Even or especially on the Internet, personal data must be protected against identity theft and misuse. That's why security and data protection are top priorities when using the eID function. In the following, we explain which security mechanisms protect your data and ensure that the eID function is considered one of the most secure systems in the world.
1) Principle of possession and knowledge or 2-factor authentication
Only someone who owns your ID document and knows the associated PIN can authorize your data for transmission to a provider. This combination of two factors - possession and knowledge - for using the eID function securely protects your data from misuse.
2) Mutual proof of identity
Many authentication procedures only verify the identity of the user, but the eID function takes this a step further: it is based on the principle of mutual authentication. This means that the user confirms his or her identity by possessing the ID document and entering the PIN, and the provider identifies himself or herself by means of a so-called authorization certificate.
This authorization certificate is displayed in AusweisApp2 and shows to whom your data is to be transmitted. It is a government certificate that must be officially requested from the Federal Office of Administration. This certificate is checked by the ID card with every new request, so you always know that your data is being transmitted to a secure party.
3) Confirmation of the data transfer
AusweisApp2 also shows you exactly what data the provider wants to read from your ID card. Before this data can be transmitted, you must explicitly agree to the readout process by entering your PIN. This means that your data cannot be read out without your knowledge. This also protects you if your ID card is lost or stolen.
4) Encrypted data exchange
Data is always transmitted using end-to-end encryption so that no third party can read your personal data. In addition, before the data is transmitted, the authenticity and validity of the ID card are checked. Furthermore, it is ensured that the ID is not on a blacklist because the document has been reported as stolen, for example.
Aside from the protection of the eID function through the four security mechanisms mentioned above, there is another security hurdle that additionally contributes to the protection of your data. A certified test center of the German Federal Office for Information Security (BSI) regularly tests AusweisApp2 for its conformity with the applicable technical guidelines. If our software passes these tests, the BSI issues a security certificate. You can find the current certificate of AusweisApp2 here.