Travelling contactless, Digi Yatra style

As Bangalore International Airport Limited (BIAL), the operators of Kempegowda International Airport, Bengaluru (BLR), India’s third busiest airport by passenger and cargo volumes, we explored new solutions for enhancing the passenger journey that we wanted to provide in our new Terminal 2 (T2). In 2017 and 2018, we came up with a framework for an experience that focused on contactless travel.

Over the past three years, we have realised that vision in our existing Terminal 1 (T1), centred around an identity platform and contactless travel concept that uses facial biometrics for authentication and is built around a privacy by design (PBD) principle. During this time, we have rolled out the ‘Digi Yatra’ concept at over 100 touchpoints in T1 and are now working with the Government of India (GoI), Ministry of Civil Aviation (MoCA), and the Niti Aayog and India’s fabled start-up eco-system to deliver a pan-Indian initiative that will revolutionise the way Indians travel, especially in a post-pandemic world.

What challenges were we trying to address?

Passengers:

• Multiple exchange of ID and travel documents
• Multiple interactions with security and airline staff at multiple check points from airport entry to the boarding gates
• Manual processes of validation of identity and travel documents
• Long queue waiting times.

Airlines:

• Airlines use partly digital/partly manual processes, which do not provide a seamless experience to passengers
• They do not have visibility/awareness of their passengers’ status at the airport, leading to On‑Time-Performance issues.

Security staff:

• Manual validation of identity and travel documents
• Prone to human error etc. – there is no digital validation
• Slow processing speeds and managing long queues of passengers.

Airports:

• Congestion and people management issues
• Need to find a more cost-effective way to manage passenger traffic growth other than just building bigger terminals and deploying more infrastructure and resources.

COVID-19 impact:

• Permanent change in passenger behaviour
• Passengers are more self-service oriented now
• Passengers prefer digital processes that are: touch-free, contact-free and health-risk-free.

Digi Yatra: Seamless, contactless, hassle‑free, and health-risk-free process

Post-pandemic, the new normal for passengers meant that airport processes became completely touch-free! The Digi Yatra journey that we had embarked on quite some time before the COVID-19 pandemic was now even more important in offering a safe process for passengers across all airports in India.

The Technical Working Committee of Digi Yatra, an initiative led by the Ministry of Civil Aviation, Government of India, began to work on the ‘new normal’ requirements.

The Digi Yatra Central Ecosystem (DYCE), which incidentally is in the final stages of testing, was re‑architected to be an eco-system that ensures that there would not be any central storage of passengers’ personally identifiable information (PII) data.

• The PII data will be encrypted and stored in the passenger’s own smartphone in a secure wallet in the DYCE app
• Passengers would be able to store their digitally Verifiable Credentials (VCs) like identity, health, travel, and any other travel related data like visa etc. in their own secure wallet in their smartphone/ DYCE app.

Passengers would have to share these credentials whenever they travel. Through the DYCE enrolment app, with their consent, passengers would share the VCs (identity, health, travel etc.) to the relevant verifiers like airports, regulatory agencies like BCAS/ CISF/ Immigration etc.

The DYCE is architected using self-sovereign identity, decentralised identifiers (DID), a distributed ledger and uses verifiable credentials as per the W3C standards (Worldwide Web Consortium).

The SSI is a fundamentally privacy by design/ default process which complies with the data privacy norms of GDPR as well.

Enrolment process

The first step is to install the DYCE enrolment app.

The one-time enrolment process starts with entering the AADHAAR or driving license number, and currently the integration has been done through Digi Locker and Offline AADHAAR.

In the future, any other Government of India identity database that has a digital validation may also be added to the list of accepted IDs.

The passenger is issued with a ‘secure wallet’ in the DYCE app to store all the verifiable credentials required for the travel. Once this is done, the passenger’s identity is digitally validated and a live face biometric is captured, a biometric match is done with the reference face from the GOI identity, and the selfie face is captured during the enrolment process. Upon a successful match, the identity credential is created, encrypted, and stored in the secure wallet in the passenger’s own smartphone/DYCE app.

