The prerequisite for using the ID card's online ID function is a working infrastructure. The entire infrastructure is based on a public key infrastructure (PKI) for authorization certificates and a system to block ID cards. A variety of public authorities and institutions cooperate in the PKI.

• The Federal Office for Information Security (BSI) as the root CA operator,
• the Federal Office of Administration with its authority responsible for issuing authorization certificates (VfB) as the registration authority (RA) and
• the providers of certificates responsible for the technical aspects of issuing authorization certificates.

You can find an overview of all technical specifications in the Technical Guideline BSI-TR-03127 "Architecture Electronic Identity Card and Electronic Resident Permit".

Providers wishing to integrate the online ID function into their services need the following infrastructure components:

Service providers pursuant Section 21 of the Act on Identity Cards and Electronic Identification need

• Authorization certificate
• eID server or eID service
• eID client software and card reader (at the client's terminal or for the integration into terminals and vending machines)

Customers of an identification service provider pursuant to Section 21 b of the Act on Identity Cards and Electronic Identification need

• Connection to the interface (API) of the identification service provider (e.g. OpenIDConnect)
  With this components service providers can reliably identify themselves to their clients and establish a secure communication link with ID cards.

Contact