Download (PDF, 589 KB, Datei ist nicht barrierefrei
Download (PDF, 589 KB, Datei ist nicht barrierefrei
Download (PDF, 589 KB, Datei ist nicht barrierefrei
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
InFrAstruCturEs<br />
at the German border for their authenticity and integrity,<br />
the various nations must exchange their root certificates in a<br />
secure manner. this is achieved either via diplomatic pouches<br />
or via the ICAo Public Key Directory (ICAo-PKD).<br />
4.4.2 Country Verifying Certificate Authority (CVCA)<br />
the BsI also operates the Country Verifying Certificate<br />
Authority (CVCA). this authority generates the German root<br />
certificates on a regular basis; the private keys of these certificates<br />
are used to sign the document verifier certificate of<br />
the document verifier instances (DV instances).<br />
the DV instances are responsible for issuing the certificates<br />
authorizing the reading of electronic identity documents,<br />
and also define the individual read rights, i.e. what information<br />
can be read from the identity documents. this authorization<br />
is verified by the rF chip of the electronic identity<br />
document on reading during terminal Authentication.<br />
CVCA Public Key Infrastructure<br />
for citizen applications of the new identity card<br />
CVCA<br />
“ePass”<br />
CVCA<br />
DV(s)<br />
CVCA<br />
“ePass”<br />
“ePass”<br />
“ePass”<br />
CVCA<br />
Inspection<br />
CVCA<br />
“ePass”<br />
“ePass”<br />
authorities<br />
BSI<br />
VfB<br />
CVCA - Country Verifying Certificate Authority<br />
DV - Document Verifier<br />
VfB - Issuing Unit for Terminal certificates<br />
CVCA<br />
CVCA<br />
BerCa(s) “ePass”<br />
“ePass”<br />
CVCA<br />
Service<br />
CVCA<br />
“ePass”<br />
“ePass”<br />
providers<br />
CVCA<br />
“eID”<br />
DV<br />
“eID”<br />
Identity CVCA<br />
CVCA<br />
“ePass” card “ePass”<br />
authority<br />
CVCA<br />
“eSign”<br />
DV<br />
“QES”<br />
Verified CVCA<br />
CVCA<br />
signature “ePass”<br />
“ePass”<br />
terminal<br />
BerCA - Certification Authority for eID service providers<br />
QES - Qualified Electronic Signature<br />
CVCA Public Key Infrastructure<br />
in international context<br />
Country A Country B<br />
InFrAstruCturEs<br />
Authorization certificates are issued solely to control<br />
authorities (e.g. Federal Police) and reg<strong>ist</strong>ry offices (to enable<br />
citizens to check the correctness of data) . these certificates<br />
are also required to read fingerprints.<br />
the diagram “CVCA Public Key Infrastructure for citizen<br />
applications of the new identity card” illustrates the<br />
spectrum of variants of national authorization certificates<br />
for the new identity card. In addition to applications for<br />
sovereign purposes, and for electronic identification, the<br />
CVCA also supports the qualified electronic signature.<br />
the new identity card also requires that authorization<br />
certificates be issued for the control authorities of other<br />
nations that are empowered to access the sovereign functions<br />
of the new identity card. this authorization is issued<br />
separately for each nation.<br />
16 17<br />
Terminal<br />
Terminal<br />
Terminal<br />
CVCA CVCA<br />
DV DV DV DV<br />
Terminal<br />
Terminal<br />
Terminal<br />
Terminal<br />
Terminal<br />
Terminal<br />
Terminal<br />
Terminal<br />
Terminal
Change language