Digital Identities

What is a secure digital identity?

An identity defines a person, a company or a product as unique and unmistakable. For people, a large number of individual attributes such as name and date of birth as well as facial image and fingerprint are used for the identity. The same applies to companies or products, which can be identified by defined attributes such as a company register entry.

A secure digital identity means that it cannot be manipulated, falsified or misused. It ensures that someone is actually who they say they are. Secure digital identities create trust between people, administrations and companies so that analogue processes can increasingly take place online.

With the help of electronic signatures and the associated digital identity, people can be sure that a document has really been signed by the person responsible. Citizens can also use digital identities to identify themselves to a company, a bank or the state. In the context of Industry 4.0, secure digital identities are needed to uniquely identify production facilities during remote maintenance, for example. In addition, companies that are in digital contact with each other can be sure that the business partner is the right company.

Secure digital identities are a fundamental laboratory requirement for successful digitalisation at all levels - in politics, society and business. They form the basis for trustworthy electronic communication and secure digital business processes.

Requirements for secure digital identities

Trust is the basis for reliable relationships and business processes in the digital age. Secure digital identities ensure this necessary trust in the digital world. They provide certainty that a person really is who they say they are, or that a device or product is actually genuine and trustworthy.

To establish this trust, identification solutions must fulfil certain requirements. The VSDI has identified these requirements and presented them in the SVEN model. The model is intended to provide decision-makers with guidance on how secure digital identities should be designed.

Sovereignty (Souveränität)

Secure digital identities must guarantee sovereignty. On the one hand, this can mean respecting the sovereignty of each individual and placing the decision to share data in the hands of the user. In a broader context, however, sovereignty also refers to the sovereignty of nations. The European Union must remain sovereign in digitalisation. In the context of secure digital identities, this means that a standardised regulatory framework must be created in Europe for a European digital identity. The establishment of a European cloud and standardised technical approaches for secure solutions and standards is also absolutely essential.

In concrete terms

• Identity solutions must be constructed using the "Privacy by Design" approach and guarantee the General Data Protection Regulation (GDPR) in order to ensure the sovereignty of the individual.
• Basic interface interoperability and a clear alignment of trust levels are needed to ensure that identification solutions can be used throughout the European Union.
• The elDAS Regulation, which aims to create standardised framework conditions for electronic means of identification, must be implemented.

Trustworthiness (Vertrauenswürdigkeit)

In order to create secure digital identities, it is essential to start with the trust infrastructure. This involves the fundamental orientation of the underlying infrastructure. For example, the question of whether the data is stored centrally or decentrally. All technologies based on this (i.e. individual identity solutions) are then based on this trust infrastructure. For the VSDI, trust infrastructure and identity solutions must therefore be based on the idea of trust and encryption.

In concrete terms

• The level of trust and standardisation created by the elDAS Regulation should be used consistently.
• Proven public key infrastructures (PKI) as encryption systems must be used to issue, distribute and verify digital certificates.
• The potential of decentralised technologies must be exploited, e.g. through distributed blockchain technology (via distributed ledger technology DLT).

Efficiency (Effizienz)

With a view to secure digital identities, the efficiency of such solutions must not be overlooked. In addition to security aspects, flexible, fast and efficient usability must also be taken into account. This will make a decisive contribution to the acceptance of digital identities, both among individuals and companies. It is essential to recognise that different levels of trust are required for different authentication processes and to use them flexibly: Not every digital authentication requires the use of the online ID function of the sovereign ID document and not every document requires protection by a qualified signature and a qualified time stamp.

In concrete terms

• It must be possible to flexibly use different levels of trust for different authentication processes.
• There must be a standardised process for handling secure digital identities in order to simplify the onboarding of digital identities in company sub-ecosystems.

User-friendliness (Nutzerfreundlichkeit)

It is essential that secure digital identities are designed to be user-friendly. Barriers to the identification and authentication of users, be they individuals or companies, must be minimised. Identification solutions must therefore be simple and convenient for users. This leads to a high level of acceptance and low debit rates. Decentralised data storage and self-determination in the handling of personal data must therefore be strongly promoted in the technical implementation.

In concrete terms

• The mobile device must be established as an identity manager.
• An open ecosystem is needed to transfer individual attributes of a secure identity to a smartphone. This requires standardisation and minimum requirements for the security elements (secure elements) of mobile devices.
• Interoperability for a one-for-all approach must be guaranteed so that, for example, natural persons with a digital identity can use public and private services in different areas.

Applications for secure digital identities

Secure digital identities are used in a wide variety of areas. They are important wherever trust and security over the identity of the other party - whether human or object - must be guaranteed. In our digital and global age, this is the case in virtually all relationships and business processes.

The fields of application for secure digital identities are therefore very extensive. However, six major areas can be identified: Health, Business, Finance, Government, Smart Home and Education. In these areas, there are a large number of processes where secure digital identities are used.