LORIS - Dynamic No-Card Identification System
No more coaxing. LORIS provides you with ID that you need, when you need it.
People are investigating a new form of ID because truthfully, the lives and livelihood of many are affected greatly by not having one. Not being able to identify yourself with a valid credential can stop you from accessing health services, as well as government-backed services such as voting and licensing applications. The truth is, people don't care about getting forms of identification today, because the consensus is that it only provides them future benefit. So we find that most persons register for a form of identification when there is an upcoming need for it, such as a passport for travel and a voters ID for elections.
Instead of focusing on only making it easier to sign up for an ID, we want to propose a system which is highly necessary. Many countries have attempted to implement national ID systems, but the ones where adoption has been greater than 95% are all countries where the Government backed the solution, making it mandatory for access for day to day activities.
LORIS is a privately developed, Government deployed software solution which uses a combination of biometric information and private/public key verification to identify each individual in the system. The combination of these two forms of identification prevents "borrowing your ID", making it impossible to authenticate as someone else. The core of the system will be an open source module, which governments can implement in their respective countries with an approved implementing agency.
On the user's side, they will be issued a temporary copy of their stored identification, which can be printed on a slim sheet of receipt paper from a typical Verifone point-of-sale device. This temporary ID is valid for the person's engagement with that LORIS-registered service, such as filing taxes or applying for a loan. It can be used only within that time period, and cannot be shared across activities (the lady paying her student loan cannot use that ID to pay for her vehicle; she will be issued another temporary ID on the spot). These Verifone devices are already implemented across the Caribbean, and the technology can handle the secure communications required to verify an ID.
The technology behind LORIS is second in the race for importance. The most important driver for it to succeed is Government sponsorship and backing. If the Government makes the tough decision to support and move towards a unified ID system, the people will reap the benefits that they need, whether they want to or not.
Solution location:Kingston, Jamaica
Solution's stage of development:Idea
What makes the solution innovative:
LORIS has two major differences in its design of a secure, accessible & scalable identification system.
- The Necessity of Government Backing
- This solution is not trying to make it easier for persons to sign up for the solution. Instead, LORIS depends on the Government's enforcement of registration as the key for any success.
- The Removal of the Permanent ID
- Because the value of having a form of identification is only created at the point of usage, we completely remove the need for a physical ID, and instead generate a temporarily valid ID at the time the individual needs it.
How the solution demonstrates 'privacy by design':
LORIS tackles privacy by design at each point of its typical operation cycle.
- The User Identifies Themselves
- At this step, the user enters their private key to authenticate that they are who they say they are. This key can be either a pin or a password, depending on the setup of the implementer. The second part is the biometric identification. This will be accomplished either through the use of an iris-scanning add-on, or a fingerprint scanning add-on.
- The User Receives Their Temporary ID
- Using the standard Verifone printer equipment, the user receives a slip with their temporary ID, in the form of a QR code printed on a slip of paper. This code is generated on the servers by a process called tokenization, where the user is granted "access" to their ID for the validity period assigned for that printed ID. This also creates an access log of all accesses of that user's ID.
- The User Completes Their Transaction
- The user then completes their transaction, and tears up the temporary ID, heading home after a successful visit to that establishment.
How the solution can be incorporated into digital identification systems:
LORIS is designed to be a modular approach to identification systems. While it is designed to be an entire solution, there are parts of it which can be integrated into existing systems.
- Use of Existing Infrastructure
LORIS is designed to work with existing point of sale terminals found in countries throughout the world, whether mobile or countertop devices. These devices are generally built with a communications protocol which allows them to communicate over HTTP with servers globally. The solution would provide the application which communicates from the terminals to the verification servers, which can either be LORIS servers or those of a collaborating party.
- Government Approval
Since LORIS is a Government-backed solution, there are many approvals which it will require before it can operate. However, once the first local government in a LORIS region signs on, it becomes much easier to sign the second, because the solution has already passed many of the same approval requirements they desire. This opens the door for another solution to become part of the LORIS ecosystem.
