zkPass Integration
To achieve full integration with the zkPass framework, all key stakeholders must adhere to the SDK integration guidelines. In the context of the car loan screening process, there are three primary parties involved, as detailed below.
BCA Bank (Data Issuer) BCA Bank assumes the role of the Data Issuer, as specified by the zkPass framework. In this capacity, the bank defines the attributes encapsulated within the "BCA Customer Profile," as previously described. Thanks to the format-agnostic nature of zkPass concerning user data, the articulated "BCA Customer Profile" is fully interoperable with the zkPass Service. This provides substantial flexibility for the Data Issuer, enabling it to work seamlessly with any data schema or format for its user data.
BCA Finance (Proof Verifier) Taking the Proof Verifier role within the context of the zkPass framework, BCA Finance defines the criteria for the "Loan Screening" Data Verification Request (DVR). This DVR encapsulates the eligibility requirements established by BCA Finance for assessing car loan applications. Before generating the DVR, BCA Finance has already ascertained the applicant's identity through alternative mechanisms, such as manual verification or AI-based OCR scanning. Having acquired and validated the applicant's full name and driver's license number, this data serves as a cross-referential check against the customer profile to ensure its attribution to the correct individual.
My BCA (Data Holder) Developed by BCA Bank, the "My BCA" mobile application serves as the main tool for account holders to access a multitude of banking features. This application represents the โUserโ, also called the โData Holder,โ role in the zkPass ecosystem. In the zkPass workflow, the Data Holder is usually the user who is interested to answer or resolve the query posed by the Proof Verifier. My BCA is designed to securely retrieve customer profile data from BCA Bank's backend databases, implementing stringent authentication protocols to ensure that only authorized account holders gain access to sensitive information. The application collects the โLoan Screeningโ DVR from BCA Finance, and the userโs โBCA Customer Profileโ from BCA Bank, and relays the information to zkPass Service to create the ZK proof for the loan eligibility.
All of the three stakeholders above, BCA Bank, My BCA app, and BCA Finance, are essentially the client components of the zkPass framework. Each client uses the zkpass-client library to interact with the ecosystem, as illustrated by the diagram.
As depicted above, BCA Bank circumvents direct access from external organizations to the user's exhaustive customer profile, which comprises various personal and sensitive attributes irrelevant to the car loan assessment. Instead, BCA Finance must outline the criteria in the "Loan Screening" Data Verification Request (DVR), which the "My BCA" app subsequently fetches. Upon collecting the user data and the DVR, the app employs the zkPass Service to generate proof. This proof, stripped of any personally identifiable information (PII), constitutes the sole data payload transmitted to BCA Finance, thereby preserving the privacy of BCA's customers.
Moreover, an implicit trust relationship exists between BCA Finance and BCA Bank, as demonstrated. BCA Finance relies on the assumption that the data encapsulated within the user's BCA Customer Profile is both accurate and verifiable.
Last updated