Acknowledgements:
Many references contained herein remain the exclusive rights of the original owners of the works.
Inclusion here is for completeness and reference purposes.
To reduce the chances of data entry errors (or counterfeiting), just as Credit Cards employ the use of the Luhn Algorithm for the checksum, the Virtual NIN being rolled out uses the ISO/IEC 7064:2003 MOD 1271-36 MOD661-26 to generate a 2-digit checksum.
Where possible, NIST Elliptic Curve Cryptography is used. They are smaller in size and relatively harder to crack or decode.
In order to deliver payload content, the Digital Identity Tokens have different barcode symbologies used for rapid delivery and scanning.
Deployment:
Deployment:
The following concepts were considered and parts adopted in the development and issuance of the Barcode contained on the Improved NIN Slip:
Source: Visible Digital Seal for Non-Electronic Documents, V 1.7, March 2018
<https://www.icao.int/Security/FAL/TRIP/Documents/TR - Visible Digital Seals for Non-Electronic Documents V1.7.pdf. Accessed 12.09.2021 23:09 WAT>
Author: ISO/JTC1/SC17/WG3/TF5 for ICAO-NTWG
Elliptic Curve Cryptography (ECC) is employed where practicable.
The NIMC and NITDA are collaborating closely to ensure the National Public Key Infrastructure is properly utilised in the issuance and administration of Digital Credentials.
To ensure reliablity of the timestamp presented in verification transactions, the MWS Infrastructure uses the Network Time Protocol (NTP) to synchronise clocks on all systems.
The NIMC MWS Infrastructure uses Distributed Ledger Technology (DLT) to store verification transactions as a failover database. It uses the immutability features to ensure that the information written cannot be altered.
Despite being a permissioned (private) Blockchain, no personally identifiable information (PII) is written to the DLT. Only information relating to the transaction itself (the transactionID, timestamp, UserID of the verifier and the type of verification made) is recorded.
The MWS Infrastructure does not rely on DApps or Smart Contracts in any shape or form.
Though often used interchangeably, Open Source and Open Standards are not the same thing.
Open Source refers to software and other technologies that fall under a General License permitting modification, reuse and restricting ownership of any part of the original code.
Open Standards conversely, refers to one or more Best Practices or Standards that may be adopted for use without any proprietary content contained therein.
In general, Open Source may be treated as a ‘Vendor’ just as one would any other such as Microsoft, Apple or Oracle.
In order to reduce the chances of proprietary interfaces creeping into the National Identity Management Infrastructure (NIMS), the NIMC is adopting Open Standards interfaces where possible, and over time.
All interfaces are migrating to RESTful APIs.
The Federal Government of Nigeria is rapidly working on a National General Data Protection Regulation (nGDPR), which is loosely modelled around the European GDPR.
Data Privacy is at the forefront of the new Government Initiatives.
TBD
ISO/IEC Aztec Barcode Symbology: https://www.iso.org/standard/41548.html
ISO/IEC 18004:2015 QR Code Symbology: https://www.iso.org/standard/62021.html
ISO/IEC 7064/2003 Security techniques — Check character systems:
https://www.iso.org/standard/31531.html
NIST Elliptic Curve Cryptography: https://csrc.nist.gov/Projects/Elliptic-Curve-Cryptography/
GDPR: https://www.gdpreu.org/
Secure Identity Alliance: https://secureidentityalliance.org/osia/
All references, names and/or brand marks are duly acknowledged.