The term “self-sovereign identity” describes a concept that gives individuals or organizations control over their digital identity. It is commonly abbreviated to SSI. At the center of this concept is the management of identity data solely by the respective data subject. This new form of data sovereignty implies that individuals are autonomous and that their identity data is not managed by a central authority.
The technology used is based on internationally applied standards and protocols, enabling global utilization and interoperability between different implementations and providers. This prevents the classic lock-in effect and means that end users and institutions are not tied to a single provider, but can choose and switch between different providers and open-source implementations.
Currently, there are numerous initiatives dedicated to this topic, both within Europe and worldwide. In Germany, the IDunion Consortium offers a technical network and connects public and private partners to collaborate on the research and development of security-related, legal and organizational subject areas. The more than 40 partners include Commerzbank AG, Robert Bosch GmbH, Bundesdruckerei GmbH, Swisscom Trust Services AG and Deutsche Post AG.
Lissi Wallet: The digital wallet for your digital identity
Lissi, which provides software solutions such as the Lissi Wallet to end users, uses the ecosystem of IDunion to create trust. The Lissi Wallet allows users to receive, save, manage and present personal data autonomously. Data subjects can act as the carrier of their own information between different trustworthy domains. In addition, Lissi offers institutions the Institutional Agent, enabling them to establish private connections, issue verifications and create information requests, among other actions.
This facilitates communication with third parties without an intermediary authority through decentralized identifiers (DID), which do not require a third party (see figure). A user can save all their identity data in a wallet and present it to a third party on request. There are three forms of possible presentation:
1. Self-attestation: The data is added by the user themselves and is not verified by a third party or issuer.
2. Verifiable presentations: Certifications or parts thereof (individual attributes) are presented. These are issued by an authority and can therefore be verified.
3. Zero-knowledge proof: Statements are verified in regard to whether they fulfill a threshold value, which is above, below, equal to, greater or smaller than the selected value. This is currently still heavily limited to numerical values.
Currently, over 40 applications have been implemented in the IDunion project. These are used in a wide variety of sectors, such as public administration, the financial sector, IoT and industry, the healthcare sector, mobility sector and e-commerce. The technology has now exited the research phase and will appear in the first productive applications in 2021. The technology has also received a great deal of support from the German chancellor’s office, which is currently carrying out its own pilot projects based on SSI technology and wants to launch its first applications in the summer.
Communication with third parties without an intermediary authority is established through decentralized identifiers (DID), which do not require a third party.
Digital identity is one of the hottest questions in digitalization – and the concept of self-sovereign identity (SSI) one of the most compelling answers. At the same time, SSI is one of the most interesting areas of application for blockchain technology. At ti&m, we have been working with this concept for three years and have already realized the first early implementations based on pilot projects and prototypes. As you would expect when it comes to fundamentally new approaches and their underlying technology, we have gained new experience on every level, from the details of implementation to the overall business model. As a result, now that Lissi and IDunion have provided a technically stable and organizationally reliable platform for the European Economic Area, we can now draw on this experience for our first customer projects.
Try it out!
We have prepared a demo, so you can get familiar with the processes.
Our SSI projects so far
City of Zug – digital citizen's identity: The city of Zug has become the world's first city to offer its citizens a digital identity. Based on the blockchain Ethereum and the SSI solution uPort, interested citizens were able to download their SSI wallet and authenticate themselves for access to various services using their city-certified identity.
DigitalMe – expanded SSI ecosystem: In collaboration with the University of St. Gallen, the role of SSI in complex ecosystems has been examined and verified with a pilot implementation. Specifically, use cases from the finance industry were researched in conjunction with state-verified identity and external service providers.
Cantonal Bank – SSI-based ecosystem for rental deposits: A further ecosystem provides all the necessary services, processes and authorizations during the “rental” life cycle. By providing the rental deposit, the bank has positioned itself at the center of this ecosystem, thereby attracting and retaining new customers.
Healthcare system – issuing and claiming of prescriptions: This prototype, which was realized as part of a master's thesis, examines the entire workflow around the issuing and claiming of prescriptions. In this sense, the authorization to purchase a medication is an attribute of the patient's identity that is verified by a doctor and can effectively be presented to the pharmacy and health insurance for subsequent processing.
Healthcare system – In the latest application, we have implemented a COVID-19 test and vaccination certificate as part of a bachelor's thesis. The issuer (doctor, test center) certifies an attribute of the user's identity (<vaccinated>, <negative test>), which can then be presented to a third party (restaurant, bar, event organizer, etc.) via a QR code. Unlike first drafts of the European vaccination pass, photo identification is additionally used to ensure that the individual in question is the owner of the wallet and therefore of the smartphone.
ti&m's research and applications using SSI are being carried out within the wider context of digital identity. With successful products already on the market for online identification and digital onboarding, we are building a holistic solution for digital identity that is fit for the future and serves as the basis for a secure, effective digital business.