Glossary

Stands for "Advanced Electronic Signature" and is an extension of the normal electronic signature (e-signature) and offers greater security and validity. There are several types, such as CAdes (Compact) or XAdes (Extended). AdES signatures are particularly important in applications in which the electronic signature must be validated over a longer period of time.

API (application programming interface) means application programming interface. In computer science, APIs are used for the standardized and structured transfer of data between programs and program parts.

Associated Signature Containers (ASiC) spezifiziert die Verwendung von Container-Strukturen, um ein oder mehrere signierte Objekte mit den dazu gehörigen elektronischen Signaturen oder Zeitstempel-Token zu assoziieren.

The retention period is the period within which documents subject to retention must be archived in an orderly manner.

A document that is issued by a sovereign authority and contains information that enables authentication. It proves the identity of the document holder.

Die AusweisApp ist eine eID-Client-Implementierung, die durch den Bund beauftragt wird. Die AusweisApp steht neben der Ausprägung als „voller“ eID-Client auch in einer Ausprägung als SDK zur Verfügung. Auch die SDK-Schnittstellen werden entsprechend um die Möglichkeit der Nutzung der mobilen Identität erweitert.

Ein Authentifizierungsserver ist eine Anwendung, die Authentifizierungsmechanismen ausführt, um zu prüfen, ob eine Einheit das Recht hat, auf ein Netzwerk oder einen Dienst zuzugreifen.

Authentication provides proof (i.e. verification) of the authenticity of a person, document or device.

Proof of identity using knowledge (e.g. entering a code), possession (showing an ID card) or biometric features.

Access granted; in IT, for example, work can be carried out in a user account after authorization.

Operator Committee

The German Civil Code is the central codification of German general private law.

The Federal Ministry of the Interior and for Home Affairs and its divisions cover a broad spectrum of tasks and activities. These range from civil protection, integration and sports promotion to security tasks. The numerous fields of activity make it clear that domestic policy affects all areas of society.

The Federal Office for Information Security (BSI) is the federal government's cyber security authority and is responsible for shaping secure digitalization in Germany. The BSI is part of the Federal Ministry of the Interior and Home Affairs and is based in Bonn.

BundID offers you a central account for identification for all your online applications (e.g. with an online ID card). Once the individual accounts in the federal states have been discontinued, this will be the only service account.

Der Certificate Validation Server (CVS) ist ein Dienst, der in DATA Varuna enthalten ist. Dieser prüft die Gültigkeit und bestimmt das Niveau von elektronischen Zertifikaten. Der CVS wird von vielen Governikus Produkten angesprochen, um die Zertifikatsvalidierung (z.B. als Teil der Signaturvalidierung) auszulagern.

Diensteanbieter (Service Provider) bieten Dienstleistungen online für Nutzer:innen an. Diese Services können sowohl staatliche Leistungen wie ein Kindergeldantrag als auch privatwirtschaftliche Leistungen wie eine Onlinebestellung sein.

The German Institute for Standardization deals with international standardization. As a service, it develops innovative solutions through standardization in areas such as the digitalization of the economy or supports research projects.

DMS is the abbreviation for document management system and refers to a software solution that enables the automated and holistic management of documents and information.

The German Administrative Services Directory is a cross-disciplinary and cross-administrative infrastructure component for the secure and reliable addressing of automated services and specialized procedures for communication between and with public administration authorities in Germany.

The Digital Healthcare Act aims to ensure better healthcare through digitalization and innovation.

An electronic residence permit (eAT) is a document that has an electronic memory and a processing medium. With this card, a foreigner can prove his/her right of residence in the European Union. In appearance, this card is very similar to an identity card.

The eEB (electronic acknowledgement of receipt) is the electronic version of the acknowledgement of receipt in paper form, which is already known primarily in the legal profession. The eEB contains a data record in XML format, which may only be transmitted back to the court in a structured, machine-readable form.

eID is the abbreviation for electronic identification and describes a digital passport solution for proving the identity of citizens or an organization. It can be used to access services from public authorities, banks or other companies.