How the solution is 'user-friendly':
The most difficult part of using LORIS will be the signup process. Each user will have to register their required biometric identifier as well as to confirm a key, which can be either a numeric pin or a password based on the implementation. The user's address will also have to be verified before they can be added to the system. All of these steps also have to be repeated if there is updated information.
LORIS is designed for ease of understanding first, then ease of use. Once a user receives their temporary ID, the usage is designed to be straightforward.
How the solution ensures interoperability:
Although the LORIS system is to be an open source ID system, the server configuration would not be accessible through an open API. This interface would only be accessible through the terminals which are given access to it.
Likewise, the software for the terminals would be brand specific. Verifone was chosen because of their very strong market share throughout Central and Latin America, however, their software SDK's are closed source to the general public, unless a license is obtained.
How the solution accounts for low connectivity environments and for users with low literacy and numeracy levels:
The identification process can be used by those who are mute, hearing impaired or visually impaired, based on the use of a biometric/key combination for verification. The temporary ID itself is made up mostly of the QR code which represents the valid user for that session.
For connectivity, it's vital that the point of sale devices are connected at all times. This can be a weakness in areas with low network availability, so the devices are all fitted with GPRS transponders which allow them to communicate securely over the cellular network if the network is unavailable.
Vision over the next three to five years to implement or grow the solution to affect the lives of more people:
The vision for LORIS is for Governments (whether local or national) within economic regions to collaborate in implementing the solution that fits them best. LORIS itself is a three to five year solution, so seeing it implemented correctly, in a way that benefits the persons in hard to reach areas who have no desire to go for a form of identification would be ideal. I do not believe it will be a solution for everyone within a region, but I do think that it can truly help to digitize our identity and make it accessible.
How the solution team is organized:For-Profit
Solution lead:Other (Please explain below)
How many people work on the solution:1-5
Solution age:Less than 1 year
The organizations applicants are currently working with:
In the last year, we engaged in a 3 day course/bootcamp with Verifone it Atlanta, in order to receive professional certification. We now have the title of Verifone International Partners, giving us the right and the tools to develop applications for all Verifone terminals globally. This moves us a little closer to the goal of developing LORIS to work in any country.
Applicant skills that can attract the different resources needed to succeed and make an impact:
There are currently two members in our team, and between us we have approximately 10 years of software development experience. Over the last two years, I've built and overseen 7 production websites, for local companies and individuals in Jamaica, which receive international traffic. My partner has also been involved in deploying local solutions for large manufacturers in Jamaica. We know software development, and we know how to present a working solution.
One of the reasons we emphasize the need for LORIS to be a Government backed solution is because funding would have to be set aside for it. Using Jamaica as an example, it's feasible for each country to create a sizeable implementation budget for their national ID system.
Our income comes from two areas, the development of the client-side terminal applications for each region, and consultancy/maintenance fees. Because we have access to the closed source Verifone SDK's, as well as the know how on implementation, there will be a cost per implementation. However, the server code for LORIS will be open sourced.
If there is any need for maintenance of either the client systems, or the server systems after the implementation period, then a fee will be charged to inspect and correct any issues found with the software or hardware.
Reason for applying to the Mission Billion Challenge:
My company, Threed Software, was founded with the intention of building large solutions. Out of this competition I hope to find other areas where I can partner with the World Bank to build solutions for persons globally.
Key barriers to the solution:
Some of the main barriers for this solution are as follows.
- Protection from temporary ID misuse (when persons use someone elses printed slip before the timeout occurs)
- Complete network disconnection
- Device tampering
- Government regulations & approvals.
The majority of these are software hardware issues, which can be fixed by building better infrastructure in these areas. By far the most time consuming and difficult hurdle will be designing a solution which is plug and play for different nations and Governments. That is where the World Bank definitely will be able to help us out.