The German ID card with the online ID function
Every German citizen aged 16 and over has one in their wallet: an ID card. In 2010, the once book or laminated card was transformed into an ID card with an online ID function, opening the door on a new era. Bundesdruckerei GmbH produces this electronic ID document on behalf of the Federal Ministry of the Interior, Building and Community (BMI). This is the first card that allows its holder to identify themselves in both the analogue and the digital world.
This theme special focuses on outstanding features, such as the online ID function, and the future of mobile identity processes.
The German ID card with the online ID function
Efficient, simple and secure: that sums up the German ID card with the online ID function. Fitted with a chip, this card can also be used as a means of identification in the digital world, hence the name online ID card. At the same time, it is one of the most forgery-proof ID documents of all. The electronic ID document is produced by Bundesdruckerei GmbH, one of Germany’s leading IT security companies.
How often is the online ID card used and for what purposes? See our infographic for an overview.
The online ID function
It is now possible to deal with public authorities or private businesses from the comfort of home. Since November 2010, ID cards in Germany have been fitted with an additional component, i.e. an electronic storage medium in the form of a chip which stores personal and biometric data.
The ID card with the online ID function can be used by its holder to securely confirm their identity online and to use online services.
In addition to the online ID function, all that is now required is a user-selected PIN and a reader – for instance, a smartphone – and the corresponding data can be passed on for identification and authentication.
Identify yourself digitally? We will show you step by step how it works using a smartphone: the how-to infographic.
In addition to the ID card, the electronic residence permit (eAT) has also been fitted with the online ID function since 2011. What’s more, work is underway to introduce an eID card which will also allow EU citizens to use the online ID function.
Using the online ID function
More than 100 services now offer online identification with the ID card. These include the currently most frequently used service, the online pension information service, but also car registration or student-loan applications as well as services provided by private companies, such as insurance companies, banks or telecommunications providers.
For this purpose, the federal government has introduced the free app AusweisApp2 which establishes a secure encrypted connection between the online ID card, the smartphone and the provider of the corresponding service.
We examined just how well‑known this online ID function is and how much it is used:
Although many of those surveyed know about the online ID function on their ID card (68 percent), more than half of them (57 percent) do not use it. Why is that? A lack of interesting offers was the reason stated by 29 percent, while 21 percent prefer to deal with public authorities in person. Due to corona, this behaviour has changed somewhat. More than half of the respondents stated that they have tried out the online ID function or use it more often – most likely for online dealings with public authorities.
Suggested reading for the online ID function
The following articles provide a good insight into the various ways in which the online ID function can be used. While the magazine article entitled ‘10 Years Online ID’ takes its readers on a journey into the past, from the beginnings of the ID card requirement to today's possibilities of online identification, the article ‘The smartphone as an ID card’ looks to the future and to how the ID card comes onto the smartphone. How these mobile identities can be encrypted and secured is the subject of the article entitled ‘Mobile identities: Handling important matters using a smartphone’.
Mobile first: The beginning of a new ID era
When Germany introduced the online ID function of the ID card in 2010, it paved the way for digital, sovereign identities. The question today is what the digital sovereign identity could look like in the future. Especially for government applications, data security is the top priority. How will the ID card become a universal, secure and mobile means of authentication? How can the administration and the economy benefit from this?
The OPTIMOS 2.0 project, headed by Bundesdruckerei as consortium leader and backed by the Federal Ministry of Economics and Energy, is working to create an infrastructure for secure online authentication on websites and apps using smartphones. This will ensure that digital identities are protected against forgery, manipulation and theft.
Trust in the provider of a digital identity
Digital identities are a must for any modern public administration. A digital identity is essential when it comes to identifying yourself in the digital world. But to prevent abuse and theft, these identities must be particularly secure. In our survey we asked which provider of such a digital identity is most trusted. The largest number (49 percent) place their trust in the state, i.e. Germany. However, the survey also revealed that there is still considerable skepticism about this offer in general: 29 percent of those surveyed said they did not trust any of the providers listed, eight percent trust the EU and only a negligible number trust private providers, regardless of whether they are based in Europe or the US.
Up to now, users have had to have their physical ID card at hand at all times in order to use the online ID function – be it with their smartphone or card reader. But this could also change in the future.
Derived mobile ID – OPTIMOS 2.0 and ONCE
As part of the OPTIMOS 2.0 project funded by the Federal Ministry of Economics and Energy (BMWi), a study was conducted to see how smartphones can be made so secure and trustworthy that even an ID card can be transferred to them. In the mobile variant, the citizen’s personal data is initially transferred (derived) to the smartphone and stored there in a Secure Element (SE) – the so-called derived identity can then be used at any time without the need for the physical ID card. The SE chips permanently soldered into the smartphone are already used for credit cards and are set to be used with the ID card in the future. The manufacturers' operating systems cannot access the protected environment of these chips which are managed by a security provider and are therefore particularly secure. The original document is retained as the central source of identity and is still needed in situations with high‑security requirements.
As consortium leader, Bundesdruckerei is currently involved in another BMWi-funded project and is currently in the competition phase: ‘ONCE – Simple online registration’. ONCE develops and implements application scenarios for secure digital identities in the areas of administration, mobility and the hospitality industry. The project focuses on how ID systems with different trust levels and technical architectures can be merged easily and transparently for the user.
