¶ One Time Migration
¶ Overview
As the mandatory NIN-SIM linkage draws to a close, it has become necessary to ensure that there is a smooth transition to the Tokenization infrastructure. The operators have collected vast amounts of personal data, which includes the extremely sensitive NIN.
The process described below is designed to assist the Operators migrate from NINs to vNINs and enable them update their databases with the new datasets which follows Industry Best Practices.
This migration process is a ONE TIME exercise and will not be repeated.
A dry run may be possible a week before the date provided below.
¶ Steps
¶ Operator
- Obtain symmetric encryption password from NIMC (as a part of your Production package). It is labelled aes_secret.
- Compile list of all NINs & MSISDNs in a single Comma Separated Value (CSV) file
- Zip the file to take advantage of compression.
- Encrypt the zip file with encryption password (called aes_secret)
- Send to NIMC via secure encrypted process
- Receive back processed CSV file (also zipped and encrypted with the same aes_secret)
- Acknowledge receipt and ability to decrypt payload
- Replace old data with newly processed data sent from NIMC
- Expunge all RAW NINs from database
- Sign declaration of conformity and send back to NIMC
The list returned to the Operator will also include all MSISDNs submitted via the MobileID application. In your database, you may wish to use the UserID as the fixed token to identify an individual.
Encryption of all personal information is very strongly advised and encouraged. The Federal Government of Nigeria no longer takes kindly to sensitive data being stored in unsecure/unencrypted data repositories.
¶ NIMC
- Issue symmetric encryption key to Operator
- Provide guidelines for secure transmission of encrypted file
- Receive encrypted CSV from Operator (containing NIN & MSISDN ONLY)
- Decrypt and process CSV data
- Return new sanitized CSV file containing:
a) vNIN (expired)
b) UserID
c) Firstname, Middlename, Surname, Gender, Nationality and Dob (contained as a JSON String)
d) Timestamp (ts)
e) Transaction ID (tx)
f) Hash of the data - Update MobileID function to display all linked MSISDNs
All data received by the NIMC are processed securely and stored in encrypted databases as described here.
¶ Example
payload = {
"msisdn": "23480012345678",
"vnin": "BM958525448565XC",
"userid": "BLWKTV-9090",
"fn": "PROUD",
"mn": "NIIGERIAN",
"sn": "CITIZEN",
"g": "F",
"n": "NGA",
"dob": "01 OCT 1960",
"ts": "2022-01-21 12:27:22",
"tx": "c41ba72a-9734-4f25-b804-1f3d5e5a3f2c",
"hash": "9a07718f02c5cbceed7dd535499e0e98a7a9e603"
}
Please note that the format of the vNIN DOES NOT CHANGE. It remains 16 Characters. In order to reduce the size data in transit and at rest, the redundant hyphens (-) are removed.
¶ The data for sanitization
¶ Format
The data must be saved as a CSV file.
¶ Fields
| Column | Length | Comment | Example |
|---|---|---|---|
| NIN | 11 Digits | Fixed length. Any rows containing NINs not exactly 11 digits will be rejected and reported back in an exceptions file | 12345678910 |
| MSISDN | 11-14 Digits. | Must be prefixed with 234. Any record not containing 234 as a prefix, will be rejected and reported in an exceptions file. | 2341238888888 |
¶ Well-formed data
Please ensure that each record contains:
- EXACTLY 2 columns for each record
- EXACTLY 11 digits for the NIN column
- 11 - 14 DIGITS for the MSISDN, prefixed with ‘234’. Any record starting with ‘0’ or ‘+’, or containing any ASCII character aside from the numbers 1-9 will not be processed.
- Each column may optionally be quoted with double.
¶ Transport Mechanism
The data will be contained in a CSV file as described above, and should be saved with the shortcode of the Operator. (E.G. 264092.csv.zip where the Operator’s shortcode is 264092).
¶ Encryption
As a part of the secure data transmission process, the CSV file described above should be zipped and encrypted with the aes_secret key made available to each operator as a part of their payload package.
Please log into https://vault.nimc.gov.ng with the Enterprise credential provided to you. Look for the cubbyhole folder. In there you will find your aes_secret.
The same encryption key will be used to encrypt the returned sanitized data bundle, after the completion of the migration process.
In the interest of conformity with Industry Best Practices, please DO NOT share the encryption key made available to you.
¶ URL to Access the NIMC Secure FTP Drop Folder
¶ Prerequisites:
- In order to securely drop the encrypted CSV file, you will require PUTTY for MS Windows or ssh for Unix (Linux, Solaris or Mac OS).
- You need the credentials sent to each MNO in July 2021 by NIMC to pick up encrypted lists of numbers linked on the NIMC MobileID App.
- Prepare the CSV file containing NIN,MSISDN as comma separated records, enclosed with double quotes.
Example: “12345678910”,“2348888888888”. Each record must be on a separate line. - Save the file with the name of your shortcode issued as a part of your Enterprise Tokenization package. For example, if your shortcode is 262789, then the file should be saved as 262789.csv
- Compress the file to make it more compact in size. For consistency amongst formats, please use zip only.
SAVE ONLY ONE FILE. - Encrypt the file using the built-in encryption tools of the compressor you are using. Please only use the aes_secret we have provided. DO NOT share that secretw with any party.
¶ How to drop the files:
- Please visit 41.76.154.22 and select sftp. Kindly note that NIMC DOES NOT use FTP on port 22 or mapped to another port. Instead it uses Secure FTP, which is a component of SSH.
- Use port 7221 instead of the default port 22
- Enter the credentials for username/password as described above.
¶ Retrieving the sanitized file
As the returned dataset will contain more data than is sent, the files may be broken in sections of 10-25m each. They will be prefixed with the section name. For example:
262789-sanitized.1.zip, 262789-sanitized.2.zip and so on.
These files will be located in the same folder that you dropped the original CSV, and we will use the same encryption and compression mechanims chosen for the original.
¶ Timeline for exercise
The estimated time from start to completion is 5-7 business days
The exercise will be available to MNOs from Saturday January 22nd 2022 and conclude by January 31st 2022
There might also be a “delta” exercise to capture and sanitize the few records that you may have missed during the bulk exercise.
¶ Support
A dedicated email and WhatsApp support system will be made available to assist with any technical issues.