How does the blockchain create more data security and self-determination for private individuals and companies?

In today’s modern times, every person still has a large number of different analogue proofs of their own identity. This is not only old-fashioned, but also uncertain and difficult to overlook. Together with blockchain technology, the concept of self-determined identity management has developed in recent years, which is also referred to in English technical jargon as “Self-Sovereign Identity” (SSI). The article describes the basic idea and the vision of how SSI can give citizens more self-determination over their own personal data. — Authors: Duc Au, Helge Michael

1. What is a digital identity?

If one orients oneself to the definition of the Duden, then in the context of identity one speaks of the “authenticity of a person” and of “complete agreement with what she is” (cf. Duden, 2021). A classic example of this is the physical identity card or passport, which proves a person’s individual personal identity characteristics (e.g. date of birth, eye color, height). With this legitimation document, citizens can identify themselves to a driving license authority or a bank, for example, in order to use certain services and products. But the concept of identity encompasses more than just proof of the classic legitimation paper. If you look in your own wallet (or analog wallet), you will usually also find evidence such as your driver’s license, health card, employer’s ID card, credit card or membership cards or customer cards from various organizations. Other proofs of identity, which are more likely to be found in files, are, for example, the marriage certificate, the university certificate, the birth certificate or the extract from the land register with proof of home ownership. The identities and proofs listed here are typical of the era before the Internet was created in 1990. However, with the use of the World Wide Web, additional electronic identities in the form of online accounts were added, where citizens authenticate themselves using user names and passwords . According to a recent study by Bundesdruckerei, every European has “a good 90 digital identities, and the trend is rising” (cf. Bundesdruckerei, 2020). The results underline the challenge mentioned at the beginning of keeping track of one’s own identities together with the corresponding evidence. After all, who can always keep track of 90 different online accounts, which are ideally protected by different user names, passwords and additional 2-factor authentication procedures, and the paper evidence in their own four walls?

2. Importance of digital identities for modern services & products

For the reasons mentioned, the digitization of analog proof of identity not only creates administrative simplifications for citizens, but above all paves the way for the private and public sectors to offer fully digital services. Because the major obstacle to digitization in Germany can be attributed, among other things, to the lack of easy-to-use digital identities and proof. Therefore, the blockchain strategy of the Federal Government contains — in addition to many other important innovation topics — above all a chapter on digitizing administrative services (cf. Federal Ministry for Economic Affairs and Energy (BMWi), 2019). With the innovation competition “Showcase Secure Digital Identities”, which is organized by the BMWi, selected identity projects for data security and sovereignty are to be funded. A total of four so-called showcase projects are currently being funded with a total of 50 million euros in order to develop software, research practical use cases and finally implement them by 2024. One of the funded projects is the “IDunion” consortium, which aims to create “an open ecosystem for decentralized identity management based on SSI technology, which can be used worldwide and is based on European values ​​and regulations”.
The federal government’s efforts and funding are based on the fact that a large number of everyday applications in the area of ​​identification and authentication can be solved in connection with SSI without making oneself dependent on large American technology companies. All parties involved can benefit from this. Figure 1 shows the exemplary application possibilities of digital identities and proofs. For example, the BAföG application can be made completely digitally in the future, using the digital identity card (also known as “Basic ID”) and the digital bank account identity (cf. Federal Ministry for Economic Affairs and Energy, 2019).

Figure 1: Example use cases for digital identities and credentials; Source: Bundesministerium für Wirtschaft und Energie (BMWi)

The examples are intended to illustrate that new digital processes that take place end-to-end can create enormous added value for (1) individuals, (2) companies and finally (3) governments. In the following some added values are described in excerpts:

(1) Individuals
• Diversity of digital services and products: previously analogue services and the conclusion of certain products can now also be carried out digitally, so that the classic walk in branches, shops or office buildings is saved
• Time savings: Citizens can act flexibly due to digital processes and also take care of things outside of classic opening or working hours
• Flexibility: Services or product purchases will be accessible from anywhere as long as an internet connection and a smartphone or computer are available

(2) corporations; and (3) governments
• Increasing competitiveness: digital processes create additional sources of income, for example, by addressing new digital-savvy customers.
• Work relief for employees: Personnel can concentrate on essential core activities that are too complex for digital processes. Among other things, this also leads to cost savings in the personnel area.
• Automation of processes: digital identities can be applied not only to people, but also to companies and machines (keyword: Internet of Things). This results in a wide range of innovation potentials that can be realized and in turn bring numerous added values.

