Figure 35 is the technical framework of Alipay payment authentication system.

            Figure 35 – IFAA use case: Alipay fingerprint/face payment – Technical framework






























            The Alipay user first initiates the registration request   3) Alipay payment server sends the authentication
            through the Alipay client app and runs the regis-    information to the IFAA authentication server for
            tration process as in Figure 15. After a successful   verification and retrieves the verification results.
            registration, the user can initiate a payment request   4) Alipay payment server authorizes the payment
            through the Alipay client app.                       after successful verification.
            To begin a payment process, the Alipay client app
            first interacts with the Alipay payment server to   7.2.2   Example: Aadhaar authentication
            confirm whether mobile payment can be carried out.   Aadhaar authentication is the process wherein the
            If yes, the Alipay client app calls the key manager (or   Aadhaar Number, along with other attributes, includ-
            optionally, the IFAA client) to authenticate the user   ing biometrics, are submitted online to the Central
            as in the following:                               Identities Data Repository (CIDR) for its verification
                                                               on the basis of information or data or documents
            1)  Require the user to perform fingerprint/face   available with it. During the authentication trans-
               authentication based on the local fingerprint/face   action, the resident’s record is first selected using
               template.                                       the  Aadhaar  Number  and  then  the  demographic/
            2) After fingerprint/face verification, the key manag-  biometric inputs are matched with the stored data
               er invokes the local stored user authentication pri-  which was provided  by the resident during enrol-
               vate key to sign the transaction information, and   ment/update process. Alternatively, authentication
               sends it to the Alipay payment server through the   can also be carried out on the basis of the OTP. All
               Alipay client app.                              biometric/OTP authentication schemes are valid for
                                                               e-KYC service too.















                                             Implementation of Secure Authentication Technologies for Digital Financial Services  49