How to become a service provider
Article
Here businesses can find out which steps are necessary to get authorisation to use the eID function of the ID card.
Get informed
The eID can be integrated into all web services in which your customers must clearly identify themselves. The required data are transmitted securely, seamlessly and correctly to your IT system.
On this page you will learn how to become a service provider.
Other pages provide information on the benefits of the eID for you and your customers and examples of commercial online services that can be accessed using the eID.
The Act to Promote the Electronic Identification Function (available in German: Gesetz zur Förderung des elektronischen Identitätsnachweises) provides the legal basis for integrating the eID in your own online services.
To use the data stored in the eID, you will need official authorisation, or to quote the aforementioned Act, an “authorisation certificate”.
When using online identification with the eID, both sides have to prove their identity. This means that during the online identification process with the eID your customers can see who is receiving their data. At the same time, the valid official authorisation certificate confirms to them that you are a service provider who meets the high standards of data security that are required by law.
With the eID, your customers can transmit their personal data to you from any location. If customers are present at your premises, you can use the on-site reading function to electronically transmit the data from the chip, avoiding the risk of typing errors. In this case, identity is verified by checking whether the person using the eID matches the photograph contained in the eID. The data are then accessed in the presence and with the knowledge of the person in question by entering the card access number (CAN). To use the on-site reading function, you also need official authorisation.
Authorisation certificates are issued and managed by an office called the Authority Awarding Authorisation Certificates (VfB) at the Federal Office of Administration (BVA).
Know the steps in the process
If you want to integrate the eID into your applications, there are several options to choose from. The steps you need to take are explained below.
1. Designing the service
You start off by designing your service. You need to decide whether you want to offer the eID and/or the on-site reading function.
At this stage, you define, among other things, which data from the identity card are necessary for electronic identification, such as first name, last name and date of birth. The list of data stored on the chip can be found in section 18 (3) of the Act on Identity Cards and Electronic Identification (Personalausweisgesetz, PAuswG) and in the form preview (available in German) of the online application on the website verwaltung.bund.de.
2. Identification as part of your own service or via a third-party service
Once you have designed your service, you have two options:
- You carry out identification as part of your own online service. This means that you have to apply for official authorisation from the Authority Awarding Authorisation Certificates (VfB).
- You carry out identification via a certified third-party service as part of your online service. This means that you have to decide on an identification solution to use in your online service.
3. Identification as part of your own service: applying for official authorisation
If you decide to carry out identification as part of your own online service, you must submit an application for an authorisation certificate to the Authority Awarding Authorisation Certificates (VfB). You can do this digitally on the website verwaltung.bund.de, in writing or in person.
The VfB will issue you with an authorisation certificate under the terms of section 21 (2) of the Act on Identity Cards and Electronic Identification on condition that
- you inform the VfB of your identity as the service provider and provide proof of your identity,
- you briefly explain your organisation’s interest in the use of the eID,
- you undertake to comply with corporate data protection, and
- the VfB has no reason to suspect that data will be misused.
Once the VfB has issued you with an official authorisation certificate, this information will be published in the list of all valid authorisation certificates (available in German).
4. Acquiring technical authorisation certificates and an eID server
Once you have received official authorisation, you must choose a provider that will issue technical authorisation certificates on your behalf (known as “BerCA”) and make a contract with that provider.
Now you need an eID server.
You can either set up your own eID server or use a third-party eID server or engage an eID service provider.
Your eID server or eID service provider needs to be able to connect with the systems of your chosen BerCA provider, since the technical authorisation certificates issued by your BerCA (which are valid for 48 hours) and the revocation lists are provided online.
5. Connecting your online service to the eID server and operating your service
You can use the eID interface or the SAML connection to link up your online service with the eID server. This depends on the eID server you are using.
If you are using an eID service provider, they will tell you which technical procedures are used for the eID connection and which software support is provided for which platforms.
If you provide identification as part of your own online service, you need to ensure that it works with the eID and the eID client, for example the Federal Government’s AusweisApp. You can find more information about the technical procedure and mutual authentication here.
Apply for official authorisation
There are three ways of applying for official authorisation to use the eID and its potential uses:
- digitally on the website verwaltung.bund.de (recommended),
- in writing,
- in person at the Authority Awarding Authorisation Certificates (VfB).