With the right smartphone applications, e.g. Bundesdruckerei's eID smartphone app, certain data could now be transferred to an online service with the user’s consent in a simple and secure manner and entirely in compliance with data protection legislation without having to present the ID card again. This is an ID system based on a substantial level of trust. If, however, an online service requires a high level of security, the citizen would then be asked to use the online ID function with the ID card.
In addition to the ID card, other documents could be securely transferred to the smartphone in the future: for instance, the holder’s driving licence, health insurance card or monthly pass for public transport.
Using derived identities
But even now, all that’s needed to use the online ID function with a suitable app is a modern Android smartphone or an iPhone. However, our survey showed that 62 percent of those surveyed said that they were not aware of this development at all, while 32 percent did know about it. There are plans to introduce a new type of use next year. In 2021, the first smartphones are to be introduced that can be used as online ID cards. How do you think this will be received? There was no consensus among those surveyed: 35 percent would make use of this offer while 32 percent would not and 33 percent were not certain yet.
How identities are derived
Deriving the identity and using the online ID card on a smartphone is simple: If the app was downloaded to the smartphone from the App Store, the personal data stored on the document chip is read out by holding the ID document up to the smartphone.
After entering the PIN, the data – for instance, the holder’s first name, family name, address and date of birth – can be passed on for identification and authentication. In this case, the data is sent to Bundesdruckerei's so-called ID server which is authorized to read out the data. The server then passes the data to a personalization server which in turn sends it back to the user's smartphone where it is stored in the Secure Element. The entire process only takes a few seconds, is easy to operate – and highly secure.
Suggested reading for derived mobile identities
More information on the topic of derived mobile identities can be found in our magazine articles ‘Mobile identities – using your smartphone to take care of important matters’, ‘Digital identities and how they are evolving’ and ‘Digital identities: A key issue for our society’.
Integrating the online ID function pays off
The digital future has already begun – join in and integrate the online ID function into your services. Mobile identity applications are becoming increasingly easier to use, thus boosting acceptance and willingness to use them. Both providers and users benefit from the online ID function.
We, Bundesdruckerei, are the right partner when it comes to secure identities, data and infrastructures. As a government IT security company, we have been involved in the reliable identification of persons and institutions for more than 250 years, paving the way towards a secure digital future.
FAQs related to the German ID card with the online ID function
Authorization is granted by the Issuing Office for Authorization Certificates (VfB) which belongs to the Federal Office of Administration. Public authorities and companies can apply for the necessary certificates there themselves. Alternatively, you can use an Identification Service Provider to do this for you, or you can obtain the support of an eID service provider. This step-by-step guide contains useful information.
Many federal states offer their municipalities portal solutions and user accounts that can be used with the online ID function. Federal authorities can obtain the eID service for federal authorities directly from Kaufhaus des Bundes, the government purchasing authority.
Governikus GmbH & Co. KG has developed a Best Practice Guide for service providers on behalf of the German Federal Office for Information Security (BSI). It contains recommendations on the design, technology, dialogue structure and content of a website in which the online ID function is to be integrated. The guide is rounded off by suggestions for technical and legal information and for the design of a smartphone app.
A Software Development Kit (SDK) has been developed for this purpose that enables service providers to integrate the online ID function directly into their own app using AusweisApp2. It can be used, for instance, for registration or login without any media disruption. Service providers can use the online ID function in their own design without users having to leave their familiar environment.
When using the ID card with the online ID function, four security mechanisms are in place to reliably protect personal data:
- Possession and knowledge
Only those who are in possession of the ID card and know the PIN can use the online ID function. This so-called two-factor authentication is more secure than the common one-factor authentication method that uses usernames and passwords.
- Secure data transmission
The data is only transmitted when the ID card is held up to the smartphone, tablet or card reader – and after the PIN has been entered. This means that the data cannot be read unbeknownst to the card holder.
- Mutual identification
With the online ID function, both parties are always required to identify themselves. This allows the card holder to see exactly who the data is being sent to. The other party in the network must have a valid state-issued certificate to be able to retrieve the required data. This certificate can be displayed. The ID card holder must issue their consent before the data can be transmitted – and only the data actually required to use the online service.
- Data encryption
Only encrypted data is sent. End-to-end encryption protects the data against theft and abuse. Only those who are in possession of the ID card and know the PIN can use the online ID function.
Another security advantage is that with the help of the imported ID document, forms can be automatically completed with personal data. This saves time and reduces the risk of typing errors. For more information, please visit: ausweisident.de.
OPTIMOS 2.0 is a project sponsored by BMWi and headed by Bundesdruckerei. Smartphone manufacturers, mobile phone providers, a Fraunhofer Institute and the Federal Office for Information Security (BSI) are involved in this project.
If you want to prove on the Internet that you really are who you claim to be, you will need a digital identity. This is particularly important, for instance, when it comes to personal eGovernment services, opening Internet accounts or concluding online contracts. In order to be able to prove your identity digitally without any doubt, this identity must be verified. This is carried out using procedures like Postident and Videoident, but also with the help of the ID card with the online ID function. The provider can then securely link the user identity to an authentication process.