Innovative identity and rights management
Universal, transparent and secure – that’s how we envisage the management of identities and rights at companies. To achieve this, we are working on flexible identity and rights management.
Learning from Mother Nature
This innovation project was inspired by observing a swarm of bees. Over the course of their life, each bee in the swarm assumes different roles. These roles change constantly without disrupting the workflows in the beehive. We then asked ourselves how we can achieve identity and rights management at companies that is just as flexible yet highly secure?
Transparent and secure management of identities and authorisations
Our idea is to create a user-friendly system that covers all identities at a company throughout the lifecycle – irrespective of whether the identity belongs to a person, machine, process or item. When a work or purchase contract is drawn up, a product generated or a process implemented, the respective identity is literally born with its features in the system. From this point in time, what happens with the identity remains transparent and easy to track.
Each employee – as the author of the knowledge – provides colleagues with rights to access his or her data. An administrator is no longer needed. Only people with the required access rights can see the data, while the files remain concealed for those who are not authorised (zero-knowledge principle). This boosts security and provides a clearer overview. It is possible at all times to track in a compliant manner who accessed which data, when, which rights were used and who issued these rights.
If a colleague is given new tasks, the author can withdraw the rights from the employee. If an employee leaves the company, his or her identity is switched to “invalid” status but is not deleted so that it can always be traced.
Convenient and smart
Users only have to login once – so-called single sign-on – and can then access all of the applications connected, e.g. SAP. This is even the case if they would have otherwise had to use different authentication features for the applications, for instance, a password or biometric features. Different relevant features are stored for each identity. Identity and rights management creates a secure environment for all of a company’s identities and applications. Thanks to the intuitive user interface, every user has unrestricted transparency with regard to their rights and data.
Modified blockchain concept
Identity and rights management is based on a blockchain enhanced by our R&D department. While conventional blockchain technology links the data blocks created in just one direction, i.e. always from the predecessor to the successor, Bundesdruckerei's enhanced blockchain allows data blocks to be connected in two directions. This avoids the last attached data block from being manipulated.
Assigned rights are saved with the pertinent identities in the form of chain – the so-called Bundesdruckerei keychain. Any number of data chains can be created for each identity and each document. This is all possible thanks to a database technology that does not require any defined structures, is zero-redundant and creates a global index. The database is structured much like the human brain. It adapts to the data entered and links the data bi-directionally according to the synapse concept. All data exists only once and even incomplete changes can already be traced. The data is completely indexed and can be accessed in a matter of seconds without any time-consuming searches.
Whitepaper: From the Almighty Administrator to the Self-determined User
An Innovative Approach from Bundesdruckerei’s Research Lab: Identity and Rights Management with FIDES
File size: 474.01 KB