responsibility finder
Schleswig-Holstein

Request authorization certificate for online ID card function

Source: Zuständigkeitsfinder Schleswig-Holstein (Linie6PLus)

Service Description

An authorization certificate is required for each electronic service that can be used with the online ID card, which authorizes authentication and authentication of the user and service provider.

The following can apply for an authorization certificate

  • Service providers and
  • Identification service providers
  • On-site service providers

The following authorizations are distinguished:

  • the proof of identity to online service providers,
  • on-site reading at service providers, and
  • the proof of identity vis-à-vis identification service providers.

Proof of identity vis-à-vis online service providers

The authorization certificate gives you permission to request and process data from ID cards to identify the holder. The authorization certificate and the verified electronic keys enable technical access. You can use it to integrate the online ID card function as a digital means of identification in your own online service or in a vending machine or terminal.
In your application, you must explain why you have an interest in using the online ID card function and how you will use the ID card holders' personal data. You must also ensure that the data is adequately protected.

On-site reading at service providers

Wherever personal data such as name and address are to be transferred to a form, an on-site readout is the best option. The data is read out and transferred electronically.
The cardholder is present in person. Before the data is read out, the authorization holder must identify the cardholder on the basis of the printed photo and personal data.
In the case of on-site readout, the PIN entry by the ID card holder is not required. It is replaced by the entry or technical recording of the access number (Card Access Number - CAN) on the front of the ID card by the authorization holder.

Proof of identity to identification service providers

Companies and public authorities can use a certified third-party service for proof of identity. The so-called identification service providers make the data from the use of the online ID function available to companies and authorities in individual cases.
Identification service providers must apply for authorization and the authorization certificate instead of the service providers.

They must also have their service certified by the Federal Office for Information Security.

The authorizations are each valid for a maximum of 3 years. They can be withdrawn immediately at any time in the event of a breach of the declaration made and of the law.

Note

As the applicant organization, you must commission the authorization certificate provider (BerCA) yourself. This means: On the basis of the positive authorization notice from the Federal Office of Administration (BVA), you conclude a contract directly with the authorization certificate provider (BerCA) for the technical procurement of the authorization certificate and the blacklists.


Process flow

You must apply for the Certificate of Eligibility in writing or online to the Federal Office of Administration (BVA).

Written application:

  • Go to the BVA website and fill out the application form electronically.
  • Print out the completed form and sign it.
  • Mail the completed and signed form, along with all other required documents, to the Certificate of Eligibility Awarding Office.
  • The awarding office will review your application.
  • You will then receive by mail
    • proof of eligibility or
    • a notice of rejection
    • or a request to submit a new application.
      sent to you.

Online application:

  • Go to the Federal Portal website and fill out the application form electronically.
    • Note: For the online function, you need your ID card with PIN number
  • Attach the other requested documents as a scan.
  • Submit your application.
  • The issuing office will check your application.
  • You will then receive either by mail or in your digital BundID mailbox.
    • the proof of eligibility or
    • a notice of rejection
    • (or a request for a new application).
      sent to you.
  • You must then select an authorization certificate provider (BerCA) to provide the authorization certificates and can then conclude a contract based on the positive authorization notice.
  • Now you can operate your own eID server or select a service provider as your eID service provider.

Notice:

eID service companies can support you with the procurement of the certificates for a fee and provide the complete infrastructure.

Requirements

Be able to apply for a certificate of authorization:

  • Service provider
  • Identification service provider
  • On-site service provider

Other requirements:

  • Service provider requirements for your credential acquisition:
    • Communicate and prove the identity of the service provider.
    • Description of the interest in an authorization underlying the application, in particular the planned organization-related use
    • Proof of data protection and security measures
    • There must be no evidence of misuse of the authorization
  • Special requirements for identification service providers:
    • Certificate of compliance from the German Federal Office for Information Security (BSI).
  • You also need your own eID server for operation or a service company as an eID service provider or
    • suitable software,
    • a reader for on-site reading, and
    • a suitable integration of the ID card application into your website or background system.
Which documents are required?

When submitting your application, you must submit:

  • Application form (completed and signed)
  • Privacy policy
  • Extract from the Commercial Register (for e-business only)
  • Description of the interest in authorization on which the application is based
  • For comprehension purposes, you can depict your business process using a flowchart and attach it to the application.
  • If you are using a technical service company, please attach the contract.
  • Certificate from the Federal Office for Information Security (BSI) (identification service providers only)
Legal basis
Appeal
  • Objection
  • Administrative court action
Applications / forms

Forms available: Yes

Written form required: Yes

Informal application possible: No

Personal appearance required: No

Online services available: Yes

What else should I know?

There are no clues or specifics.

Author
Technically approved by

Federal Ministry of the Interior and Home Affairs (BMI)

Process flow

You must apply for the Certificate of Eligibility in writing or online to the Federal Office of Administration (BVA).

Written application:

  • Go to the BVA website and fill out the application form electronically.
  • Print out the completed form and sign it.
  • Mail the completed and signed form, along with all other required documents, to the Certificate of Eligibility Awarding Office.
  • The awarding office will review your application.
  • You will then receive by mail
    • proof of eligibility or
    • a notice of rejection
    • or a request to submit a new application.
      sent to you.

Online application:

  • Go to the Federal Portal website and fill out the application form electronically.
    • Note: For the online function, you need your ID card with PIN number
  • Attach the other requested documents as a scan.
  • Submit your application.
  • The issuing office will check your application.
  • You will then receive either by mail or in your digital BundID mailbox.
    • the proof of eligibility or
    • a notice of rejection
    • (or a request for a new application).
      sent to you.
  • You must then select an authorization certificate provider (BerCA) to provide the authorization certificates and can then conclude a contract based on the positive authorization notice.
  • Now you can operate your own eID server or select a service provider as your eID service provider.

Notice:

eID service companies can support you with the procurement of the certificates for a fee and provide the complete infrastructure.

Requirements

Be able to apply for a certificate of authorization:

  • Service provider
  • Identification service provider
  • On-site service provider

Other requirements:

  • Service provider requirements for your credential acquisition:
    • Communicate and prove the identity of the service provider.
    • Description of the interest in an authorization underlying the application, in particular the planned organization-related use
    • Proof of data protection and security measures
    • There must be no evidence of misuse of the authorization
  • Special requirements for identification service providers:
    • Certificate of compliance from the German Federal Office for Information Security (BSI).
  • You also need your own eID server for operation or a service company as an eID service provider or
    • suitable software,
    • a reader for on-site reading, and
    • a suitable integration of the ID card application into your website or background system.

Which documents are required?

When submitting your application, you must submit:

  • Application form (completed and signed)
  • Privacy policy
  • Extract from the Commercial Register (for e-business only)
  • Description of the interest in authorization on which the application is based
  • For comprehension purposes, you can depict your business process using a flowchart and attach it to the application.
  • If you are using a technical service company, please attach the contract.
  • Certificate from the Federal Office for Information Security (BSI) (identification service providers only)

Legal basis

Appeal

  • Objection
  • Administrative court action

Applications / forms

Forms available: Yes

Written form required: Yes

Informal application possible: No

Personal appearance required: No

Online services available: Yes

What else should I know?

There are no clues or specifics.

Author

Technically approved by

Federal Ministry of the Interior and Home Affairs (BMI)

Further information and offers