Electronic identities (eIDs) enable people to provide digital proof of their identity -- for example, to online service providers or border control authorities. Ensuring the secure implementation of such identities requires appropriate electronic identity documents and corresponding eID infrastructure.

Electronic identity documents differ from those commonly used in the past in that they have an integrated chip. The personal data of the holder is also stored on this ID chip in electronic form. Examples of such documents include electronic ID cards, electronic passports, and electronic residence permits. Alternatively, the data in question can be stored in a 2D bar code (a digital seal) and cryptographically signed. This has been implemented in proof of arrival documents, for instance. To learn more about the data involved, the exact manner in which it is stored, and the advantages this offers, please refer to the descriptions of the individual types of documents.

The BSI ensures the security of electronic identities and identity documents by developing specifications and contributing to the piloting and implementation of new technologies. In particular, the technical development of a new electronic identity document involves the topics covered below.

Concepts, Technical Guidelines, protection profiles, studies

The BSI creates concepts, Technical Guidelines, specifications, protection profiles, and studies on the following subjects:

• The data exchange format required between data collection and ID card production (BSI TR-03104)
• The formats of the data stored on ID cards (BSI TR-03110)
• The security of the data stored on ID card chips (BSI TR-03110)
• Chip cards and readers (see Protection Profiles)
• Biometrics in electronic identity documents (BSI TR-03121) and public key infrastructures (PKI)
• Assessing the assurance level of identity verification procedures (BSI TR-03147)
• Assessing the assurance level of electronic identities and trust services (BSI TR-03107)

Coordination

The results of these efforts are continually coordinated with various national and international institutions, including:

• The Federal Ministry of the Interior (Germany)
• The Federal Commissioner for Data Protection and Freedom of Information (Germany)
• The Federal Criminal Police Office (Germany)
• Other public authorities
• National standardization committees such as DIN and DIF
• International committees such as CEN, ISO, and ICAO

Piloting

Since the inception of electronic identity documents, their implementation has required pilot projects in various areas. Here are some examples of efforts that the BSI has initiated, carried out, and / or supported:

• Testing of chip cards
• Development of readers for various use cases
• Development of reader software
• Development of middleware to serve as the link between identity documents and user software
• Testing of application procedures
• Establishment of infrastructure for the identity verification applications used by corresponding public authorities
• Development of applications for non-sovereign uses
• Testing of biometric procedures

Quality assurance

The BSI's activities in assuring the quality of the hardware and software required in the context of electronic identity documents involve two main areas:

• Creating test specifications
• Conducting interoperability tests

Support

The BSI's tasks also include assisting a variety of institutions, such as:

• Public authorities in Germany (e.g. the Federal and State Police and the Federal Foreign Office)
• Producers (e.g. document creators, manufacturers of reader devices, and developers of application software)
• Service providers (e.g. trust centres and service provider data centres)