🔔 Prepare for eIDAS 2.0 now: with workshop & live testing of your use cases.

Digital identity management

Grafik mit rechts einem Text: Der Modulare Baukasten für sichere digitale Workflows. Links Icons innerhalb einer viereckigen Form, welche Ident, Sign, Authent und Pay darstellen.

Share

When it comes to the protection and management of digital identity data, companies need to be able to respond flexibly to constantly changing requirements. Every company has specific needs, whether in terms of security requirements, user experience or industry-specific requirements. This is precisely where the modular concept offers many advantages: instead of rigid, pre-packaged solutions, it allows companies to put together individual components, expand them as needed and adapt them to their own processes.

This provides companies with customized solutions for their workflows, while ensuring that they meet all compliance and security requirements. A modular system like this is also available for digital identity management, enabling efficient implementation of customized solutions for onboarding and customer identification, for secure authentication or for value-added services such as digital signatures, payments or attribute checks – whether for highly sensitive data in the healthcare sector or for data-based processes in other industries.

In this blog, you will learn how Verimi uses a modular approach to develop and operate secure and customized digital workflows for partner companies, what specific use cases exist, and why security and user-friendliness do not have to be contradictions. Read on to understand how these solutions can help your organization remain future-proof.

Modular components for seamless digital identity management Verimi offers a platform with modular components specifically designed for digital identity data management. The basic framework consists of three modules: identification methods (Ident), authentication procedures (Authent) and value-added services. These modules are all certified to a high level of security and can be used flexibly. Ident: (A) natural persons: With eight different identification methods and over 20 process variants, the Verimi platform offers maximum flexibility depending on the application and the required level of trust. The eight basic methods for establishing the identity of natural persons include:

  • Online ID verification: eID function of the German ID card
  • eGK-Ident: electronic health card of the health insurance companies
  • photo-ident: ID photo or ID video and selfie
  • Bank-Ident: log-in to online banking for proof of identity
  • video-ident: video call with a trained agent
  • wallet-ident: retrieval of the verified data from the ID wallet
  • Post-Ident: Visit to the local post office
  • Local-Ident: On-site dialog with the trained employee at your own POS / POC.


(B) Legal entities:
Verimi is authorized and certified to verify the identity of natural persons in accordance with eIDAS. This means that companies in the common legal forms can be identified, including the determination and verification of powers of representation. Authentic: Various options are available for logging in, including single sign-on (SSO) with or without two-factor authentication (2FA). Biometric methods, PINs or the use of eID and eGK for authentication provide additional convenience and security. Verimi also supports flexible user flows:

  • App-to-app flow: the user starts in a mobile app and is redirected to the identification app on the same device.
  • Web-to-app flow: the user is guided via a web application to the identification app on their mobile device using a QR code.
  • Two-device flow: the user scans a QR code to carry out the identification process using a different mobile device.


Value-added services:
Based on identification and authentication, numerous value-added services can be used, such as:

  • Sign: The Verimi platform offers different signature levels, depending on the legal requirement, e.g. the qualified electronic signature (QES) or the advanced electronic signature (AES).
  • Pay: In the integrated user experience, payments can be made via direct debit or the payment initiation service.
  • Checks: Based on the available attributes, checks can be carried out, such as age verification or ID confirmation. Results are transmitted according to the ‘selective disclosure’ principle, for example as a yes/no result.
  • Creditworthiness: Using defined AAAPIs, the ID data can be enriched with external creditworthiness data at the request of the partner company and with the consent of the user.
  • Company accounts: Company accounts including the assignment of roles & rights with powers of representation can be managed in the Verimi platform. This is useful, for example, for storing the signing authority in the name of the company using QES and thus digitally storing specific powers of attorney in business transactions.


Secure hosting and operator exclusion
: In addition to secure identification, authentication and value-added solutions, hosting also plays a central role. Verimi offers flexible hosting with or without operator exclusion. All data is stored securely, with various cloud environments available in the established integration, up to and including Deutsche Telekom’s Open Sovereign Cloud (OSC) – or, if desired, the respective partner company’s own hosting infrastructures can be used. Thanks to the cloud-based wallet infrastructure with the highest security levels, users can continue to access their data securely even if a mobile device is lost or stolen. Verimi has developed various modules in customer lifecycle management to enable, for example, a secure reset of access or a secure change of the second factor. Thanks to the personal encryption of the data, administrators have no access to the sensitive data. In addition, the Verimi platform offers users full transparency of all transactions via a data cockpit, so that they can always see what data they have shared with whom.


