Frequently Asked Questions

Do you need more details, you can always reach me

What does FeaturePay means?

FeaturePay is short hand for Payments on Feature Phones.

What is a Proxy?

Proxy is a virtual entity which has a Private key and X509 Certificate associated with it. Proxy would digitally sign these messages, which can be easily verified using corresponding publicly available Certificate.

What is a Proxy Id?

Proxy Id is Unique disposable Identifier to Identify a given Proxy. Its combination of

  • Unique Id
  • SHA-256 of corresponding Certificate

What are different kind of proxies and their lifetimes?

There are two kind of Proxies, they have different lifetimes.

  • Master Proxy
    Is only used to create disposable proxies. When somethings goes wrong, you can use Master Proxy to deactivate all the its children proxies.
  • Regular/Disposable Proxy
    Is used in transactions. Its a good practice not to re-use these proxies to prevent tracking.

Which Authentication protocol do you Use?

There is no need of any Authentication protocol as all the messages are digitally signed.

How is Anonymity guaranteed?

As a Proxy doesn't contain any personal information, its impossible to get the owner details. Same time, one can't blindly trust a Proxy Id for what it claims to be. So all these Proxy's authorization over a given underlying entity is always signed by a trusted party.

  • Banking
    In case of Banking, bank would sign authorization over Bank Account for a given Proxy. As long as you trust the Bank, you can trust the Proxy.
  • Identity
    Is case of Identity, Identity Provider (e.g. Govt Body) would sign authorization over a Individual for a given Proxy. Same as in Banking as long as you trust Govt Body, you can trust the Proxy

Is there a Audit that can be verified?

Since all the messages are digitally signed, its very easy to verify. To make the eco system more secure, always the request messages are included in responses.

How sensitive information like email address/phone numbers etc. is Protected?

When a given message is addressed to single party, sensitive information can be encrypted using their public key. Only the private key holder can decrypt it

When a message is open addressed, its not always required to include the sensitive data in original format, instead a Hash of the message is sufficient. If someone has to prove that they know the sensitive data, they can include sensitive data encrypted using the destination Proxies public key.

What are the messages exchanged, how are they special?

Messages in Proxy eco system aren't simple Plain Data Objects. They contain little business logic based on message type which makes it different from regular plain messages. Every Message dictates

  • Who can Sign the Message
  • Is the Message Valid with the information present in Message.
E.g. Only a Bank can sign Account Balance Response message.

Which Cryptographic algorithms are used?

  • Hashing
    SHA 256 is used for Hashing.
  • Digital Signatures
    SHA256 with RSA Encryption is used for Signing messages.
  • Encryption
    RSA/NONE/OAEPwithSHA-256andMGF1Padding is used for Encryption. There are plans to use Symmetric key Encryption for longer messages because of efficiency reasons.

Where can I find the Source Code?

All the customer facing modules are Open Sourced.