a)  Key  management:  The  ledger  significantly  sim-  gramme (UNDP) and leveraging more than 2,500
                plifies tasks traditionally associated with certifi-  identity registration sites across the country, the civil
                cation authorities and PKI systems.            registration efforts leading up to the election yield-
            b)  Audit trail: Where needed, the ledger can record   ed near-universal official identity coverage for Sierra
                transaction proofs for legally or economically   Leone's adult population.
                consequential events.                            Working with Kiva, a US-based nonprofit focused
            c)  Economic model: The ledger can implement and   on financial inclusion, the NDIP has helped migrate
                enforce payment flows associated with identi-  the identity data in the NCRA database into verifi-
                ty-related transactions.                       able credentials held by citizen-controlled and -per-
                                                               missioned digital wallets. As the NDIP wallet infra-
               These technological tools can enable the user to   structure is integrated into the financial sector, any
            manage his or her information and to decide exactly   adult citizen with an NCRA-issued identity creden-
            what is disclosed and under what circumstances. A   tial will be able to securely authenticate their official
            well-designed DID system can allow the user to con-  identity with FSPs to support e-KYC for new account
            duct many identity-verification and authentication   opening and ongoing customer due diligence (CDD).
            transactions over "zero-knowledge" protocols that
            mathematically prevent information leakage and can   5�1  Kiva Protocol – System Overview
            even thwart privacy-violation threats that arise from   The Kiva Protocol implementation in Sierra Leone
            event correlation.                                 has a three-layer architecture to enable citizens to
               Service Providers benefit from lower costs and a   securely share authenticated official identity creden-
            much higher level of assurance in every verification   tials with the financial sector to support KYC and
            transaction, plus auditable verification proof that   CDD compliance.
            may be indelibly recorded to a distributed ledger.
               Verifiable Credential Issuers can not only save sub-  5.1.1   Public utilities
            stantial costs related to paper-credential issuance,   The foundation of Kiva Protocol is a network of
            but, owing to the payment-handling capabilities of   nodes supporting a public decentralized identity
            distributed ledgers, can build entire new businesses   (DID) registry. This registry provides the foundation
            based on incremental revenue accruing through use   of trust in the digital credentials used to verify iden-
            of their issued credentials.                       tity.
               The next sections examine two examples of
            decentralized ID system used for biometric registra-  5.1.2   Trusted connections
            tion and e-KYC.                                    The next layer of the architecture enables trust-
                                                               ed  connections  through  authentication  services
                                                               and  wallet  services.  For  authentication, the  NCRA
            5  SIERRA LEONE'S NATIONAL DIGITAL                 collected biometric information as part of its iden-
                IDENTITY PLATFORM                              tity registration efforts starting in 2018. All NCRA-is-
                                                               sued identification credentials can be authenticated
            Sierra Leone launched the National Digital Iden-   using a fingerprint bio matcher service developed
            tity Platform (NDIP) in August 2019. The NDIP is   and  implemented  in  Sierra  Leone.  Wallet  services
            an extensible digital identity infrastructure – built   enable citizen credentials to be stored in wallets with
            using Kiva Protocol's open source technology – that   agent communication tools to enable peer credential
            enables citizens to present and authenticate official   exchange.
            digital identity credentials with financial institutions.   Together, these tools enable citizens to securely
            Once fully integrated into the financial sector and   authenticate and access their digital wallet, and then
            supported by an appropriate regulatory regime, the   send and receive credentials using the wallet agent-
            NDIP will provide the foundation for a market wide   to-agent communication protocol.
            e-KYC utility in Sierra Leone.
               The NDIP leverages the identity data collected   5.1.3   Application ecosystem and data exchange
            and  held  by  Sierra  Leone's  National  Civil  Registra-  Using the technologies from the first two layers, citi-
            tion Authority (NCRA), a citizen registry created by   zens are provided a real-time, secure, user-centric
            the Government of Sierra Leone to support broad    identity verification process that can support e-KYC.
            participation in the 2018 general elections. In part-  In Sierra Leone, the NCRA is the issuer of over 3.6
            nership with the United Nations Development Pro-   million digital IDs, with ID management and adminis-



           22    e-KYC use cases in digital financial services