Self-sovereign identity: Data sovereignty in the digital world
Digital identities are the linchpin of life in the online world. Bundesdruckerei is developing secure and trusted infrastructures in order to tap into the potential for digitalization while protecting people’s data and identities.
Omniscient ID providers
There are many different situations in which citizens and organizations provide digital proof of their identity be it when applying for documents, opening an account or using online services. With a variety of providers, users deposit their personal data and identify themselves each time they log in.
Large ID providers, such as Apple, Facebook or Google, provide simple access path with single sign-on: After logging in once, users can then access the services of other providers without having to re-enter their data each time. This is convenient, but it also means that the central provider is aware of every transaction the user makes on the network, transforming the central provider into an omniscient party.
IDunion: Guiding principle of self-determined identities
Up to now, no international standard for digital proof of identity has been able to firmly establish itself. To better protect data and privacy, experts around the world are working on trusted identity management infrastructures.
Together with partners from the private sector and research, Bundesdruckerei is providing a holistic system for self-determined identities in the funded Idunion project. Self-sovereign identity networks are based on distributed structures and establish the data sovereignty of users. This funded project covers applications in both the private and public sectors, thus creating a suitable framework also for digital administration, which will receive additional impetus from the Online Access Act. After all, beginning 2022, public authorities in Germany will be obliged to provide their services online and offer citizens a uniform user account for this purpose.
Self-sovereign identity (SSI): Data sovereignty in a decentralized system
The aim of the SSI ecosystem is to exchange digital ID credentials in a secure and data-thrifty way. Interaction between the issuer, holder and verifying body is designed in such a way that the user always remains in control. “Any disclosure of identity data requires the user’s active consent,” explains Micha Kraus from Bundesdruckerei GmbH's Innovation Team. The system is based on distributed ledger technology, which is similar to a blockchain and is based on several independent nodes. IDunion plans to found a European cooperative to operate the network. This cooperative is also is open to other partners.
In the SSI model, each user has their own personal digital ‘wallet’. This is where the user stores and manages their ID documents, for instance, ID card and driving licence, credit card and rail card, etc. All these identities were first checked and electronically signed by the respective issuers, such as the registration office or bank. If the user wants to check in to a hotel, they disclose selected ID data to the receptionist. To verify this information, the hotel receptionist accesses the decentralized network where merely the data needed for verification is stored rather than hotel guest’s actual documents. Using a cryptographic signature, the receptionist can verify the data. The registration office is not contacted in this case and does not know where the user is currently on holiday; private matters remain private.
Multilateral relationship of trust
When implementing the SSI system, it is essential to provide each individual relationship between the parties involved with secure trust mechanisms – for instance, an online shop wants to be able to rely on the fact that the bank is actually behind a credit card. And users want to disclose their data exclusively to the right addressee and not to a fake shop. The wallet must also be protected against manipulation and misuse. Bundesdruckerei is using its expertise in data protection and high security to develop these trust mechanisms.
The funded IDunion project
Data sovereignty: Users at the heart of the systems
Bundesdruckerei has a host of other projects dedicated to research and development in future-oriented systems for digital identities.
Reduce complexity: Improve security in everyday user life
For identity and rights management, Bundesdruckerei is developing new design approaches to make complex systems understandable for users and fit seamlessly into everyday life. After all, user-friendliness is not least a security factor that must be taken seriously.