What is identity? In the analogue world identity is everything that defines us, it is shaped by the features we use to recognize someone.
In the digital world, identity is something more complex. To simplify it, we could say that it’s the electronic equivalent of “real” identity and that it’s also based on a series of features that are associated with its bearer, in this case, electronic data.
However, a trait of the digital identity over the real one is that it can be applied to both, people and electronic devices. And this is something that makes sense for the use of digital certificates.
Present (and future) of digital identities
The Internet has revolutionized our lives and allowed us to carry out procedures in a flexible, immediate and above all comfortable way: nowadays we can buy tickets for the cinema, stream the latest show from our living room (and even get around any restrictions thanks to sites like Avoidcensorship.org/) or check our bank account from the sofa with the click of a button. But to carry them out we have to identify ourselves in some way, to show that we are who we say we are. Thus, we use digital identities every time we make an online purchase, or when we access our bank account, but also when we sign a document digitally.
In some countries, digital identity is fully consolidated and has many applications in everyday life. Perhaps the most remarkable example is that of Estonia. This small Baltic country, of 1.3 million inhabitants, introduced in 2002 the digital identification system, based on the national registry and the national digital identity document. This document, mandatory for people over 15 years of age, allows its Citizens to vote, to buy public transport tickets, encrypt emails, renew their passport, access their medical records, sign documents and perform almost any type of online administrative management, anywhere at any time, and allowing users to own their own data.
But the Estonian system is only a foretaste of everything to come. In the future, as the bank BBVA points out, “it is expected that the number of market players connecting online to grow exponentially in the coming years. Thanks to the development of the Internet of Things, millions of objects, from refrigerators to containers connected to the Internet, will foreseeably begin to operate simultaneously and integrated, and it will also be necessary to establish standards to verify their identities.”
That is, there will be more and more users and devices connected to the Network.
Generating digital identities
A digital identity can be created through a digital certificate, a computer file issued by a Certification Authority (CA), based on asymmetric cryptography. The certificate contains data that is associated with a user or device (for example, your name or the copy of the public key).
The use of digital certificates has many benefits for organizations:
- Guarantee legal compliance
- High degree of security: protecting information and reducing risks of fraud
- Increased user and customer confidence
In turn, certificates can be applied to technologies such as the digital signature.
Before issuance, it is necessary to verify the identity of the certificate holder, to validate, through a one-step process and with official documentation, that the information to be certified is authentic, current and representative of the applicant.
Verification is typically performed by an identity provider. At present, there is no universal provider of digital identities, although governments and various private sector companies fulfill this function (e.g., through national identity documents). In this case, it is confirmed that this set of real data is effectively associated with an individual.
Generating digital identities
Currently, we find a scenario in which each user generates identities in different systems because:
- The data can be different from each other, have different origins and have been captured by various processes, unrelated to each other.
- Each data type is different.
- There is no common data repository, but each set can be found in a different system.
Managing identities becomes, therefore, a priority issue for organizations. It is necessary to have a system that allows you to associate and unify your data, provide access to all systems that must use them and, above all, offer a high degree of privacy and security.
nebulaSUITE, much more than digital signatures
nebulaSUITE is the all-in-one digital identity solution for organizations, the only one on the market that allows full cycle management of digital identity, both from workstations and mobility. Anywhere, at any time.
It provides the infrastructure for the creation of digital identities through the issuance of qualified digital certificates and their administration, a SaaS platform for certificate inventories, a centralized management system for telematic notifications of the Administration, a digital signature with legal recognition and dynamic multi factor authentication.
What are the benefits to organizations? Among others, guaranteed legal compliance with regulations such as eIDAS, comfort and flexibility (can be used from computers, mobile phones and tablets), thanks to the wide range of solutions offered.
Request your nebulaSUITE demo
Do you want to know everything nebulaSUITE can do for your organization? Request a demo here and find out now.
And follow us on social networks to be informed about news from nebulaSUITE and vintegrisTECH, to leave us your comments and to learn more about the digital identity. Connect with us on Twitter and LinkedIn, we are waiting for you!
This Blog Post has also been published on the Ciudad de la Justicia de Barcelona website (only in Spanish and Catalan)