The eID client is the interface between the electronic means of identification, the service provider and the user. To integrate a mobile identity, it must be expanded to enable communication with an eID applet located on the SE of the mobile device.

The eID server handles secure communication with the eID client and the ID card chip and forwards read data to the service provider. It determines the authenticity and validity of the ID card, checks whether it has been blocked and transmits the results of the eID function.

Legal basis for electronic identification and trust services in the EU. The Digital Healthcare Act is intended to ensure better healthcare through digitalization and innovation.

Einer für Alle – Sprich, jedes Land sollte Leistungen so digitalisieren, dass andere Länder sie nachnutzen können und den Online-Prozess nicht nochmal selbst entwickeln müssen. Das spart Zeit, Ressourcen und Kosten. Der Grundgedanke hinter EfA ist also, dass Länder und Kommunen nicht jedes digitale Verwaltungsangebot eigenständig neu entwickeln, sondern sich abstimmen und die Arbeit aufteilen.

Das Elektronischen Gerichts- und Verwaltungspostfach ist eine elektronische Kommunikationsinfrastruktur, die sich vor allem durch eine starke Ende-zu-Ende-Verschlüsselung auszeichnet. Die in der Justiz etablierte Infrastruktur wurde bereits 2004 eingeführt und wird seither kontinuierlich ausgeweitet und weiterentwickelt.

A process that consists of all chronologically and logically sequential sub-processes that are necessary to fulfill a specific customer need.

This type of encryption prevents unauthorized reading or modification of data across all transmission stations. Only the communication partners are able to decrypt the message.

Act on the Promotion of Electronic Legal Transactions with the Courts.

The Electronic Legal Transactions Ordinance regulates how citizens, lawyers, authorities and other groups submit electronic documents to all civil, labor, administrative, financial and social courts of the federal states and the federal government, as well as to bailiffs, in accordance with a uniform technical framework.

Das Europäische Institut für Telekommunikationsnormen ist seit 1988 verantwortlich für die Entwicklung von Normen im Bereich Telekommunikation. Ziel ist es weltweite Standards für sämtliche Kommunikationstechnologien zu entwickeln. ETSI ist Inhaberin des Normierungsmandats M460, ausgestellt durch die Europäische Kommission, welches die Aufgabe mit sich bringt, die rechtlichen Vorgaben aus der eIDAS-Verordnung in technische Spezifikationen und Europäische Normen umzusetzen.

The European digital identity is intended for people and companies in the EU who want to identify themselves throughout the EU or prove certain personal information - online or offline for public or private services.

Electronic specialist procedures, also known as IT specialist procedures or specialist procedures for short, are information management tools that are used in administration - especially in public administration (for specific offices/services).

Free Hanseatic City of Bremen.

Central coordination and networking office for digitization projects in public administration in Germany. "Mutated into the digitization agency of the federal government."

The Act on the Promotion of Electronic Legal Transactions with the Courts is intended to reduce barriers to electronic communication with the judiciary by providing for authorities to open up a secure transmission channel for sending and receiving electronic documents to and from the judiciary.

The Money Laundering Act (GWG) is the law on the tracing of profits from serious crime.

Governikus MultiMessenger

A GUI, short for Graphical User Interface, is a computer program that allows a person to communicate with a computer using icons, visual metaphors and pointing devices. The GUI is the standard interface of today's computers. It replaces text interfaces, which can often only be used with commands that are difficult to remember, with a relatively intuitive system.

The Money Laundering Act is intended to ensure a comprehensive, sustainable and effective fight against money laundering and terrorist financing.

In cryptography and computer science, a hash tree or Merkle tree is a tree in which each leaf node is labeled with the hash of a data block and each non-leaf node is labeled with the cryptographic hash of the labels of its child nodes.

