The new face of identity management

Article: The new face of identity management

12/2020 – How can every person, every enterprise, and every machine maintain control over their online data? How can the internet be used more safely and easily? To answer this question, DB Systel has successfully tested the blockchain-based concept of self-sovereign identity.

There is no question that internet technology has enriched our lives, and has helped enterprises design more effective workflows and business processes. However, it is also true that most people in Germany today have an average of 78 online accounts. Besides the ever-present risk of forgotten passwords, it also means that many internet users have lost control of their personal data. And not only is it difficult and costly for enterprises to provide encrypted identities for employees and customers, there is generally little trust in data security.

But what if there were a secure alternative to the way we use the internet today? A straightforward, reliable method that allows people and enterprises to communicate, consume and even share sensitive data securely? A system that does not require the services of internet giants such as Google or Facebook, that leaves no opportunities for cybercriminals and that does not even require a password?

Too good to be true? It isn’t. DB Systel has just completed a ground-breaking internal technical experiment involving 160 DB Systel employees, who had all volunteered to test the blockchain based technology, self-sovereign identity (SSI), a self-determined digital identity, over a period of two months. This gives internet users control over the collection and use of their personal data on the internet.

"SSI represents the next evolutionary step in identity management."

Claudia Plattner, CIO, DB Systel GmbH

Claudia Plattner

The test ground for the pilot project was the login for the project management software JIRA. According to Claudia Plattner, CIO of DB Systel, “SSI represents the next evolutionary step in identity management.” Daily logins were performed by scanning a QR code on a mobile device (mobile phone). The employees had previously downloaded a digital wallet, a wallet app, from the internet and made a one-time request for authorization, a credential, to use JIRA, which was also granted. As a result, the username and password no longer had to be entered each day!

Abbildung_1_E
A ‘digital wallet’ could replace many traditional forms of evidence


The opportunities offered by a decentralised SSI network concept are huge. SSI networks could drastically change how people use the internet in the coming years, enabling every internet user to allow other people, enterprises or organisations to verify parts of their identity. This could include the fact that the user is a genuine employee of an enterprise, that their university degree is genuine, that the user has an income, a driving licence, a place of residence – and has just transferred payment for a pair of trainers to the online shop.

Decentralised server structures for data security

A popular option that is criticised by data protection experts is the social login, with which users can avoid having to enter additional logins for third-party providers by simply entering their password for a social network such as Facebook. In an SSI network, on the other hand, the user retains full control over his or her data. This option only gives others permission to verify essential information, but not to own or evaluate it. This is possible thanks to blockchain technology, which uses decentralised servers and decentralised identifiers (DID) to initiate verification communication between the internet user’s SSI, the issuer of the credential (a bank or employer for example) and the verifier (e.g. an online shop or mobility service provider).

To enable the verifier to check the information for authenticity, matching keys (public keys) are also stored on the SSI network when the evidence is transferred to the holder. These keys then allow the verifier to verify the authenticity of the information beyond doubt.

Important: except for DIDs, nothing is stored on the blockchain infrastructure. The DIDs contain only one set of technical information; for example, the public key required to complete the ‘data transaction’, the ‘public key’, and the indication of which communication channel must be used to verify the information in the holder’s end device. No user data is stored here.

Improving business with SSI

SSI information technology offers much more than a data-protected means of online shopping, as Claudia Plattner explains: “DB’s interest in SSI is clearly also commercially justified.” SSI is ideal for identifying clients, partners and institutions on the basis of minimal data and a GDPR-compliant concept. SSI can be used to make Bahncards counterfeit-proof, to organise verifiable travel chains with other enterprises or to issue certificates for trackworkers.

Abbildung_2_E
Digital evidence for people, institutions, and things – for all facets of identity


“It is also important that things are able to identify each other,” says Claudia Plattner. “When a train enters a station, for example, the action can be settled. Or if a train wants to provide evidence that it has been serviced.” This can also be done via SSI. The SSI thus serves as a train’s proof of identity – and in the Internet of Things, the station could use it to check the existence of security certificates in a counterfeit-proof manner.

The DB blockchain platform

From 2021, DB Systel will be offering the DB Blockchain Platform as a Service (BPaaS); an IT infrastructure and hosting of cloud-based blockchain solutions. This blockchain IT landscape will thus support the provision of future blockchain services within a rail context, such as the implementation of self-sovereign identity (SSI). Group customers will have swift, straightforward access to the rail-friendly blockchain infrastructure. The central platform is compliant with EU data protection (GDPR) requirements and will ensure the stable operation of all blockchain applications.

How relevant will SSI become, and when can we expect this? “Initial local applications could be deployed by the end of next year,” says Matthias Felder. The situation will be different for Group-wide projects and interaction between enterprises, however. Claudia Plattner: “There are numerous commercial projects and initiatives taking place worldwide as well as at state level. I predict that SSI will be in widespread use in ten years.”

"Initial local applications could be deployed by the end of next year."

Matthias Felder, PO Blockchain Customer Experience, DB Systel GmbH

Matthias Felder

DB Systel is a member of the DB Group’s industrial consortium SSI for Germany (SSI4DE), which is supported by the German Federal Ministry for Economic Affairs and Energy. In August 2020, SSI4DE launched a decentralised blockchain test network for digital identities as the foundation for a data-secure ecosystem for business, administration and citizens. It is to be used for exchanging a wide variety of information – from registration data, certificates, admission tickets and travel documents through to traditional logins.

At EU level, the introduction of a blockchain-based identity in the form of a ‘wallet’ for the storage of ID or health cards is planned from as early as 2022. Claudia adds; “This topic looks set to gain a lot of momentum. Personally, I am delighted that DB Systel is involved in such a major project and demonstrating the practicality of SSI. Technology can improve life and make it easier.”