Digital Identity Vault System

A ‘digitized’ physical ID providing individuals with control over a rich digital identity housed in a Digital ID Vault

There are numerous situations that require an individual to have an authoritative form of identification. These can be classified into two scenarios: (1) an everyday scenario where the individual is typically in transit and identification is needed on an ad-hoc basis, and (2) an institutional scenario where the individual has specific transactions to conduct with a specific institution. In the everyday scenario, a physical ID is required in order to prove identity in a myriad of different environments. For Privacy-By-Design (‘PBD’) purposes, this ID should only have the minimum information required for this use case – name, headshot image, place of residence, etc. In the scenario when at an institution, there is much more personal data (‘PD’) that is typically exchanged between an institution and an individual – health, educational, and financial records, etc. Currently, the institution typically maintains the individual’s PD record and effectively controls the individual’s rights to the PD. This goes against several Principles of ID.

The Digital Identity Vault System (‘DIVS’) is a hybrid identity solution that provides individuals with a ‘digitized’ physical ID that also contains a digital key providing access to a cloud-based digital ID vault. While the physical ID contains the minimum PD required primarily to establish proof-of-identity in everyday scenarios, the digital vault contains a rich history of an individual’s broader identity.

This hybrid identification approach provides maximum flexibility for ID utilization, but also does so through adhering to all 10 Principles of Identification, as well as adhering (and adding) to the Technical Standards for Digital Identification Systems. The physical ID contains the information required to establish proof-of-identity in ‘offline’ and mobile ad-hoc scenarios. It has a low-cost secure hardware element containing an access credential to the individual’s complete digital ID which is located securely in the digital vault. The digital vault is a secure cloud-based repository that stores the entire identity of an individual – demographics, educational history, medical history, voting participation, banking records, etc. Since this data is highly sensitive, access to a specific dataset (for a specified duration of time) can only be granted by the individual via a two-factor authentication process utilizing the access credential located on the physical ID together with the user’s biometric signature.

When an institution requests access from an individual to view/edit a part of the individual’s digital identity, the individual can grant the appropriate access to the institution using the authentication process. The institution can then view this portion of the individual’s digital identity for the purposes of the business between the institution and the individual. For transparency and auditability, each time an individual grants access to their digital identity, as well as each time the institution accesses this information, a record is logged on a secure ledger that records these interactions in perpetuity. 

Through this process, DIVS provides individuals (regardless of numeracy/literacy/connectivity) with access to and control of a single identity record that they can use to prove their identify, access institutional services, and the formal economy.

DIVS is a new application and new process that utilizes proven technology components. While there are additional novel technologies that could be included in the system, we believe that this mix is the best method to ensure the feasibility, scalability, and reliability of a digital ID solution.

The primary innovation is creating a new paradigm around the consolidation of identification and personal data. By enabling a physical ID to provide access to a secure digital repository of personal data, an individual’s ID and biometrics now empower them with control over their complete identity.

Purpose Specification – The solution clearly defines the purpose of information in the digital ID vault, so that an individual can easily understand and manage what is collected and stored.

Collection Limitation – Since an individual manages through consent what is collected and stored, they can ensure that data collection is fair, lawful, and necessary.

Data Minimization – The system is structured to enable the creation of an anonymized dataset of relevant information within the digital identity, in order to minimize the dissemination of personal data ('PD').

Use/Retention/Disclosure Limitation – The division of a physical ID and a separate digital ID vault specifically enables individuals with a high granularity of control in these areas.

Security – Multiple layers of physical and cyber data/transport/access/authentication security are incorporated to protect PD according to relevant standards.

Accountability – The solution is designed so that an individual consents to all identity requests, which are recorded on a transaction audit log for transparency. 

Openness/Transparency – See previous.

Consent – See previous.

Accuracy – The individual can access/edit/update/delete all data and assigned access rights at any time.

Access – see previous.

DIVS creates a conduit at each point in the identity lifecycle between the many existing systems that manage aspects of an individual’s identity today, so that the individual can be empowered with one overarching system to manage all aspects of their identity.

DIVS interfaces with any institution’s ‘digitized’ physical ID card (ex. smart card, barcode, etc.) that meets the appropriate technical standards. By leveraging the card’s digital signature (along with a biometric input) as a two-factor encryption key, DIVS augments the physical ID by enabling an individual to use it as the ‘consent key’ to unlock their broader digital identity located in the digital ID vault.

The digital ID vault is intended to upgrade the multitude of repositories that hold other aspects of an individual’s identity, which lowers costs and increases practicality. By consolidating identity records onto the PBD-compliant vault, institutions can appropriately store an individual’s identity record and (with their consent) benefit from access to a much richer set of information to inform their processes. As a cloud-based repository, the vault can either replace institutions' non-compliant databases, or when appropriate, link to their current systems through standard web services and an open API.

