Governments around the world are committed to supporting the roll out of national digital IDs, but there are privacy and security implications associated with scaling these systems at a national level. Responsible implementation of ID services is a critical enabler for financial inclusion; it enables access to services and enactment of civil rights. According to the World Bank, more than one billion people are currently living without an official digital identity.
The Alan Turing Institute is joining a vibrant community of NGOs, charities, private sector providers, universities and think tanks addressing global identity challenges in the digital age. Questions of trust are based around the complex interplay of socio-technical considerations, requiring multi-disciplinary expertise. The ‘trustworthiness’ of digital IDs is characterised by multiple inter-related dimensions that include security, privacy, ethics, resilience, robustness and reliability. These dimensions are required to provide the knowledge, tools and guidance needed to implement privacy-preserving, secure identification systems. These set of Standard Operating Procedures aim towards developing a Trustworthy ID Systems.
SOPs are detailed, step-by-step instructions that describe how to perform a function. They break down a function into discrete processes, each consisting of a series of sequential procedures. By adhering to SOPs, system administrators foster a standardized approach to operations, achieving consistent results for each function and ensuring conformity and reliability.
The aim of this work is to design SOPs that support a state-of-the-art Digital Identity (DID) systems. There are three critical phases in a DID system, each containing a series of functions that must be executed. These phases include:
- Onboarding – The registration, validation and verification of an applicant’s claimed identity.
- Authentication – The mechanisms for approving the identity of an applicant or a claimant.
- DID Lifecycle Management – The recording, maintenance and management of the DID account holder.
These SOPs are subject to further improvements and provides an approach to developing Trustworthy Digital Identity System. For suggestions and collaboration, please contact cm@warwick.ac.uk and asheik@turing.ac.uk.
This work is part of Trustworthy Digital Infrastructure for Identity Systems, funded by Bill and Melinda Gates Foundation. This work is executed in collaboration with MOSIP.
Prof. Carsten Maple is the Principal Investigator of the NCSC-EPSRC Academic Centre of Excellence in Cyber Security Research at the University and Professor of Cyber Systems Engineering in WMG. He is also a co-investigator of the PETRAS National Centre of Excellence for IoT Systems Cybersecurity where he leads on Transport & Mobility, and is a Fellow of the Alan Turing Institute, where he is a principal investigator on a $5 million project developing trustworthy national digital identity to enable financial inclusion. Carsten has published over 350 peer-reviewed papers and his research has attracted millions of pounds in funding from research councils, government, charities and industry from around the world.
Al Tariq Sheik is a Cyber Security Doctoral Researcher at Warwick Manufacturing Group (WMG), University of Warwick in the United Kingdom. He holds an MSc in Cyber Security and Management and is currently focused on his research on Adaptive Security for Connected Autonomous Vehicles within the Intelligent Vehicles group at WMG. This research is supported by joint funding from Jaguar Land-Rover and EPSRC. He is also a Research Associate at the Alan Turing Institute, where he is engaged in research on the Modular Open Source Identity Platform, which is funded by the Bill & Melinda Gates Foundation. His research interests include Trustworthiness of Cyber-Physical Systems, Threat Modelling, and Risk Assessment.
Dr. Mark Hooper joined the Turing as a Technical Development Manager in June 2020 after many different roles in both business and academia. Mark has a PhD in Computer Science and has taught a variety of subjects including software development, robotics and product design. His industry experience has mainly focussed on managing small teams of software developers providing business automation solutions.
Dr. Gregory Epiphaniou is an Associate Professor of security engineering at the University of Warwick. He conducts research in wireless communications, focusing on crypto-key generation and has led and contributed to several research projects. He has over 120 international publications, and several industry certifications, and has worked with the UK MoD on cybersecurity-related projects with research and consultancy funding attracted over £20M. He is also a subject matter expert for the Chartered Institute for Securities and Investments.
The authors would also like to thank Jagdish Hariharan for assisting towards the development of this work.