Navigation and service

BSI - Federal Office for Information Security (Link to homepage)

Using the eID function securely

Your identity card and the associated eID function provides proof of your real identity in the digital world. You can use the eID function to identify yourself securely on the internet or at machines. This makes it easy to deal with official administrative services or business matters electronically.

What you need for eID

To use the eID function, you need:

  • Your identity card with the eID function activated. If you have deactivated this function, you can get it activated at the Citizens' Office.
  • Your six-digit PIN. You can find the steps required to change the five-digit transport PIN sent to you by post on the identity card portal.
  • A contactless USB card reader or an NFC-enabled smartphone/tablet. The AusweisApp portal provides an overview of card readers and an overview of smartphones/tablets.
  • Suitable ID card software that establishes the secure connection between the ID card, online service and your computer or smartphone. You can download the AusweisApp2 from the AusweisApp Portal, which is made publicly available for free by the German government.

In addition, the online service you are going to use must be compatible with eID:

Die Graphik zeigt das Logo der Online-Ausweisfunktion. Das Logo besteht aus einen grünen und einem blauen Halbkreis, die einander gegenüberstehen.

If you see the adjacent logo on online services, it means that you can identify yourself digitally on that service using the eID function. You can find an overview of compatible online services on the identity card portal.

How eID works

  1. You access the desired online service via your web browser and start the identification process. This should redirect you to the suitable ID card software installed on your system. At this stage you can see who you are sending your data to and what data your counterpart wants to request. Please note that you need to open the ID card software on Windows and MacOS operating systems before accessing the online service!
  2. You then connect your ID card to the card reader or to your smartphone/tablet.
  3. You confirm the data query by entering your PIN.
  4. The chip then checks the state authorisation of the service provider for the eID card function. This ensures that your data is only transmitted to an authorised service provider. The service provider then checks that your ID card is valid and not blocked.
  5. Your selected data is then securely transmitted from the chip of the ID card to the service provider using end-to-end encryption. This prevents unauthorised reading or changes being made to the data.
  6. After the data transfer, please remember to remove your ID card from the card reader or smartphone/tablet.

Effective protection of your data

The following four security mechanisms provide reliable protection to your personal data.

The combination of possession and knowledge

Only people who are in possession of your ID card and know your six-digit PIN (knowledge factor) can use the eID card function. This two-factor authentication (combination of possession and knowledge) is significantly more secure than widely used one-factor methods that simply use a username and password, for example.

Requirements for data transmission

The ID card must be connected to the card reader or smartphone/tablet and the correct PIN must be entered. Only then can data from your ID card be transmitted. This means that your data cannot be read without you realising and is protected even if your ID card is lost or stolen.

Mutual identification

The eID function always requires that both parties identify themselves. This means you can always see exactly who your data is going to be transmitted to. Your counterpart must have a valid state certificate for querying the data. You can view this certificate for extra peace of mind. If you agree with the data transmission, you confirm you agree to it by entering your PIN. This mutual identification establishes trust and improves your security in the digital world.

Encryption

Your data is always transmitted in encrypted form. This end-to-end encryption protects your data from theft and misuse.

Security objectives

Electronic ID documents need to protect the personal data they contain from unauthorised access (data protection). In addition, it is also critical that the ID document is issued by a state institution (authenticity). Lastly, it must be possible to easily detect any forged data in an electronic ID document (protection against forgery).

TheBSI provides information on the security protocols and mechanisms used to achieve these security objectives under security mechanisms in electronic identity.

More Information

Back to Digital administration (online) ID cards & De-Mail

Additional questions and answers on the security of the eID function