DIVS can leverage the current information stored on any standard-compliant physical ID. The digital ID vault then easily be provisioned with this information (along with other personal data from multiple institutions), loaded on to any cloud or local IT infrastructure, and delivered as a turnkey solution to individuals and institutions. 

Once the solution begins to be deployed, our team can also offer additional system integration services as a part of our business model to further ease adoption and provide implementation support to individuals and institutions.

DIVS is based upon, and proposes to extend, the open technical interoperability standards set forth in the Catalog of Technical Standards for Digital Identification Systems. The physical ID card and two-factor biometric authentication adhere to the related smart card/biometric/digital signature standards. 

The digital ID vault is accessible through open APIs. Currently, the technical standards do not address the existence of a cloud-based repository of personal data and so we propose an extension of the technical standards to accommodate (1) data formatting, (2) data exchange, (3) data access, and (4) data auditing. Please see link below for more details.

The physical ID has no connectivity/numeracy/literacy requirements and enables an individual to fundamentally manage their consent. With it they can control all access to their personal data and without it, no other individual or institution can access this information.

When an individual transacts with an institution, DIVS can be accessed through mobile phone, or through an institution's internet connection. DIVS is designed with both a graphical/text-based interface for use by a broad range of individuals. 

The digital ID vault is cloud-based, since this information is primarily utilized when transacting with institutions who generally have internet connectivity.

We plan to develop a pilot for Niger and then expand into the broader ECOWAS region. By working with Niger’s Smart Villages initiative to provide a physical ID and digital identity to a population with one of the lowest connectivity/literacy/numeracy rates globally, we can prove the efficacy of this solution and the sustainability of our business model. 

To scale the solution, our vision is to work with other member nations of the Smart Africa Alliance to adopt DIVS as a part of Niger’s flagship program and leverage a commonality of infrastructure and governance to ensure regional interoperability. 

Through the Smart Africa Alliance we are discussing the trial of DIVS with several nations in Africa. We initially plan to pilot DIVS through Niger’s Smart Villages program. The goal is to utilize a ‘digitized’ physical ID and consolidate the government’s immunization, education, and other records across ministries onto DIVS to (1) enable individuals with better control over their personal data, and (2) enable Niger ministries with a richer anonymized dataset to provide services and target their outreach.

If successful in Niger, we hope to create a model that can be ported to other nations and populations.

Our team is comprised of industry-leading specialists that have developed and implemented citizen-focused solutions on every continent globally. We have technical experts in security, user experience, system engineering, and e-government, as well as business professionals who are experienced in developing public-private partnerships, government relations, and community outreach. 

Our team currently has relationships with many of the national/global institutions and technology partners that are required to implement a digital identity solution on a national scale. 

This effort is a social venture. While our business model is designed for profitability, this is in order to ensure the sustainability of the DIVS solution and ongoing development. DIVS is comprised of open source components and based on open standards, however, there are three primary area where additional services are often needed where we can derive revenue:

• System Integration and Engineering (SE&I) – There is often complex work involved in integrating institutions’ legacy information and identity systems with a modern cloud-based data repository. Our primary revenue source comes from offering SE&I and implementation support to government entities looking to upgrade their current systems.
• Institutional Support – Many institutions need support in modernizing legacy systems and in ensuring that they comply with applicable privacy standards. We work with institutions to modernize and maintain their information systems.
• Technical Training – In order to ensure that individuals are aware of a new identity system and enabled with how to manage consent, government and institution staff will need to be trained on how to introduce and assist individuals with understanding this new system. We offer train-the-trainer programs to ensure that staff are able to effectively explain and assist individuals in these efforts.

In addition to seeking support to help fund a Niger pilot, we applied to the Challenge in order to develop relationships and visibility into the ID4D activities being conducted by WBG, WEF, and other global institutions. We want to leverage the work that has already been done by this community and we are hoping that guidance from these institutions and the community through the Solve ecosystem can help us develop a better solution. In turn, we are hoping to contribute to the broader success of the DID movement by offering this solution for everyone’s consideration. 

Currently this solution is at an early stage of development. We are developing a prototype and have an institution ready to pilot the solution. As a next step we need to complete a proof-of-concept, implementation guidelines, program plan, and financial model to ensure that the pilot has the greatest opportunity for success and scaling. 

To overcome this development barrier we need additional funding beyond the personal time and finances of the team. We also need guidance from thought leading institutions, in order to ensure that we adhere to best practices and take advantage of available resources and opportunities.