Similarly, health data is obtained from the CoWIN portal, and the health credentials are created, encrypted, and stored in the secure wallet.

Whenever travel is planned, the passenger uploads or scans the boarding pass/travel ETKT and the travel credentials are created, encrypted, and stored in the secure wallet.

The ‘verifiable credentials’ (VCs) are shared to verifiers like airports, BCAS/ CISF/ immigration etc. from 24 hours before the scheduled time of departure (STD) to two hours before STD to the relevant verifiers.

• Once the passenger arrives at the airport, they scan the boarding pass/ ETKT at the e-gates and a capture of the passenger’s face biometric is done. This ‘face of the day’ is validated/ verified against the single token face biometric from the identity credential
• The Travel VCs are validated with airline DCS to validate travel document and upon successful completion of the checks, the e-gates open to allow the passenger to enter the airport
• The passenger can then be validated using the same single token face biometric data at all the remaining checkpoints at the airport check‑in kiosk, self-service/assisted baggage drop, pre-embarkation security check entry (PESC), boarding gates etc.

Upon completion of all airport processes, the passenger’s VCs are purged from the system, post 24 hours of the departure of the flight.

Process flow before and after DY

Previously, all processes were manual, fraught with the possibilities of human error. Passengers had to show physical identity card, boarding pass/ticket at multiple checkpoints at the airport from entry to the boarding gates.

In the Digi Yatra process, a passenger is validated using the single token face biometric at all the checkpoints at the airport from airport entry to check-in kiosk to self-service/assisted bag drop to pre-embarkation security check entry (PESC) to the boarding gates.

There is no need to share any ID or travel document at any of the touchpoints at the airport, therefore reducing friction and enhancing the processing time at the airport.

Privacy and other issues

The DYCE process is built of the fundamental tenets of Privacy by Design/Default.

All the verifiable credential (VC) data, ID+travel+health, of the passenger is encrypted and stored in a secure wallet in the passenger’s smartphone/ DYCE app.

The VCs can be accessed only by the authorised verifiers like airports, airlines, BCAS/CISF/immigration and data is secured using Public+ Private Key pairs over a distributed ledger using a blockchain.

There is no PII data stored on the distributed ledger. The PII data is also not stored in any central location, hence the risk of data loss, data theft or data breach is dramatically reduced. All the PII data is shared directly by the passenger to the verifier agencies for a limited time duration as needed for the purpose of validation of ID, travel and health document.

The distributed ledger/blockchain works as the layer of trust, preventing any leakage or loss of PII data.

Key outcomes of Digi Yatra The key outcomes are:

• The ability to get passengers to arrive at the airport with a status of ‘ready to fly’ with (ID+travel+health) credentials being shared in advance directly by the passenger to the airports
• A completely health-risk-free process to passengers, airline, airport, and security staff due to the use of single token face biometrics, keeping all the aviation stakeholders safe and secure.

Full system roll-out of the DY platform is expected to be live in the third quarter of 2022, beginning with four or five airports across India and then being progressively rolled out across all Indian airports. We expect contactless travel to be the norm at all Indian airports in the next five years.

Current status and way forward

We have started the full-scale rollout of the Digi Yatra biometric boarding system at the airport.

In all, there are more than 300 touch points across the airport right from the airport entry e-gates to check-in kiosks, selfservice/ assisted baggage drop (SSBD/ABD), security check entry and finally the airport boarding e-gates. In all, there are 11 registration kiosks, and 50 plus e-gate lanes that are already installed, with 70 more e-gates to be installed in the next few months. Following this, we will begin the installation of the face biometric solution at SSBD/ABD and check-in kiosks.

Airline DCS integration is completed for Vistara Airlines, Air Asia and SpiceJet and final testing in progress with our major domestic carrier Indigo airlines. We have also initiated the Digi Yatra process rollout discussions with a few international airlines, to conduct some early trials, so watch this space.