From 5b23ac4b677d5b8ca39745bc81baf0aa3a563ac7 Mon Sep 17 00:00:00 2001 From: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> Date: Thu, 12 Dec 2024 13:04:39 +0530 Subject: [PATCH 1/6] Update README.md Updated to refine the overview with specifically calling out the blum blub shub algorithm usage. Signed-off-by: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> --- kernel/kernel-idgenerator-service/README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/kernel/kernel-idgenerator-service/README.md b/kernel/kernel-idgenerator-service/README.md index 018e94a5e96..f9e8c4c9b3e 100644 --- a/kernel/kernel-idgenerator-service/README.md +++ b/kernel/kernel-idgenerator-service/README.md @@ -1,10 +1,12 @@ # ID Generator Service ## Overview -This service is used to generates various IDs like UIN, APPID, RID, VID. +MOSIP utilizes the Blum Blum Shub algorithm to generate random UINs (Unique Identification Numbers) ensuring a high degree of randomness. After generation, the UINs are filtered against the predefined patterns outlined below to maintain compliance and avoid unintended repetitions or sequences. -## UIN generation logic -UIN should have the following properties: +This service is used to generate various IDs like UIN, APPID, RID, VID. + +## UIN Generation Filters +UIN should follow the following properties: * Only integers with length as specified in `mosip.kernel.uin.length` configuration in [application properties](https://docs.mosip.io/1.2.0/modules/module-configuration#application-properties) * No alphanumeric characters * No repeating numbers for 2 or more than 2 digits @@ -20,6 +22,6 @@ UIN should have the following properties: * Should not contain three even adjacent digits (example - 3948613752) * Should not contain admin defined restricted number -## Default context-path and port +## Default Context-path and Port Refer [`bootstrap.properties`](src/main/resources/bootstrap.properties) From 65c5fdb0eb89a7012a2db1d91d846ed42490a24a Mon Sep 17 00:00:00 2001 From: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> Date: Thu, 12 Dec 2024 13:45:10 +0530 Subject: [PATCH 2/6] Update README.md Updated to replace BBS algorithm with SecureRandom algorithm. Signed-off-by: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> --- kernel/kernel-idgenerator-service/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/kernel-idgenerator-service/README.md b/kernel/kernel-idgenerator-service/README.md index f9e8c4c9b3e..c152505bdc3 100644 --- a/kernel/kernel-idgenerator-service/README.md +++ b/kernel/kernel-idgenerator-service/README.md @@ -1,7 +1,7 @@ # ID Generator Service ## Overview -MOSIP utilizes the Blum Blum Shub algorithm to generate random UINs (Unique Identification Numbers) ensuring a high degree of randomness. After generation, the UINs are filtered against the predefined patterns outlined below to maintain compliance and avoid unintended repetitions or sequences. +MOSIP utilizes the SecureRandom algorithm to generate random UINs (Unique Identification Numbers) ensuring a high degree of randomness. After generation, the UINs are filtered against the predefined patterns outlined below to maintain compliance and avoid unintended repetitions or sequences. This service is used to generate various IDs like UIN, APPID, RID, VID. From 69fc1ce2e50452ec13afb38afcd781c57f68a03f Mon Sep 17 00:00:00 2001 From: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> Date: Thu, 12 Dec 2024 14:09:14 +0530 Subject: [PATCH 3/6] Update README.md Refined the overview description. Signed-off-by: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> --- kernel/kernel-idgenerator-service/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/kernel-idgenerator-service/README.md b/kernel/kernel-idgenerator-service/README.md index c152505bdc3..217d6473d07 100644 --- a/kernel/kernel-idgenerator-service/README.md +++ b/kernel/kernel-idgenerator-service/README.md @@ -1,9 +1,9 @@ # ID Generator Service ## Overview -MOSIP utilizes the SecureRandom algorithm to generate random UINs (Unique Identification Numbers) ensuring a high degree of randomness. After generation, the UINs are filtered against the predefined patterns outlined below to maintain compliance and avoid unintended repetitions or sequences. +MOSIP uses the cryptographically safe SecureRandom algorithm to generate UINs (Unique Identification Numbers) with high randomness. A checksum is added using the Verhoeff Algorithm to validate the UIN/VID. Generated UINs are filtered against [predefined patterns](#uin-generation-filters) outlined below to eliminate easily identifiable numbers and prevent repetitions or sequences. The random number seed is refreshed every 45 minutes or as configured via `mosip.idgen.uin.secure-random-reinit-frequency` in minutes. -This service is used to generate various IDs like UIN, APPID, RID, VID. +This