An ID system secures the entire identity value chain. This includes securely capturing and registering identity data, securely processing and sending it, producing and issuing identity documents and reliably verifying them.

The identity of a person or an object describes the totality of all the specific features that characterize it and distinguish it from all other individuals.

Identity providers are also called identity providers. These are systems that manage identity information for users and authenticate them to third parties. An identity provider confirms certain attributes of a user to a service provider.

Identity theft is the misuse of a person's personal data (identity) by third parties. The terms identity fraud or identity misuse are also commonly used.

Identity provider (IdP) means identity service provider. An IdP is the party that manages the primary authentication and identification data of users and issues assurances derived from this access data. The term "external service account" is often used as a synonym.

A token containing the call authorization credential identity that is required by the receiving server together with the client authentication token in order to accept the presented identity.

A service that links several identity providers with service providers as an intermediary. An identity broker forwards the attributes confirmed by the identity provider to the service provider.

Identification service provider

Integrity refers to ensuring the correctness (intactness) of data and the correct functioning of systems. When the term integrity is applied to "data", it means that the data is complete and unchanged.

Some of the data transmissions based on OSCI take place via intermediaries (virtual post offices) in the connection network in accordance with Section 3 IT-NetzG. When a message is transmitted in the EGVP, the message and the sender's data to be transmitted are sent to the intermediary responsible for the recipient. The intermediary stores the information until the recipient collects it (asynchronous communication) or forwards it directly to the recipient (synchronous communication).

The ability of different (information) technology systems or components to function together, in particular to exchange data.

Information security management system

International Organization for Standardization. This is an association of the national standards organizations of currently 163 countries, with each country having one member. This makes ISO the world's largest international standards organization.

The IT Planning Council is the political steering body of the federal, state and local governments for information technology and e-government.

The Coordination Office for IT Standards has the task of coordinating the development and operation of IT standards for data exchange in public administration.

Originally refers to the science of encrypting information. Today, it also deals with information security in general, i.e. the conception, definition and construction of information systems that are resistant to manipulation and unauthorized reading.

Steering Committee

Unter Langzeitaufbewahrung (LZA) versteht man die Erzeugung und den Erhalt von Beweiswerten kryptografischer Dokumente.

The so-called routing slip controls the processing of delivery orders during the transport of an OSCI message. It is created and updated by the intermediary. It logs the communication and also serves as a "receipt" for all communication parties. The routing slip can be retrieved by the intermediary at any time.

The service catalog (LeiKa) is the first uniform, complete and comprehensive directory of administrative services across all administrative levels in Germany. This code list contains the key and the names of the LeiKa services.

Das National Once-Only Technical System liefert die technische Grundlage für die Modernisierung von Verwaltungsprozessen und ist wesentlicher Bestandteil der Registermodernisierung. Es soll sicherstellen, dass auf der einen Seite Bürger:innen Nachweise nur einmal einreichen müssen und Behörden auf der anderen Seite Daten leicht aus Verwaltungsregistern abrufen können.

User accounts are used in particular as proof of identity. They ensure the secure authentication of persons who use digital administrative services for themselves or on behalf of an organization. They function in a similar way to customer accounts in online stores. A user account can be created on an administration portal and used for digital identification with an authority. There are different user accounts for citizens and companies.

Standardized framework for electronic signatures that provides a method to manage and validate eSignatures and timestamps across a variety of applications and platforms.

Optical Character Recognition is a software program. It automatically recognizes text on images and scanned documents, which can be in various formats such as PDF, PNG or JPEG. The software identifies the letters displayed on them and puts them together to form words. This turns the image into an editable and searchable file.

The Online Certificate Status Protocol (OCSP) is a network protocol that enables clients to query the status of X.509 certificates from a validation service. It is described in RFC 6960 and is an Internet standard.

OpenPGP is a standardized data format for encrypted and digitally signed data. It also defines the format of certificates, which are commonly referred to as "keys".

