The National Identity Management Commission (NIMC) has disclosed that National Identity Number verification and approval as from 2022 would require tokens. The aim of tokenisation is to protect holders’ identities during verification processes.
The Director-General of NIMC, Engr Aliyu Aziz stated this at a one-day Stakeholders’ Workshop on National Identification Number (NIN) Tokenization Solution.
He said: “The Federal Government has adopted the solution to ensure the privacy of personally identifiable information of individuals during verification transactions and to reduce incidences of illegal retrieval, usage, transfer, and storage of NIN. Full implementation commences 1st January 2022.”
He explained that “the NIN Tokenization solution is a feature of the NIN Verification Service (NVS) which is aimed at providing enhanced data protection for the personal information of persons registered into the National Identity Database (NIDB) and issued a NIN.
“The resources for the protection of this sensitive data includes the Improved NIN Slip, USerID, MobileID, NIN hashing and the issuance of a unique virtual NIN by the ID holder to anyone who wishes to verify their identity. The purpose of the NIN Tokenization is to provide a coded representation (“pseudonymization”) of the actual NIN for which another party verifying the identity of the registered person cannot retain and use in a way that puts the individual’s data privacy at risk.
“Depending on the use cases, this may be via the hash contained in the Improved NIN Slip, the 2 varying hashes contained in the MobileID application, the UserID (which is available instantly to anyone issued a NIN, irrespective of whether they have a device or not), and of course, the one-time use Virtual NIN token.”
According to NIMC, these tokens are state-of-the-art technology, processes and procedures and follow international best practices in their administration and issuance.
The digital token is designed to replace the 11-digit NIN for everyday usage. Where until now, the NIN had been shared and stored by various entities mostly without the knowledge (or consent) of the ID holder or the custodian of identity in Nigeria, the NIMC.
To get the Token, the person must have a National Identity Number issued by NIMC, a mobile number registered in Nigeria and linked to your NIN, smartphone or feature phone with the SIM (or eSIM) with the mobile number.
NIMC said the objective of Tokenization is to provide a means for persons issued a NIN and who is entitled to the National e-ID card to have a visual, high-security representation of the National e-ID on IOS and Android smartphones.
It will also provide a secure means of presenting NIN in a format that can protect the NIN from seeding, cloning and duplication.
Tokenization will present a foundation for the harmonisation of tokens. As the ecosystem evolves, other tokens such as BVN, Voters ID, and even Driver’s licence is possible, subject to the approval of and collaboration with the relevant functional agency (such as NIBSS, INEC, FRSC).
Engr Aziz further added that the Tokenized version of the person’s NIN (which may be referred to as “virtual NIN” or “vNIN”) is then used by registered persons (Users) for verifying their identity with a verifying MDA, agents or enterprise who needs to confirm User’s identity before offering service to such User.
