Shared Infrastructure
SevisTrust
The platform backbone providing DID registry, credential schemas, trust services, biometric engine, and policy enforcement for the entire SevisPNG ecosystem.
Core Services
Six interconnected services provide the foundation for trusted digital identity across Papua New Guinea.
Verifiable Registry
Distributed ledger for DIDs (Decentralized Identifiers). Every citizen, organization, and device gets a unique, cryptographically verifiable identifier.
- DID creation and resolution
- Public key management
- DID document updates
- Cross-registry interoperability
Credential Schemas
Standardized schemas for all credential types in the ecosystem. Ensures interoperability between issuers and verifiers.
- Schema registry and versioning
- Validation rules
- Internationalization support
- Schema governance
Trust Services
Policy enforcement layer that embeds commercial rules, access permissions, and governance policies into every transaction.
- Access control policies
- Fee calculation and collection
- Rate limiting
- Audit logging
Biometric Engine
Shared biometric services for identity verification and deduplication. Prevents duplicate identities and enables fraud-resistant authentication.
- 1:N deduplication (uniqueness check)
- 1:1 verification (authentication)
- Liveness detection
- Multi-modal biometrics (face, fingerprint)
Revocation Registry
Real-time credential status checking. Verifiers can confirm a credential hasn't been revoked before accepting it.
- Status list management
- Real-time revocation checks
- Suspension and reinstatement
- Privacy-preserving status queries
Key Management
Secure key generation, storage, and rotation for all ecosystem participants. HSM-backed security for critical signing operations.
- Key generation and derivation
- Secure key storage (HSM)
- Key rotation policies
- Recovery mechanisms
Architecture
A layered architecture ensures separation of concerns and enables independent scaling.
Application Layer
SevisWallet, LORA, and third-party applications
Protocol Layer
Standards-based communication protocols
Trust Services Layer
SevisTrust core services
Infrastructure Layer
Cloud and security infrastructure
For Relying Parties
Why build your own infrastructure when you can use SevisTrust?
No Identity Infrastructure to Build
Use SevisTrust services instead of building and maintaining your own DID registry, biometric system, or credential infrastructure.
Embedded Policy Enforcement
Commercial rules, access controls, and governance policies are enforced automatically at the infrastructure level.
Interoperability by Default
Credentials issued by any RP can be verified by any other RP. No bilateral integrations needed.
Fraud Prevention
Shared biometric engine ensures each person has only one identity. 1:N deduplication prevents duplicate accounts.
Security & Compliance
SevisTrust is built with security at every layer. From hardware security modules to real-time monitoring, we protect the ecosystem's most sensitive operations.
- Hardware Security Modules (HSM) for key storage
- End-to-end encryption for all communications
- Zero-knowledge proofs for privacy-preserving verification
- Distributed architecture with no single point of failure
- Real-time monitoring and anomaly detection
- Regular security audits and penetration testing
- Compliance with international security standards
- Data sovereignty—infrastructure hosted in PNG
Governed by DICT
Trust framework, legal policies, and commercial rules are set by the Department of Information and Communications Technology.
Build on SevisTrust
Join the SevisPNG ecosystem as a Relying Party. Use SevisTrust infrastructure to issue credentials, verify identities, and serve citizens.