Method
- Investigate the transnational regulations around digital identity and extract key insights which several entities in Germany have in common
- Secunet, Signicat, Jolocom, Verimi, Gemalto
Summary
- Scope of application
- GDPR:
- Definition of personal data
- Regulation on Collecting and processing personal data
- Data subject rights
- eIDAS:
- Definition of Electronic Identification (eID) and trust services
- PSD2:
- Promotion of FinTech through open API
- Regulation on Strong Customer Authentication
- AMLD5:
- Regulation on money laundering through cryptocurrency-related services
- Regulation on extensive KYC (know your customer) process
- GDPR:
- GDPR
- Articles needed to be mentioned
- Article 4: Definition of the term “personal data”
- Article 6: Purpose of processing personal data
- Article 15~21: Related Rights
- Data processing through blockchain should be interpreted and protected differently from others
- Definition of personal data and stakeholders
- Data Subject Rights
- Articles needed to be mentioned
- eIDAS Regulation
- There should be the guideline about implementation requirements of Self-Sovereign Identity, which are necessary for eIDAS-compliant
- DIDs are not accepted by the EU as electronic signatures under eIDAS
- How to create cryptographic keys
- Verifiable Credentials
- There should be the guideline about implementation requirements of Self-Sovereign Identity, which are necessary for eIDAS-compliant
- PSD2
- SCA (Strong Customer Authentication) must be confirmed using a combination of two independent authentication factors from the following categories
- Something you own (Possession) - mobile phone, card, TAN generator
- Something you know (Knowledge) - PIN, password
- Something you are (Inherence) - fingerprint
- SCA (Strong Customer Authentication) must be confirmed using a combination of two independent authentication factors from the following categories
- AMLD5
- While identities and their data will not be on the blockchain, wallets will be required to have the ability to validate a claimed identity against an authoritative source
- ISO/IEO
- Standards related to digital identity are ISO/IEO 15408, 19784, 24760, 27000, 29146
- Common Criteria (ISO/IEO 15408) certification is specified for the products and systems related to information technology, thus standards about interoperation, system management and user training are not its business. ( → ISO 27001 etc.)