Security mechanisms in electronic ID documents
Country Verifying Certificate Authority (CVCA)
The Country Verifying Certificate Authority (CVCA) is operated by the Federal Office for Information Security (BSI). The German root certificates are regularly issued here, their private keys being used to sign the Document Verifier Certificates (certificates for document verification) of the DV authorities (document verifier authorities).
The DV authorities are responsible for issuing authorization certificates for reading electronic ID documents. These specify also the individual read permissions, i.e. which information is allowed to be read from the ID documents. This permission is checked by terminal authentication when reading of an RF chip of the electronic ID document occurs.
Only control authorities (e.g. Federal Police) and registration authorities (for the control of data accuracy by the citizens) will obtain authorization certificates for the electronic passport. These are needed for reading the fingerprints.
There are different variations of authorization certificates for the electronic ID card. First, one for the official function, which is available only to the control and registration offices. Second, another certificate for the eID function in e-Government (electronic government) services and eBusiness (electronic business, e.g. online shopping). More about these possibilities under electronic ID card.Furthermore, for both electronic ID documents certificates must be issued for the control authorities of other nations , which have the right to access the fingerprints in the electronic passport or the official function of the electronic ID card. This legitimacy is granted separately for each nation.
With regard to all authorization certificates, read permissions are only issued for the essentially required data.. For example, the operator of a forum for persons above the age of 18 only has access to the date of birth (respectively only to the age verification function, see electronic ID card), since there is no need for him to access further data such as the place of residence.