3. The Vision of Self-Sovereign Identity

The goal of SSI is to enable users to manage their own identities, thereby making them independent from central identity service providers. The starting point for managing all identities, including proof, is a mobile wallet app. This is not surprising, since the smartphone has become the linchpin for many citizens today, not only for communication, but also for dealing with everyday matters. After all, at 48%, the smartphone is one of the most popular devices for making online purchases (cf. Statista dossier “E-Commerce in Germany”, 2020).
The vision of SSI will be explained using the example of the Main Incubator and the research initiative “Lissi”, which stands for “Let’s Initiate Self-Sovereign Identity”. Citizens can download the Lissi wallet free of charge on their smartphone to securely store digital identities and proof and to present them if necessary. The identities and proofs are issued by so-called “Issuers” and transferred to the citizens’ wallets. This personal data is stored in encrypted form in the wallet and can only be viewed by the users themselves in the Lissi app. The provider of the wallet also has no access to the personal data in the wallet. If third parties (so-called “verifiers”) now require identity data and proof from the users, they send a direct request to the wallet and the users decide whether and which data they want to share. The data to be shared is sent directly from the wallet without the issuer or the wallet provider receiving any information about it. Users of the Lissi wallet thus have complete sovereignty over their own personal data. Figure 2 illustrates the relationship between user, issuer and verifier and will be explained in a simplified manner below.

Figure 2: Blockchain as Trust Anchor in SSI; Source: Main Incubator

In the figure, the issue of a digital university certificate was selected as an example. The university as issuer writes a so-called public decentralized identifier (also called “Public DID”) and the corresponding public key “Public Key” in the blockchain. This public key is read by a verifier to determine whether the proof presented from the Lissi wallet is authentic and was signed by the issuer with the associated private key “Private Key”. If the verifier trusts the issuer and knows its public DID, it can trust the proof of identity without asking the issuer directly. The users of an SSI wallet can thus easily share their evidence with a verifier without the issuer becoming aware of it. In this case, that could be applying for a student discount for an online service (cf. W3C, 2021).
The blockchain serves as a so-called trust anchor, i.e. as an anchor to establish trust between the issuer and verifier. Hyperledger Indy and Aries are used for the blockchain framework. A key factor in this decision was the large Linux Foundation community behind Hyperledger. The nodes in this permissioned network follow the so-called Redundant Byzantine Fault Tolerance (RBFT) consensus mechanism and are operated by selected companies from the IDunion consortium (cf. IDunion, 2021). A demo of how it works is available at https://lissi.id/demo.

4. The Vision of Self-Sovereign Identity

The concept of SSI enables many cross-industry use cases that can make life much easier for citizens. A well-known example is the federal government’s “hotel check-in”. Since the creation of an open ecosystem is involved, there should be several providers of SSI wallets in the target image in order to give citizens the right to vote. The federal government and its “ID wallet” presented a first use case in May of this year. Together with selected hotel chains, hotel check-in using SSI was made possible for employees of Deutsche Bahn AG, Lufthansa AG and Robert Bosch GmbH. By scanning a QR code using the identity wallet, employees were able to check in conveniently and, above all, digitally. The citizens know exactly what data is required by the hotel and consciously share it by entering it via the ID wallet (cf. Federal Government, 2021).
Another pilot of the federal government was the launch of the digital driver’s license, which was intended, for example, “to make it easier to rent a rental car or use car sharing offers” (cf. Zeit, 2021). This should replace the physical driving license in the long term. However, there were technical problems right at the start of the launch, so the ID wallet was removed from the App and Google stores until further notice (cf. Federal Government, 2021).
In addition to the use cases known from the media, there are a large number of promising ideas that are currently being worked on. A few examples are given below and briefly explained:

1. Account opening via SSI: In addition to the classic legitimation procedures PostIdent or VideoIdent, legitimation via SSI could also be carried out in the future. Customers could send the personal data of the digital ID card to the selected bank by scanning a QR code.
2. Login online accounts: In addition to the classic single sign-on (SSO) with Facebook, Google or Apple, a solution could also be established that represents an SSI login. Citizens do not have to resort to the SSO solution of large tech companies, nor do they have to manually enter their personal data to create an online account.
3. Smart Checkout: Citizens could use SSI to transmit the payment option when making an online purchase. A credit card identity in the wallet could be used to conveniently transmit the data to the e-commerce retailer. This eliminates tedious steps such as manually entering the credit card number or the three-digit CVV code (CVV = Card Verification Value).

5. Conclusion and Outlook

The concept of self-determined identity management holds great potential for citizens as well as for private companies and governments. The fact that the federal government is promoting the establishment of the ecosystem for digital identities and funding it underscores its relevance for the future. However, it must also be noted that many regulatory, technical and economic issues still have to be addressed before it is fully established. After all, this is about the digitization of very personal data of citizens. Flawless technical and reliable processes are therefore a must in order to secure the long-term trust of the public in SSI. Therefore, new SSI solutions should be carefully tested and put on a technically sound footing in order to convince with clear added value in everyday life.
Looking ahead, it is important to further expand the cooperation between the state and the private sector in order to put the common vision of an established SSI ecosystem into practice. In the future, two digital proofs of identity, which are being developed by the state, will probably be available in Germany in order to enable analogue processes in the digital world. These are the newly created “Basic ID” which is based on the described SSI technology and the “Smart-eID” as a further development of the well-known “eID”. In particular, the “Basic ID” forms the decisive basis for the future success of the SSI adoption by the citizens. In a joint position paper by the participating banks and associations, the relevance of SSI-based identity concepts is again emphasized in order to secure the previous project efforts and successes and to be able to implement the vision of SSI in line with market requirements (Bankenverband 2021).

