¶ Why Encrypt?
In these days of cyberthreats, hacking, theft and all the other fancy names, it is imperative to ensure that all data transmitted, collated or stored is encrypted.
A general term used is Transparent Data Encryption (or TDE), to provide resources to protect the information of Nigerians and other citizens whose data is being held anywhere in the world (but especially in Nigeria).
Image copyright Hashicorp Inc.
¶ Standards Adopted
Where possible Elliptic Curve Cryptography (ECC) is employed and guidelines using FIPS 140-2 Level 3, Common Criteria AL 5.0 and other important tools, to reduce overhead, increase performance and generally provide tokens that may eventually be accepted by the International Community.
The NIMC will work very closely with the National Information Technology Development Agency (NITDA) to harmonise and set the standards for the Industry and the country as a whole.
The NIMC also chairs an Advisory body known as the Open Standards Identity API (OSIA), which sets Open Standards to ensure that no proprietary technology is used within Identity Management Infrastructures.
OSIA interfaces are adopted where appropriate.
The Virtual NIN does not use Format Preserving Encryption (FPE) so as to avoid the possibility of ‘collisions’ with real NINs.
Instead, a unique format was developed to distinguish between real and encrypted NINs, whilst preserving the pseudonymity of the Identity Token. This employs the use of random digits suffixed with ISO/IEC 7046 MOD 1271-36 (see reference below).
¶ Is anything truly safe?
Whilst there is absolutely no 100% assurance that one won’t fall victim to hacking and data theft, it behoves the Custodian to ensure that the very best possible efforts and measures have been put in place to protect the Information being persisted anywhere in the country, not only at the NIMC.