Technology

type: Article

The prerequisite for using the ID card's online ID function is a working infrastructure. The entire infrastructure is based on a public key infrastructure (PKI) for authorization certificates and a system to block ID cards. A variety of public authorities and institutions cooperate in the PKI.

The Federal Office for Information Security (BSI) as the root CA operator,

  • the Federal Office of Administration with its authority responsible for issuing authorization certificates (VfB) as the registration authority (RA) and
  • he providers of certificates responsible for the technical aspects of issuing authorization certificates.
    You can find an overview of all technical specifications in the Technical Guideline BSI-TR-03127 "Architecture Electronic Identity Card and Electronic Resident Permit"

Providers wishing to integrate the online ID function into their services need the following infrastructure components:

Service providers pursuant Section 21 of the Act on Identity Cards and Electronic Identification need

Customers of an identification service provider pursuant to Section 21 b of the Act on Identity Cards and Electronic Identification need

  • Connection to the interface (API) of the identification service provider (e.g. OpenIDConnect)

With this components service providers can reliably identify themselves to their clients and establish a secure communication link with ID cards.

Federal Office of Administration, Authority Awarding Authorization Certificates

Questions and answers