service is used to generate various IDs like UIN, APPID, RID (AID), VID. ## UIN Generation Filters UIN should follow the following properties: From ca52b18bc528a7d769745630b108277f042cbede Mon Sep 17 00:00:00 2001 From: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> Date: Thu, 12 Dec 2024 14:51:06 +0530 Subject: [PATCH 4/6] Update README.md Updated the Overview and Filters. Signed-off-by: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> --- kernel/kernel-idgenerator-service/README.md | 33 +++++++++++---------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/kernel/kernel-idgenerator-service/README.md b/kernel/kernel-idgenerator-service/README.md index 217d6473d07..fe579b31480 100644 --- a/kernel/kernel-idgenerator-service/README.md +++ b/kernel/kernel-idgenerator-service/README.md @@ -1,26 +1,27 @@ # ID Generator Service ## Overview -MOSIP uses the cryptographically safe SecureRandom algorithm to generate UINs (Unique Identification Numbers) with high randomness. A checksum is added using the Verhoeff Algorithm to validate the UIN/VID. Generated UINs are filtered against [predefined patterns](#uin-generation-filters) outlined below to eliminate easily identifiable numbers and prevent repetitions or sequences. The random number seed is refreshed every 45 minutes or as configured via `mosip.idgen.uin.secure-random-reinit-frequency` in minutes. +MOSIP uses the cryptographically safe SecureRandom algorithm to generate UINs (Unique Identification Numbers) with high randomness. A checksum is added using the Verhoeff Algorithm to validate the UIN/VID. Generated UINs are filtered against [predefined patterns](#uin-generation-filters) as outlined below, to eliminate easily identifiable numbers and prevent repetitions or sequences. The random number seed is refreshed every 45 minutes or as configured via `mosip.idgen.uin.secure-random-reinit-frequency` in minutes. This service is used to generate various IDs like UIN, APPID, RID (AID), VID. ## UIN Generation Filters -UIN should follow the following properties: -* Only integers with length as specified in `mosip.kernel.uin.length` configuration in [application properties](https://docs.mosip.io/1.2.0/modules/module-configuration#application-properties) -* No alphanumeric characters -* No repeating numbers for 2 or more than 2 digits -* No sequential number for 3 or more than 3 digits -* Should not be generated sequentially -* Should not have repeated block of numbers for 2 or more than 2 digits -* The last digit in the number should be reserved for a checksum -* The number should not contain '0' or '1' as the first digit. -* First 5 digits should be different from the last 5 digits (example - 4345643456) -* First 5 digits should be different to the last 5 digits reversed (example - 4345665434) -* Should not be a cyclic figure (example - 4567890123, 6543210987) -* Should be different from the repetition of the first two digits 5 times (example - 3434343434) -* Should not contain three even adjacent digits (example - 3948613752) -* Should not contain admin defined restricted number +The UIN should follow the following filters and constraints: +* Only integers with length, as specified in `mosip.kernel.uin.length` configuration. +* Minimum pregenerated UINs that should be available, as specified in `mosip.kernel.uin.min-unused-threshold` configuration. If not available then the next batch of generation would start. +* Number of UINs to generate, as specified in `mosip.kernel.uin.uins-to-generate` configuration. +* Upper bound of number of digits in sequence allowed in id, as specified in `mosip.kernel.uin.length.sequence-limit` configuration. For example if limit is 3, then 12 is allowed but 123 is not allowed in id (in both ascending and descending order). +* Number of digits in repeating block allowed in id, as specified in `mosip.kernel.uin.length.repeating-block-limit` configuration. For example if limit is 2, then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit). +* Lower bound of number of digits allowed in between two repeating digits in id, as specified in `mosip.kernel.uin.length.repeating-limit` configuration. