Virtual ID: How digital identities work
published on 27.03.2020
It is now possible to prove your identity in the digital world. However, these identities must be particularly secure in order to prevent misuse and theft.
Identities on the net: Identification in virtual space
Identification in the real world:
A person’s identity is something that is both unique and unmistakable. It is defined on the basis of characteristic properties, i.e. so-called identity attributes. In the real world, these are physical features, such as a facial image, a fingerprint and personal data, such as name, address or date of birth. With a sovereign document, for example, an ID card, every physical person can prove their identity. Anyone wishing to open an account, for instance, or pass through a border control must prove their identity. Various security methods are used to protect these sovereign documents against forgery or manipulation. The holder’s passport photo on the document facilitates identification.
Identification in the virtual world
Even in the digital world, people have to prove their identity. A digital identity therefore includes the electronic data used to characterize a person with a physical identity. Attributes, such as user name and password, smart cards, tokens or biometric data are used. Anyone wishing to use online banking, for instance, or to log into forums, social networks or e-mail accounts must authenticate themselves using various method. Proof of the person's authenticity is provided by authentication at the platforms, forums or banks.
One example of this is the combination of username and password where the username refers to a person who uses a password to authenticate their identity. The system assigns the correct password to the person, thus authenticating them. This is proof of identity – also called electronic or digital identity. Both terms can be used synonymously.
Users should be able to maintain control over their digital identities, but the starting point is not always easy. The number of users and applications that require authentication has grown exponentially in recent years. This explains the trend towards the use of a few, but universally applicable digital identities, which today are classically provided by large technology groups, such as Google, Amazon, Facebook or Apple. The market for digital identities is thus being increasingly dominated by a few platforms. Their business model is based, among other things, on the commercialization of identities and the exploitation of user data. This is a critical development.
Secure digital identities protect private data
The majority of people today have a number of different digital identities that meet with various types of security requirements. This means that a physical person can move around the Internet with several digital identities. Once in possession of the right password or a valid PIN, for instance, to access online banking, criminals can access personal data, claim to be someone else in the digital world and act under that person’s name. Digital identities must therefore be secure in order to protect them against forgery, manipulation and theft.
Due to the large number of different identities, even on small platforms, the risk of data loss through cyberattacks is high. The lack of rigorous identity verification procedures increases the risk of identity fraud and cybercrime. Reliable and secure digital identities are therefore becoming the key technology for data sovereignty and are the foundation of the digital economy.
One secure way to identify yourself personally on site or digitally on the Internet is the German ID card. Holders can use the online ID function of this card and then send their data in encrypted form using special software. Individual attributes are also to be protected in future, for example, on a smartphone, and can be used as a so-called derived identity for mobile use. This will enable user authentication without an ID card.
By the way, for thousands of years, people have been developing methods to apply different, individual information to objects. Today, objects can also be given a digital identity. This allows them to be clearly assigned to different process steps and they can always be found, for instance, in logistics or in Industry 4.0.