High security standards and the best user experience
. One key point is to strike the right balance between high security and a seamless user experience. High user acceptance is crucial for digital identity management solutions to catch on. To make sure that ID processes can be used by a large customer group, care should be taken from the outset to integrate digital identification procedures into processes without media discontinuity. Switching devices, e.g. by forcing the installation of an app or session handovers using QR codes, should not be the norm. It should be possible to carry out the initial identification process on all common devices, but at least on a smartphone (e.g. Android, iOS), whereby there should be no compulsion to download an ID app. Also, try to cover different document types with your initial identification procedure in order to expand your user group (e.g. ID card, passport, driver’s license or residence permit). When choosing the appropriate identification procedure, the specific application should be considered in order to define the right mix of identification methods for the respective target group. One innovative solution is the seamless connection with Wallet-Ident – customers go through an identification process at a partner company and automatically create their personal ID wallet in the background. For future identifications, the system automatically checks whether Wallet-Ident can be used to always ensure the best possible user experience. Wallet-Ident is superior to all classic one-time identification processes – especially in terms of customer experience, conversion and costs. In future use cases, customers, employees or suppliers will be able to access their verified ID data easily over and over again. This avoids the repeated use of “disposable IDs”, i.e. data that can only be used for a single specific application – and the user has to repeat this “disposable process” for each application. Instead, once the data has been verified, it is stored digitally and securely in a comprehensive ID wallet, from where it can be securely accessed by the user at any time. This not only saves time, but also ensures an optimal user experience. High security and customer satisfaction are increasingly becoming a critical success factor in the digital world, and it is important to reconcile these two aspects in order to offer sustainable solutions.

Example of secure use cases: The telematics infrastructure. A customized setup is often required for specific company requirements. This is where the full potential of Verimi’s modular wallet construction kit comes into its own. Special requirements can be flexibly adapted to the respective application and expanded as needed. This results in a customized application with tailored attributes and functions that meet the specific needs of individual industries. One example of the use of Verimi technology is the telematics infrastructure in healthcare. Personal health data is among the most sensitive information and requires the highest security standards. Applications such as e-prescriptions and electronic patient files are fully digitized and can be used with Verimi’s highly secure identification and authentication processes. Combining the high security requirements in the healthcare sector with a consistently digital user experience – without the need for physical cards such as the electronic health card or the eID (online ID function of the ID card) – is particularly challenging. These complex requirements necessitate the use of several components. For use in the healthcare sector, these are:

  • Authorization: An authorized application for the sectoral identity provider (Sek-IDP) in the German healthcare sector.
  • SDK: The Verimi app is integrated into the health insurer’s app as an SDK, bundling all functions into one application.
  • Security: The cloud solution’s trust level meets the highest security requirements (gematik_high).
  • Cloud: The solution is operated in a highly secure manner in Deutsche Telekom’s sovereign cloud – in conjunction with the application at the gematik_high trust level.
  • Federation: The application acts as a federated IDP, ensuring secure, decentralized authentication.
  • Privacy: There is a strictly separated data storage to ensure the protection of sensitive health data.


Diverse use cases and applications
The modular system for digital identity management can be flexibly adapted to a wide range of use cases. However, not only highly security-oriented industries, such as healthcare, benefit from digital identity management – other sectors also have an increasing demand for secure, efficient and flexible solutions, for example:

  • Mobility: The digital administration of driving licenses and qualification certificates of internal or external employees/network partners.
  • Chamber-based professions: Lawyers, auditors or architects use identity solutions to enable the digital verification of their clients’ powers of attorney at the interface with public administration.
  • Travel: Advance identification of passengers and digital visa administration ensures smooth and secure processes.
  • Access management: Visitors to companies, institutions and factory premises identify themselves digitally and authorize themselves by means of corresponding proof of qualification or invitations.

These use cases illustrate how flexibly digital identity management can be used in different industries to efficiently solve specific challenges.

Conclusion: Verimi offers companies a modular toolkit for implementing secure digital workflows. The platform is highly versatile, suitable for use in both heavily regulated sectors such as healthcare and other areas. With its proven modules, high level of security and flexible deployment options, Verimi ensures that companies can digitize their processes efficiently and securely.