FEDERAL MINISTRY OF INTERIOR
NATIONAL IDENTITY MANAGEMENT COMMISSION
Business Requirements Document
For
NIMC NATIONAL IDENTIFICATION NUMBER AUTHENTICATION
APPLICATION
Version 1.2
September 2024
Document History
Document Location: Business Analysis Document Repository
Revision History
Version
From
Author (s)
Change Summary
1.2
Business Analysis Unit
BA Team and Baseline Document
Stakeholder
elicitation
Distribution
This document has been distributed to:
Name
Title
Date of Issue Version
NIMC NIN Auth Application BRD
September
2024
1.2
Approvals
This document requires the following approvals.
Name
Title
Signature
Date of Issue
1.0 Introduction
The NIMC NIN Authentication (Auth) App is a centralized system designed to
streamline and secure identity verification processes for citizens in Nigeria. This
App will enable enterprises and individuals to authenticate their identities using a
secure, mobile-based platform.
1.1 Document Purpose
The purpose of this Business Requirements Document is to identify, document and
achieve agreement on the Business Requirements for the development and
deployment of the NIN Auth App, which facilitates identity verification using the
National Identification Number (NIN). It will provide a general high-level
requirement (business, functional and general) of the NIMC Auth App. The App
aims to address the inefficiencies and security risks present in the current
decentralized identity verification processes.
1.1.1 This BRD will be used as the basis for the following activities:






Solution Development process
Customizing a fit for purpose NIMC Auth App
Reduce the risk of unforeseen additional requirements extending the
implementation phase
Developing Test plans, Test scripts, and Test cases
Determining project completion
Assessing project success criteria
1.1.2 In order to achieve the above, the BRD;
Defines the requirements for the implementation of the NIMC Auth App and will
describe:

The business and technical context as well as the problem statement in
which the project is to be implemented

The business context and high-level objectives for supporting the business
drivers for the implementation of a NIMC Auth App

The business and user requirements, which describe stakeholder needs to
meet business demands
1.2 Intended Audience
The document is targeted at the following:
1. Stakeholders: This includes the internal and external stakeholders and
partners of NIMC
2. Technical/Design Task Team: This includes the Consultants and Vendors
who will design and develop the solution
3. The Project Team: To review and provide guidance for the project.
4. The Quality Assurance and Testing team.
1.3 Scope
This BRD covers the requirements for the mobile and web-based authentication
platform, including functional and non- functional requirements for identity
verification which the NIMC Auth App is to provide.
1.4 Related Documents
The following documents provided important supporting information in the
development of this Business Requirements Document.

NIMC Operations Manual

NIMC Customer Care Handbook

NIMC Business Policy Handbook

NIMS Strategy and Technology Overview

NIMC Harmonisation policy

NIMC Information Security Policy

NIMC Business Process and Standards Specification Handbook
1.5 Definitions and Acronyms
Term
Definition
NIN
National Identification Number
CA
Certificate Authority
API
Application Programming Interface
BRD
Business Requirements Documentation
MFA
Multi-Factor Authentication
TLS
Transport Layer Security
PKI
Public Key Infrastructure
SDK
Software Development Kit
1.6 Business Objectives
The NINAuth App will enhance the security, convenience and reliability of
Identity Verification in Nigeria, following international best practices like the
BankID in Nordic countries.
1.6.1 Problem Statement
The current identity verification system is fragmented, inefficient, and
vulnerable to security risks. Enterprises have limited access to direct verification
channels, leading to increased costs and potential data breaches
1.6.2 Objectives

To reduce identity authentication times.

To offer a secure and reliable authentication process.

To provide a user-friendly experience for seamless adoption.
2.0 Solution Overview
The NINAuth App will be a mobile-based solution that integrates with the NIMC
infrastructure (HA-NVS), providing secure identity verification services to
enterprises, government agencies and end-users.
2.1 Key Features

Multi-Platform SDKs: Supporting Android, iOS, and web platforms for easy
integration.

Robust Infrastructure: Capable of handling large volumes of transactions
and queries with high availability.

