a system where cryptographic validations ensure every transaction is mathematically provable, we delved into the importance of building and maintaining stakeholder trust in digital solutions.

In essence, the journey of developing the Ek Pahichan project was as much about personal and team growth as it was about creating a transformative digital solution. We emerged from this experience with enhanced skills, a deeper understanding of digital identity landscapes, and a profound realization of the impact such projects can have on society.

What's next for Ek Pahichan

1. Integration of Zero-Knowledge Proofs (zk-SNARKs): One of our foremost priorities is the integration of zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge). This will allow users to prove that they possess certain information without revealing it, further enhancing the security and privacy of the platform.

2. Refining the User Experience: Based on feedback and user behavior analytics, we'll continue to iterate and refine the platform's user experience, ensuring it remains intuitive and user-friendly for all demographics.

3. Expansion of Services: While Ek Pahichan currently focuses on identity verification, we see potential in expanding its functionalities to other services, such as digital signatures, electronic voting, and more.

4. Business Model Considerations: Being a government-owned entity, it's vital that the platform remains sustainable and efficient. Two potential business models we are considering are:

   • Taxation Model: A nominal tax could be levied on businesses benefiting from the system. Given the savings they would accrue from not having to manage KYC and other verifications independently, this model could be attractive and equitable.
   • Pay-Per-Use Model: Instead of blanket charges, businesses and service providers could be charged based on the actual usage of the platform. This ensures fairness and scalability as businesses only pay for what they use.

5. Collaboration and Integration: We're aiming to integrate with more services and platforms, further expanding Ek Pahichan's reach and utility. This will ensure that a larger segment of the population and businesses can benefit from streamlined verification processes.

6. Enhanced Security Protocols: As cyber threats evolve, so will our security protocols. We'll be consistently updating and enhancing the platform's security measures to stay ahead of potential threats.

7. Community Engagement: We plan on fostering a community around Ek Pahichan, promoting discussions, collecting feedback, and ensuring that the platform evolves based on the actual needs of the users.

8. Educational Outreach: Given the intricacies of digital identity and cryptography, we aim to launch educational initiatives. This will ensure that users and potential collaborators understand the platform's benefits, ensuring wider adoption and trust.

9. Global Collaborations: While the primary focus is Nepal, the principles behind Ek Pahichan are universally applicable. Collaborating with global digital identity initiatives could provide mutual benefits in terms of technology, security, and scalability.

10. Regulatory Compliance: As the digital landscape and regulations evolve, we'll ensure that Ek Pahichan remains compliant with all local and international data protection and privacy laws.

In conclusion, the journey of Ek Pahichan is just beginning. While we have achieved significant milestones, the road ahead is filled with opportunities for expansion, refinement, and global impact. With a focus on user-centricity, security, and societal benefits, we're excited about the transformative potential Ek Pahichan holds for the future.

Built With

• docker
• docker-hub
• ec2
• express.js
• framer
• nextjs
• postgresql
• prisma
• tailwind
• typescript