Standard Operating Procedures for Digital Identity Systems

Carsten Maple, Al Tariq Sheik, Mark Hooper, Gregory Epiphaniou

cm@warwick.ac.uk, t.sheik@warwick.ac.uk, mhooper@turing.ac.uk, gregory.epiphaniou@warwick.ac.uk

Introduction

Governments around the world are committed to supporting the roll out of national digital IDs, but there are privacy and security implications associated with scaling these systems at a national level. Responsible implementation of ID services is a critical enabler for financial inclusion; it enables access to services and enactment of civil rights. According to the World Bank, more than one billion people are currently living without an official digital identity.

The Alan Turing Institute is joining a vibrant community of NGOs, charities, private sector providers, universities and think tanks addressing global identity challenges in the digital age. Questions of trust are based around the complex interplay of socio-technical considerations, requiring multi-disciplinary expertise. The trustworthiness of digital IDs is characterised by multiple inter-related dimensions that include security, privacy, ethics, resilience, robustness and reliability. These dimensions are required to provide the knowledge, tools and guidance needed to implement privacy-preserving, secure identification systems. These set of Standard Operating Procedures aim towards developing a Trustworthy ID Systems.

Standard Operating Procedures (SOP)

SOPs are detailed, step-by-step instructions that describe how to perform a function. They break down a function into discrete processes, each consisting of a series of sequential procedures. By adhering to SOPs, system administrators foster a standardized approach to operations, achieving consistent results for each function and ensuring conformity and reliability.

The aim of this work is to design SOPs that support a state-of-the-art Digital Identity (DID) systems. There are three critical phases in a DID system, each containing a series of functions that must be executed. These phases include:

1. Onboarding The registration, validation and verification of an applicants claimed identity.
2. Authentication The mechanisms for approving the identity of an applicant or a claimant.
3. DID Lifecycle Management The recording, maintenance and management of the DID account holder.

These SOPs are subject to further improvements and provides an approach to developing Trustworthy Digital Identity System. For suggestions and collaboration, please contact cm@warwick.ac.uk and t.sheik@warwick.ac.uk.

Sponsor

This work is part of Trustworthy Digital Infrastructure for Identity Systems, funded by Bill and Melinda Gates Foundation. This work is executed in collaboration with MOSIP.

Authors

Carsten Maple

Prof. Carsten Maple is the Principal Investigator of the NCSC-EPSRC Academic Centre of Excellence in Cyber Security Research at the University and Professor of Cyber Systems Engineering in WMG. He is also a co-investigator of the PETRAS National Centre of Excellence for IoT Systems Cybersecurity where he leads on Transport & Mobility, and is a Fellow of the Alan Turing Institute, where he is a principal investigator on a \$5 million project developing trustworthy national digital identity to enable financial inclusion. Carsten has published over 350 peer-reviewed papers and his research has attracted millions of pounds in funding from research councils, government, charities and industry from around the world.

Al Tariq Sheik

Al Tariq Sheik is a Cyber Security Doctoral Researcher at Warwick Manufacturing Group (WMG), University of Warwick in the United Kingdom. He holds an MSc in Cyber Security and Management and is currently focused on his research on Adaptive Security for Connected Autonomous Vehicles within the Intelligent Vehicles group at WMG. This research is supported by joint funding from Jaguar Land-Rover and EPSRC. He is also a Research Associate at the Alan Turing Institute, where he is engaged in research on the Modular Open Source Identity Platform, which is funded by the Bill & Melinda Gates Foundation. His research interests include Trustworthiness of Cyber-Physical Systems, Threat Modelling, and Risk Assessment.

Mark Hooper

Dr. Mark Hooper joined the Turing as a Technical Development Manager in June 2020 after many different roles in both business and academia. Mark has a PhD in Computer Science and has taught a variety of subjects including software development, robotics and product design. His industry experience has mainly focussed on managing small teams of software developers providing business automation solutions.

Gregory Epiphaniou

Dr. Gregory Epiphaniou is an Associate Professor of security engineering at the University of Warwick. He conducts research in wireless communications, focusing on crypto-key generation and has led and contributed to several research projects. He has over 120 international publications, and several industry certifications, and has worked with the UK MoD on cybersecurity-related projects with research and consultancy funding attracted over 20M. He is also a subject matter expert for the Chartered Institute for Securities and Investments.