Digital identities: A key issue for our society

Already part and parcel of everyday life

Watching Netflix movies, participating in Internet forums, ordering goods online, transferring money or booking flights from home, for many of the things we do online in our private lives, digital identities serve as door openers. Our digital identities are also used on a daily basis at work, for example, to remotely maintain machines or to log into a team platform and signal to the system: I am this person and I am authorized to work in this application.

Modern administration too needs digital identities. With the Online Access Act (OZG, Onlinezugangsgesetz), which is to be implemented by the end of 2022, the legislator is laying the ground work for a digital administration and responding to demands by citizens and companies for efficient, user-friendly government services. The implementation of the Online Access Act will lead to a further surge in demand in the area of digital identities. After all, it must be possible to check who is in fact applying for child benefits or registering a business.

Exponential growth

The number of applications where digital identities are used is growing exponentially. This makes it all the more important to check carefully whether the party at the other end of the line really is who they claim to be.

The access area in digital systems corresponds, figuratively speaking, to an entrance gate where you must identify yourself in order to enter. Here, however, this is carried out in electronic form, for example, using an ID with the eID function, a signature card with a certificate, a smartphone, a password or biometric features. For high-security requirements, two or more factors are often required. Without digital identities, many technical systems as we use them today would be inconceivable. Digital identities are the basis for every secure digital process.

Global trend towards mobile use

Digitalization is also having an impact on traditional ID documents like passports, driving licences or ID cards. Many documents that we carry with us in physical form today will probably soon be available on mobile devices. In some countries, the digitalization of sovereign documents is already well advanced. Norway and Kosovo, for instance, have already introduced digital driving licences. What’s more, work is also underway at international level to standardize electronic travel documents. There are already signs of corresponding projects that are focused around ‘Digital Travel Credentials’. It’s only a matter of time before we see travellers from all over the world travelling with digital proof of identity.

That’s why the high level of protection afforded by traditional ID documents, which is achieved by holograms, security threads, etc., must also be transferred to electronic identification procedures. The eID function of the German ID card already formed a bridge to the digital use of sovereign documents a number of years ago. A consortium led by Bundesdruckerei is currently working on the OPTIMOS 2.0 project to bring a derivative of the ID card to the mobile phone, so that this can be used as proof of identity. In this case, the original sovereign document is retained as the central source of identity and is still needed for situations with high‑security requirements.

Digital identities require comprehensive infrastructure

As with all innovations, we are talking about more than just the digitization of individual documents. Secure digital identities require comprehensive infrastructure and the digital identity is much more than an app on a phone. Behind this is a complex background system that covers the entire cycle of secure identities – from personalization and verification to updating data and blocking or decommissioning.

The issue of user-friendliness is inseparably linked with technological security. This means that handling digital identities must be simple and understandable and seen to be trusted, so that security mechanisms can be turned into real protection in everyday life. One criterion which our technical experts focus on is the control that the user has over their data: Everyone should have as much control as possible over where their personal data goes.