Strengthening trust in digital identity

Skepticism and a lack of trust on the part of end users in the security of their own data are holding back many digital innovations. The new concept of self-sovereign identity enables companies to regain both and creates the foundation for new business models and a secure digitized world. Dr. Andreas Künsken, Head of Consulting Identity & Access Management bei Comma Soft, will shed light on how self-sovereign identity and the associated decentralized identifiers can help in practice and what immense potential they still hold.

What the major e-commerce and social media providers have to offer is tempting: users can log in to online stores quickly and easily with another existing account, for example, a Facebook or Google account. There is no need for a new account. But where does data security come into play? With whom is personal information shared along the way? Can that data ever be completely deleted again? The GAMAM companies build their business models on the fact that users disclose their data through automatic storage or central logins. For end users, on the other hand, the risk of data loss, theft and misuse increases. This is causing trust in digital ecosystems to dwindle. It’s time for a secure solution.

Digital ecosystems require trust

Data theft scandals erode confidence in digitization. This is true not only for social media providers, but also in the fields of employment, education, healthcare, and civic services. When people have the sense that they are losing control over their own data, acceptance of digital innovations falls by the wayside – and with it, enormous potential in key areas such as healthcare, continuing education and mobility. The need of end users to have confidence in the security of their digital identity is therefore much more than a regulatory hurdle on the path to the next business model. It is an essential basis for establishing acceptance throughout society for new, consistent digital ecosystems in the future. The question is, how can this trust be developed?

Best practice: Self-sovereign identity with a digital wallet

A new approach to providing a secure digital identity is self-sovereign identity, as envisioned in the technological concept of decentralized identifiers . This involves thinking about core requirements for safety and convenience in a whole new way. While user data in other models remains in the hands of central service providers, in this model the data stays with the users themselves. They keep them in what is known as their own digital wallet. There is no service provider acting as an intermediary to manage the data. Only the public keys to the wallet are shared. If a service provider wants to verify which user data it has at its disposal, it can do so with the help of these keys. The user retains complete control over all access to their data. As such, self-sovereign identity addresses many of the important requirements for a digital identity:

  • Service providers can easily verify user claims when needed, without necessarily having to hold the data themselves. This reduces the costs for fraud detection and data processing.
  • Use of identity data across multiple services is made convenient without the intermediary authority of an identity go-between.
  • Any instances of other parties accessing a user’s own data are made transparent to the owner in the form of transactions in the public ledger.
  • The data themselves stay with the users; for the first time, this ensures real sovereignty in dealing with one’s own data.

Entering a new era of digital security

Self-sovereign identity and decentralized identifiers are currently in an exploratory phase in which new use cases and opportunities are being discovered on an ongoing basis. At the same time, the technology is already being evaluated in numerous business sectors and corporate processes on account of its wide range of possible applications: How does it support new business models? Which technologies lend themselves to this? How can all this be realized pragmatically? This is where further potential will become apparent in the future. Companies that already make use of this are securing a head start, while also making a significant contribution to preventing data misuse and ensuring that more people trust digital ecosystems.

Do you want to drive digitization and cyber security forward in your company? Dr. Jan Ciupka and the experts from the Identity & Access Management team are already supporting numerous companies and corporations in implementing decentralized security concepts. They will also be happy to assist you as a sparring partner. You can get in touch with them here.