[i have work on monday gang] Unopass

Unopass aims to keep your travel Passes, event tickets and more, safe and secure. Unopass aims to help companies adopt us as simple as possible. With Unopass, your passes are only managed by you.

Comment

Inspiration

We always wonder, why does it take so long for some companies to go digital? Like Movie Theatres, all tickets are a scannable QR code. But if your QR code gets stolen, it meant that your identity is stolen.

Solutions like Singpass has tried to mitigate this by adding a biometric layer but for companies to use Singpass MyInfo, they have to adhere to strict requirements.

What it does

Unopass is essentially a solution to lock sensitive tokens behind a Master Password defined by our user. Data in the token is encrypted by your Master Password.

How we built it

For Authentication, we used Auth0 as it is proven and used by big companies for authentication and authorization needs.

Since the Idea is based on a secure token, We decided to layer on encryption over encryption. All the QR code contains a JWT token that is encrypted using the user's master password.

The data that is stored in the JWT token is encrypted by the encrypted public and private keys that can only be locked using the user's master password.

That brings us around to our original idea, that tokens can be secured using the user's master password. So imagine a scenario where you need to enter a theatre, they can your Unopass and you have to explicitly input the Master Password for the theatre to have access to your data.

So How can companies adopt Unopass quickly?

Note that this was in consideration but its not in the submission because of time constraints.

Companies can use their normal workflow but with the addition of Unopass. To create a Unopass token, Companies can input their custom attributes (such as flight number, movie seat number, password number and etc) in JSON or Plaintext format. This data will then be encrypted behind the user's Master Password.

Challenges we ran into

First, the time constraint has put us in a corner. The huge chunk of our time is spending of thinking of a secure architecture of what data to be encrypted and how can we have the public and private keys secure. We landed on the idea that the private key will be secured by the User's Master Password (using AES-256 to encrypt and PBKDF2 to derive the user's password). Data in the token is secured in transit (and in the upcoming next iteration, data will also be secured and encrypted at rest)

Accomplishments that we're proud of

Coming from a team that is not familiar with Monorepos, Next.js, Prisma and other new technologies, we are proud to have learnt new technologies. Even if we are not picked as finalist, we have learnt a lot in terms of technology.

What we learned

As mentioned before, we learnt about Monorepos, Next.js, Prisma, React-query and encryption (both symmetric and asymmetric).

We also tried our best to adhere to good coding practices such as API naming scheme, Component making and etc. We also used a Monorepo to separate utility libraries from the application (so that the libraries can be used in another app)

What's next for [i have work on monday gang] Unopass

In this solution presented, we created a small scale database that only simulates a flight process (Flight Number and etc) and does not allow companies to input custom attributes, We plan to migrate to a NoSQL database such as MongoDB as it is better suited for us.

Also, data at rest is currently not encrypted and the private and public keys are not being utilized. In the next iteration, we are going to enforce encryption of data.

Github Link

https://github.com/nabilridhwan/lifehack

Built With

Share this project:

Updates