The prerequisite for using the eID is a working infrastructure. The entire infrastructure is based on a public key infrastructure (PKI) for authorisation certificates and a system to block ID cards.

A variety of federal authorities and institutions cooperate in the PKI.

• The Federal Office for Information Security (BSI) as the root CA operator,
• the Federal Office of Administration (BVA) with its Authority Awarding Authorisation Certificates (VfB) as the Registration Authority (RA) and
• the providers of certificates responsible for the technical aspects of issuing authorisation certificates.

You can find an overview of all technical specifications in the Technical Guideline BSI-TR-03127 "Architecture Electronic Identity Card and Electronic Resident Permit".

Providers wishing to integrate the eID into their services need the following infrastructure components:

Service providers pursuant Section 21 of the Act on Identity Cards and Electronic Identification need

• Authorisation certificate
• eID server or eID service
• For use by customers on their own devices: eID client software and NFC-enabled smartphone or card reader on the customer side
• For use by customers at client's terminals and vending machines: eID client software and card reader integrated into the device

Customers of an identification service provider pursuant to Section 21 b of the Act on Identity Cards and Electronic Identification need

• Connection to the interface (API) of the identification service provider (e.g. OpenIDConnect)

With these components service providers can reliably identify themselves to their clients and establish a secure communication link with ID cards.

Contact