Technology
Article
The prerequisite for using the ID card's online ID function is a working infrastructure. The entire infrastructure is based on a public key infrastructure (PKI) for authorization certificates and a system to block ID cards. A variety of public authorities and institutions cooperate in the PKI.
The Federal Office for Information Security (BSI) as the root CA operator,
- the Federal Office of Administration with its authority responsible for issuing authorization certificates (VfB) as the registration authority (RA) and
- he providers of certificates responsible for the technical aspects of issuing authorization certificates.
You can find an overview of all technical specifications in the Technical Guideline BSI-TR-03127 "Architecture Electronic Identity Card and Electronic Resident Permit"
Providers wishing to integrate the online ID function into their services need the following infrastructure components:
Service providers pursuant Section 21 of the Act on Identity Cards and Electronic Identification need
- Authorization certificate
- eID server or eID service
- eID client software and card reader (at the client's terminal or for the integration into terminals and vending machines)
Customers of an identification service provider pursuant to Section 21 b of the Act on Identity Cards and Electronic Identification need
- Connection to the interface (API) of the identification service provider (e.g. OpenIDConnect)
With this components service providers can reliably identify themselves to their clients and establish a secure communication link with ID cards.