Remarks

The article can be read in German language on BTC-Echo.com. Here the direct link to the publication.

About the authors

Cam-Duc Au is currently doing his PhD at the Masaryk University in Brno in the field of crypto robo-advisory and, as Manager Holdings at P. Keppler Verlag, accompanies the digitization of the WM Gruppe together with CEO Michael Reuther. He also works as freelance lecturer at FOM Hochschule für Oekonomie & Management in Frankfurt am Main, Essen & Düsseldorf and as Research Fellow at the isf Institute for Strategic Finance. You can contact him via mail (cam-duc.au@fom-net.de), via LinkedIn, or Xing.

Helge Michael is program manager at Main Incubator, the research and development unit of Commerzbank. His focus is on the topics of digital platforms, blockchain, crypto assets and digital identities.
Three years ago he initiated the “Lissi” identity project at Main Incubator from which the IDunion project has developed over the past few months, which aims to build a decentralized ecosystem for identities and that is funded by the BMWK. Before joining the Main Incubator, he worked for seven years at Commerzbank in Corporate Development M&A.

Bibliography

Bankenverband. (2021). „Finanzwirtschaft für Neustart von ID Wallet und Basis-ID im SSI-Ökosystem“. https://bankenverband.de/newsroom/presse-infos/finanzwirtschaft-fur-neustart-id-wallet-basis-id-im-ssi-okosystem/. Zugegriffen: Januar 2022.

BEVH. (2021). “Onlinehandel mit Waren wächst im ersten Halbjahr 2021 um 23,2 Prozent”. https://www.bevh.org/presse/pressemitteilungen/details/onlinehandel-mit-waren-waechst-im-ersten-halbjahr-2021-um-232-prozent.html. Zugegriffen: Januar 2022.

Bundesdruckerei. (2020). “Digitale Identitäten: So entwickeln sie sich weiter.”. https://www.bundesdruckerei.de/de/Fokusthemen/Magazin/So-entwickeln-sie-sich-weiter. Zugegriffen: Oktober 2021.

Bundesministerium für Wirtschaft und Klimaschutz. (2021). “Startschuss für weitere Nutzungsmöglichkeiten des digitalen Personalausweis auf dem Smartphone. https://www.bmwi.de/Redaktion/DE/Pressemitteilungen/2021/03/20210401-startschuss-digitaler-personalausweis.html. Zugegriffen: Oktober 2021.

Bundesministerium für Wirtschaft und Energie. (2021). “Blockchain-Strategie der Bundesregierung”. https://www.bmwi.de/Redaktion/DE/Publikationen/Digitale-Welt/blockchain-strategie.pdf?__blob=publicationFile&v=8#:~:text=Die%20Bundesregierung%20setzt%20sich%20das,erhalten%20werden%20und%20weiter%20wachsen. Zugegriffen: Januar 2022.

Bundesregierung. (2021). “Nachweise für die digitale Brieftasche”. https://www.bundesregierung.de/breg-de/suche/e-id-1962112. Zugegriffen: Dezember 2021.

Bundesregierung. (2021). “Hotel Check-in künftig per ID Wallet möglich”. https://www.bundesregierung.de/breg-de/aktuelles/hotel-check-in-kuenftig-per-id-wallet-moeglich-1914612. Zugegriffen: Oktober 2021.

Duden. (2022). “Wörterbuch”. https://www.duden.de/rechtschreibung/Identitaet. Zugegriffen: Januar 2022.

IDunion. (2022). “Ziele der Organisation”. https://idunion.org/projekt/. Zugegriffen: Januar 2022.

Statista. (2022). “Umfrage unter Online-Händlern zum Vorkommen von Betrugsarten in Deutschland 2018”. https://de.statista.com/statistik/daten/studie/857970/umfrage/vorkommen-von-betrugsarten-in-online-shops-auf-haendlerseite-in-deutschland/. Zugegriffen: Januar 2022

Statista. (2021). “E-Commerce in Deutschland”. https://de.statista.com/statistik/studie/id/6387/dokument/e-commerce-statista-dossier/. Zugegriffen: Dezember 2021.

W3C. (2021). “Decentralized Identifiers — Core Architecture, data model, and representations”. https://www.w3.org/TR/did-core/. Zugegriffen: Januar 2022.

Zeit. (2021). “Defekte Führerschein-App soll in einigen Wochen repariert sein”. https://www.zeit.de/mobilitaet/2021-10/id-wallet-digitaler-fuehrerschein-app-ausbesserung-bundesregierung-ankuendigung. Zugegriffen: Oktober 2021.