The prerequisite for using the ID card's online ID function is a working infrastructure. The entire infrastructure is based on a public key infrastructure (PKI) for authorization certificates and a system to block ID cards. A variety of public authorities and institutions cooperate in the PKI.
- The Federal Office for Information Security (BSI) as the root CA operator,
- the Federal Office of Administration with its authority responsible for issuing authorization certificates (VfB) as the registration authority (RA) and
- the providers of certificates responsible for the technical aspects of issuing authorization certificates.
You can find an overview of all technical specifications in the Technical Guideline BSI-TR-03127 "Architecture Electronic Identity Card and Electronic Resident Permit".
Providers wishing to integrate the online ID function into their services need the following infrastructure components:
- Authorization certificate
- eID server or eID service
- eID client software and card reader (at the client's terminal or for the integration into terminals and vending machines)
With this components service providers can reliably identify themselves to their clients and establish a secure communication link with ID cards.
Detailed information on the technical infrastructure of the online ID function can be found in the Anwenderhandbuch für Wirtschaft und Verwaltung (manual for business and administration, available in German).