User Consent Management: Allows users to manage their data and
consent in real time.
3.0 Functional Requirements
a) User Authentication: The system should allow for Integration of MFA and
Biometric Authentication for added security.
b) Consent Management: The system should have a clear, transparent and
robust mechanism for managing user data consent.
c) Enterprise Integration: The system should allow API endpoints and SDKs for
service providers to integrate identity verification into their systems.
d) Audit and Reporting: The system should be capable of presenting
comprehensive audit logs for all transactions to ensure accountability and
regulatory compliance.
4.0 Non-Functional Requirements
a) Security: The App must use strong encryption for all data in transit and at
rest, with regular security audits.
b) Performance: Each transaction should be processed within 2 seconds.
c) Scalability: Support for up to 1 million queries per hour.
d) Availability: The system should ensure 24/7 availability with load balancing
and redundancy.
5.0 Stakeholder Analysis
a) Primary Users: Enterprises: Banks, government agencies, e-commerce
platforms, and telecom companies that require secure identity verification.
b) End Users: Citizens using the NINAuth App for personal verification needs.
c) Secondary Users:
i.
NIMC Administrators: Managing the system and user data.
ii.
Developers: Integrating the system into third-party services.
6.0 Success Metrics and KPIs
a) Adoption Rate: Number of enterprises and individuals using the app.
b) System Uptime: Percentage of time the system remains online.
c) Transaction Success Rate: Percentage of successful verifications.
d) User Satisfaction: Measured through user feedback and surveys.
7.0 Risk Assessment and Mitigation
a) Potential Risks
i.
Data Breaches: Due to the sensitive nature of identity data.
ii.
Integration Issues: Challenges with integrating the app into existing
enterprise systems.
b) Mitigation Strategies
i.
Regular Security Audits: Implement security audits to identify
vulnerabilities.
ii.
Comprehensive Testing: Perform
rigorous
development and before deployment.
testing
during
8.0 Comprehensive Billing System and Audit Logs
8.1 Billing System
The system should have a comprehensive Billing system to track usage by
enterprises and other service providers. The key features of the billing system
include:

Usage-based Billing: Charges calculated based on the number of
identity verification transactions conducted by a service provider.

Tiered Pricing: The system will support different pricing tiers based
on the volume of transactions.

Automated Invoicing: Invoices will be automatically generated
and sent to the service providers.

Payment Gateway Integration: Integration with secure payment
gateways for seamless payment processing.

Billing History: Service providers can access their billing history,
payment status, and invoices via an administrative dashboard.
8.2 Audit Logs
The system should have detailed audit logs that track every action performed
by Users, Administrators and Service Providers. The key features of the audit
log system include:

Event tracking: The system will track login attempts, successful
and failed identity verifications, consent updates, and any
administrative actions.

Timestamped Logs: Each log entry will have a precise timestamp
to ensure traceability.

Compliance
Logging:
The
system
will
meet
regulatory
requirements by keeping a record of all relevant user actions
and system changes.

Real-time Monitoring: Logs will be updated in real-time, and
administrators will have access to dashboards for monitoring
system health and usage.

Audit Log Retention: Logs will be retained for a configurable
period, ensuring compliance with data retention policies.

Security: All logs will be securely stored and protected from
unauthorized access.

Reporting:
Customizable
reporting
options
will
allow
administrators to generate detailed audit reports for analysis and
compliance purposes.
8.3 Supported Identity Documents
The NIN Auth App will support verification of additional identity documents
besides the National Identification Number (NIN). These include but not limited to:

International Passport: The app will support verification using a
citizen's international passport.

Driver’s License: The app will allow users to authenticate themselves
using a government- issued driver's license.

Voter’s Card: Integration with the voter registration database will
enable users to authenticate using their voter identification number.
8.4 Document Linking and Verification
The NIN Auth App will provide seamless integration with various Databases to
validate these additional identity documents. The system will:

Link a User's identity to multiple documents for
verification purposes.

Provide APIs to validate the authenticity of each
document.

Implement strong encryption to protect sensitive
information from unauthorized access.
8.5 User Consent and Data Management
Users will have the ability to link additional identity documents and
manage their consent for sharing this information with service providers.
This will enhance flexibility and enable a more comprehensive identity
verification process for various use cases.