OnsysConnect is a microservices-driven digital data sharing platform, designed to enable secure and seamless information exchange between organizations (data providers and consumers). This architecture is modular, scalable, and designed with enterprise-grade security in mind.
Client devices
• Camera scanners, laptops, fingerprint / biometric peripherals, signature pads, printers, and browsers (Chrome).
Mobile apps
• Android & iOS (native apps or PWA) — secure peripheral & camera/scanner integration.
Web layer (edge)
• Firewall / WAF + NGINX as reverse proxy / ingress.
• Terminates TLS, enforces rate-limits, and routes traffic to backend services.
Authentication layer:
• Keycloak handles OAuth2 / OIDC for secure login, Single Sign-On (SSO), and token management (access / refresh).
• Acts as the central hub for RBAC , multi-factor authentication (MFA), and federation with external identity providers when required.
OnsysConnect Core Services:
• Microservices and applications built with Spring Boot, Node.js, and Python.
• Responsibilities include enrollment, issuance, verification, consent, workflow/orchestration, APIs for partner access, and adapters for devices and external systems.
External connectors (agencies & enterprises):
• Departments, banks, telcos, healthcare, insurance, border protection, and law enforcement — all integrated via secure REST / JSON APIs (optionally message brokers if added).
ABIS:
• Interface to an Automated Biometric Identification System for fingerprint, face, or iris matching.
HSM / X-Road:
• HSM / KMS for key custody and digital signing.
• X-Road–style gateway enables secure, sovereign data exchange if required by the deployment.
Cloud services:
• Azure and Google connectors for translation, cognitive/ML, document/OCR, storage, or messaging — consumed securely through vetted SDKs and APIs.
Data Layer:
• PostgreSQL for transactional data — including citizen records, consents, audits, and tokens/authorization data .
• MinIO (S3-compatible) for unstructured objects such as images, biometric captures, PDFs, and reports.
• High Availability / Disaster Recovery (HA/DR) patterns implemented via PostgreSQL streaming replication and redundant storage configurations.
Monitoring & Reporting:
• Monitoring: Prometheus for metrics, Grafana for dashboards, and Loki for centralized log aggregation and visualization.
• Reports: JasperReports / JasperSoft for operational and regulatory reporting — including issuance volumes, SLA tracking, and audit extracts.
The platform follows a modular microservices architecture, where each functional component—such as authentication, data access, workflow management, and notifications—is implemented as an independent, containerized service. This modular design ensures that each module can scale independently, be updated without impacting others, and integrate seamlessly to support secure and flexible digital data sharing.
Enrollment – capture biographic,demographoc, biometric data and create a new identity record.
Online Registration – citizen/self-service pre-registration before in-person capture.
Unique Number Generation – issue a tamper-proof, never-reused national/ID number.
ID Inquiry – search/lookup existing identities and applications.
Application Search – quick retrieval of applications/cases by ID, name, or metadata.
ID Activation – activate a digital identity/wallet after checks and approvals.
ID/Card Data Correction – controlled updates to name, address, photo, etc. with audit.
Lost Card Management – report, block, and re-issue credentials with risk checks.
Appointment Management – back-office scheduling of enrollment/issuance visits.
Online Appointment – citizen portal to book/reschedule enrollment slots.
Realtime ID Verification – verify a person against the authoritative registry in real time.
Digital KYC – policy-driven identity proofing for service onboarding.
AI Liveness Verification – detect spoofs (photos, videos, masks) during face capture.
ABIS Engine Integration – 1:N biometric de-duplication and identification (AFIS/ABIS).
Biometric Data Capture – controlled capture of face/finger/iris to standards.
ICAO Photo Integration – enforce ICAO facial photo quality rules.
Key Management – manage cryptographic keys, CSRs, rotation, and HSM usage.
Identity Access Management – users/clients authenticate & authorize via IAM (OIDC/OAuth2/roles).
Card Inventory Management – track blank stock, personalization materials, and usage.
ID Card Activation – personalize and enable physical eID/smartcards at issuance.
Card Printing – queue, personalize, and print cards/badges with secure workflows.
Scheduler – timed jobs (batch print, expiries, revocation lists, syncs).
Transliteration – Automatically convert names, addresses, and other ID fields between scripts (e.g., English→Latin) for clear, consistent card printing.
Biographic Data Management – manage PII attributes, history, consent, and audit.
Master Data Management – reference data (locations, document types, reasons, codes).
User Management – create/assign roles, departments, and privileges for staff & RPs.
Organization Management – onboard agencies/relying parties; tenancy, quotas, and SLAs.
Legal Case Management – hold/flag IDs tied to court orders, warrants, disputes.
Reports – operational & compliance reporting (issuance, verification, SLA, fraud).
Device Integration – connect cameras, scanners, card printers, signature pads, etc.
Online Registration (listed above) – also serves as a channel.
Card Inventory Management (above) – integrates with printers/warehouses.
Payment – collect fees/fines (issuance, replacement, verification) with receipting.
Invoicing/Billing – monthly billing for agencies/RPs using verification APIs.
Subscription Management – plan tiers, usage limits, and contract terms for relying parties for data sharing products.
Reduce weeks of processing time to seconds
Easily connect with school ERP,CRM, LMS, and custom applications
Every integration is encrypted, role-based, and audit-logged
