FirstID

Empowering people through Intelligent Digital ID

FirstID is a smartphone application for easy, practical, and secure access to offline and online services with an entire physical and digital identity ecosystem. It is built for countries with a need for a highly secure and efficient governmental ID as well as for business (e.g. banking, insurances) demanding easy to use identification (during registration), authentication (during system log-in) and authorization of transactions.

It incorporates digital technology into identification documents where the application is built on top of a secured infrastructure presenting the individuals credentials. The smartphone based application can be found in government-issued documents such as electronic identification documents or digital passports, as well as other documents related to public and private services, such as travel tickets, and corporate or gym access cards.

FirstID also provides a digital representation of ID documents (e.g. driver’s license) in-person-to-person scenarios (e.g. police roadside check). FirstID follows a centralized approach, i.e. identities and credentials are retrieved from a central node. This decision was made to foster user acceptance.

Decentralized approaches lack user self-service or recovery in case the user lost his mobile phone or credentials.

FirstID web based platform acts to serve a request from clients seeking resources from other servers for the FirstID to access already available data sources with personal data. FirstID’s backend consists of a collection of web services and applications retrieving and providing information to the app and service providers (i.e. relying parties).

FirstID include a technology that guarantees a secure communication between the agents participating in identity management. Keeping transactions and communications secure and confidential – without allowing third party agents to modify them - has always been a critical issue in personal relationships.

The smartphone – a connected, versatile, multi-use device, always literally within the user’s grasp – can be a secure and convenient device to store identity credentials, enabling operations, transactions and communications in both the physical and the virtual realms.

FirstID is fully functional and can be introduced in any country. Requiring a standard Smartphone with no special hardware (e.g. NFC) also makes the system broadly adoptable. A dedicated process guarantees the trustworthiness of the identity rather than relying on security (e.g. SE, TEE) established by hardware which is the anchor of traditional mobile ID solutions.

FirstID is developed using a user-centric, privacy-and-security-by-design approach to ensure usability and acceptance while upholding a very high degree of security. Hence, we are confident that FirstID can serve as an ideal mobile ID identification and verification solution for various countries.

FirstID relies on security and privacy by process rather than by hardware while preserving high security, thus enabling high adoption rates by technically-challenged people, creating a widely accepted and frequently used ID system. Nevertheless, hardware security is used whenever possible but is not necessarily required in order to ensure privacy and data protection (e.g. access to keychain, FIDO).

First, a verifier wants to prove personally identifiable information of a person (claimant). The verifier might be either a physical person also using FirstID app or a service provider (e.g. online banking web application).

Second, the claimant starts FirstID App and requests a time-limited one-time token from FirstID backend. This token represents the claimant’s identity valid for a small time frame (e.g. 30 seconds) and can only be used once. FirstID displays the token as a QR or barcode and as a short string (e.g. length of six characters).

Then, the token is conveyed to the verifier. In the case of FirstID App, the token could be either scanned via the camera using the verifier’s FirstID App, automatically transmitted by available transmission technologies (e.g. NFC), or manually entered by typing the string representation inside the verifier’s FirstID App. If the verifier is a service provider, the claimant has to enter the string representation in either case, for instance in a dedicated web form.

Technically, the entire system is based on REST micro services targeting large-scale, failsafe and secure deployments. All network traffic is secured by Transport Layer Security (TLS). Additionally, certain privileged endpoints (e.g. exchanging offline tokens for personal data) are only reachable by providing a suitable client certificate.

A relying party can be any application (e.g. service provider) that is able to securely store a secret and implements the authorization code grant type of OpenID Connect and OAuth respectively. After registration and receiving a client API key, third-party applications may integrate the FirstID SDK to utilize the public JSON based REST API, or provide their own implementation to call the API. FirstID also acts as an "eIDAS-Proxy-Service“ by exposing endpoints implementing the eIDAS SAML profile to allow communication between eIDAS-Connectors and FirstID. FirstID backend acts as a trust anchor for verifier and claimant.

Before FirstID can be rolled out to serve as a comprehensive ID solution, a set of well-defined ID platform interfaces need to be implemented. In the case of a country operating on central user repositories (e.g. identity register), the implementation will query these repositories and transform the data to the required format. End-to-end encryption between ID. platform and the claimant optionally guarantees privacy of personal data, hence inhibiting misuse of sensitive data. No personal data is stored in the FirstID backend.

A relying party can be any application (e.g. service provider) that is able to securely store a secret and implements the authorization code grant type of OpenID Connect and OAuth respectively. After registration and receiving a client API key, third-party applications may integrate the FirstID SDK to utilize the public JSON based REST API, or provide their own implementation to call the API. FirstID also acts as an "eIDAS-Proxy-Service“ by exposing endpoints implementing the eIDAS SAML profile to allow communication between eIDAS-Connectors and FirstID. FirstID’s backend acts as a trust anchor for verifier and claimant.

No specific hardware requirements like NFC or a smartcard reader are required. The solution relies on security by process and offers multiple communication channels to transmit the one-time token (e.g. QR codes, Bluetooth, NFC, manually typing via the Smartphone's virtual keyboard).

No PIN code or password is required in all scenarios by leveraging biometrics through FIDO.

FirstID platform over the next one year is to switch focus from development to sales and marketing. It is now launching a pilot that allows potential customers to trial the FirstID app by offering a limited number of free searches. Through our partner National Transport and Safety Authority (NTSA) and the banking sector, is helping us expand our network by introducing FirstID to potential clients and systems integrators who are likely to see the potential of the product.

I am Founder & COO at Hydrologistics Africa Ltd. I lead the development of the technology responsible for operations strategy. 

We have a diverse and passionate team with experience to deliver our solution to the target customers.

Victor Shikoli: Operations Lead, Electronics Engineering, Mt. Kenya University
Robert Mwongera, Lead Product Architect, Electronics and Computer Engineering, JKUAT
Peter Njeru: Lead Platform Engineer, BSC, Telecommunications and Information Engineering, JKUAT
We started working together four years ago having gotten to know each other after several interactions during our time at the university on matters innovation. The passion for technology has always been our drive to pull things off

In the case of banks, the business model is clear: trust and security are key aspects for their services, and online banking helps differentiate them from the competition.

For eGovernment services, returns are proportional to user satisfaction, the level of information, the relationship established via communication and more crucially reduced resources for real-world customer services.

An opportunity to raise funds for our company. We need financing in order to manufacture to scale and facilitate commercialization of the technology. As we scale the technology we shall need a Business development expert to enable us further validate and optimize our Business model.

The existence of various administrations and services provided, which are often independent of each other and have no shared common strategy, also complicates the viability of adopting a single mobile identity model. If each organization has its own service which is aimed at simply satisfying their own particularly needs, fragmentation and a lack of efficiency will occur, not to mention the potential negative effects on user uptake.