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit). +* Number of digits to check for reverse digits group limit, as specified in `mosip.kernel.uin.length.reverse-digits-limit` configuration. For example if limit is 5 and UIN is 4345665434, then first 5 digits will be 43456, reverse 65434. +* Number of digits to check for digits group limit in id, as specified in `mosip.kernel.uin.length.digits-limit` configuration. For example if limit is 5 and UIN is 4345643456, then 5 digits group will be 43456. +* Number of even adjacent digits limit in id, as specified in `mosip.kernel.uin.length.conjugative-even-digits-limit` configuration. For example, if limit is 3 then any 3 even adjacent digits is not allowed. +* List of restricted numbers with , seperation as specified in `mosip.kernel.uin.restricted-numbers` configuration. +* List of numbers that should not be the starting digits in the id. Its a , separated list, as specified in `mosip.kernel.uin.not-start-with` configuration. For example, the number should not contain '0' or '1' as the first digit. +* No alphanumeric characters allowed. +* No cyclic numbers as mentioned below are allowed. "142857", "0588235294117647", "052631578947368421", "0434782608695652173913", "0344827586206896551724137931", "0212765957446808510638297872340425531914893617", "0169491525423728813559322033898305084745762711864406779661", "016393442622950819672131147540983606557377049180327868852459", "010309278350515463917525773195876288659793814432989690721649484536082474226804123711340206185567". + +Note: Significant thought has been invested in the above design to ensure the generated numbers are both random and secure. We strongly recommend retaining the stated values to maintain the integrity and security of the same. ## Default Context-path and Port Refer [`bootstrap.properties`](src/main/resources/bootstrap.properties) From 8dcae75c3e42e31cc992ab8eb03af2477280e78d Mon Sep 17 00:00:00 2001 From: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> Date: Thu, 12 Dec 2024 15:48:18 +0530 Subject: [PATCH 5/6] Update README.md Updated statement on generation of types of IDs that use this algorithm - UIN and VID. Signed-off-by: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> --- kernel/kernel-idgenerator-service/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/kernel-idgenerator-service/README.md b/kernel/kernel-idgenerator-service/README.md index fe579b31480..0f670e77971 100644 --- a/kernel/kernel-idgenerator-service/README.md +++ b/kernel/kernel-idgenerator-service/README.md @@ -3,7 +3,7 @@ ## Overview MOSIP uses the cryptographically safe SecureRandom algorithm to generate UINs (Unique Identification Numbers) with high randomness. A checksum is added using the Verhoeff Algorithm to validate the UIN/VID. Generated UINs are filtered against [predefined patterns](#uin-generation-filters) as outlined below, to eliminate easily identifiable numbers and prevent repetitions or sequences. The random number seed is refreshed every 45 minutes or as configured via `mosip.idgen.uin.secure-random-reinit-frequency` in minutes. -This service is used to generate various IDs like UIN, APPID, RID (AID), VID. +This service is used to generate various IDs like UIN and VID. ## UIN Generation Filters The UIN should follow the following filters and constraints: From 5b07e4baf1f4a4c9563deb1165f7512d3c881dcb Mon Sep 17 00:00:00 2001 From: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> Date: Thu, 12 Dec 2024 17:18:47 +0530 Subject: [PATCH 6/6] Update README.md Cyclic numbers updated in code block. Signed-off-by: Resham Chugani <110161197+reshamchugani2@users.noreply.github.com> --- kernel/kernel-idgenerator-service/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/kernel-idgenerator-service/README.md b/kernel/kernel-idgenerator-service/README.md index 0f670e77971..ca9c4ff3620 100644 --- a/kernel/kernel-idgenerator-service/README.md +++ b/kernel/kernel-idgenerator-service/README.md @@ -19,7 +19,7 @@ The UIN should follow the following filters and constraints: * List of restricted numbers with , seperation as specified in `mosip.kernel.uin.restricted-numbers` configuration. * List of numbers that should not be the starting digits in the id. Its a , separated list, as specified in `mosip.kernel.uin.not-start-with` configuration. For example, the number should not contain '0' or '1' as the first digit. * No alphanumeric characters allowed. -* No cyclic numbers as mentioned below are allowed. "142857", "0588235294117647", "052631578947368421", "0434782608695652173913", "0344827586206896551724137931", "0212765957446808510638297872340425531914893617", "0169491525423728813559322033898305084745762711864406779661", "016393442622950819672131147540983606557377049180327868852459", "010309278350515463917525773195876288659793814432989690721649484536082474226804123711340206185567". +* No cyclic numbers as mentioned below are allowed. `"142857", "0588235294117647", "052631578947368421", "0434782608695652173913", "0344827586206896551724137931", "0212765957446808510638297872340425531914893617", "0169491525423728813559322033898305084745762711864406779661", "016393442622950819672131147540983606557377049180327868852459", "010309278350515463917525773195876288659793814432989690721649484536082474226804123711340206185567"`. Note: Significant thought has been invested in the above design to ensure the generated numbers are both random and secure. We strongly recommend retaining the stated values to maintain the integrity and security of the same.