Online Access Act. The Act to Improve Online Access to Administrative Services therefore obliges the federal government, federal states and local authorities to offer their administrative services digitally via administrative portals by the end of 2022.

Identity card

In Germany, the ID Card Act regulates the obligation to have an ID card and the content of ID cards, their period of validity, the keeping of ID card registers and the use of ID card data.

Peppol ist ein offenes Netzwerk, das allen registrierten Partnern erlaubt, über eine einzige Verbindung elektronische Dokumente im Zusammenhang mit elektronischen Beschaffungsprozessen (E-Procurement) auszutauschen. Die weltweite Governance des Peppol-Netzwerks erfolgt über die Non-Profit Organisation OpenPeppol (AISBL nach belgischem Recht).

The Personal Identification Number is a numerical code known only to one or a few people, with which they can authenticate themselves to a machine. A PIN can only be used to check whether the user knows the code, but not whether they are authorized to use it.

In information and communication technology, power users are users who have special knowledge and skills compared to average users and/or who make particularly heavy use of the systems.

Der Public Key ist der öffentliche Teil eines asymmetrischen Paares von kryptografischen Schlüsseln. Dieser wird für die Überprüfung digitaler Signaturen oder zur Verschlüsselung von Daten verwendet. Der Public Key liegt meist als Teil eines Zertifikats vor.

Die qualifizierte elektronische Signatur ist das durch die eIDAS-Verordnung (910/2014) definierte Niveau elektronischer Signaturen, welches die größte Rechtswirkung mit sich bringt. Diese hat die gleiche Rechtswirkung wie eine handschriftliche Unterschrift. Ferner ist sie nach §126a BGB dazu geeignet, die Schriftformerfordernis zu erfüllen.

Stands for "Quick Response" and describes a method for making information machine-readable. The internationally recognized square code can be used to scan information, for example using a smartphone.

Qualified Signature Creation Device (QSCD) ist ein sicheres Hardwaregerät, das für die Erstellung von Signaturen und Siegel ausgerichtet ist. In Abgrenzung zu anderen Geräten analogen Zwecks werden QSCDs durch offizielle Stellen kontrolliert und bestätigt, dass sie den höchsten Sicherheitsanforderungen genügen. Beispiele von QSCDs sind von qualifizierten Vertrauensdiensteanbietern ausgestellte qualifizierte Signatur- oder Siegelkarten.

Das 2021 in Kraft getretene Registermodernisierungsgesetz (kurz RegMoG) soll es Bürger:innen und Unternehmen durch leistungsfähige Register ermöglichen, Daten nur einmalig bei der Behörde angeben zu müssen. Und andersherum sollen auch die Behörden problemlos auf einmal erfasste Angaben zurückgreifen können. Kurz: die Umsetzung des Once-Only-Prinzips. Die technische Grundlage für die Realisierung der Registermodernisierung bildet das Nationale Once-Only-Technical-System (NOOTS).

REST API has become the most versatile and useful web service API over the years. Due to its flexibility, simplicity and compatibility, it is suitable for working with different types of data and is linked to the most popular apps.

Software as a service is a license and sales model in which software applications are offered via the Internet, i.e. as a service. Use is usually on a subscription basis.

The SAFE (Secure Access to Federated E-Justice / E-Government) application is an eID and addressing service under the leadership of the state of Baden-Württemberg, for which the Conference of Ministers of Justice is technically responsible. The SAFE concept has been implemented several times and has proven itself in practice many times over.

Security Assertion Markup Language; An XML framework for exchanging authentication and authorization information. It provides functions for describing and transferring security-related information.

A software development kit is a collection of programming tools and program libraries used to develop software. It supports software developers in creating applications based on them. There is usually a software development kit for every programming language, but for interpreted languages this can be identical to the runtime environment.

A service provider (SP) is an entity that relies on the authenticators and credentials of users or the assurance of a user's identity by an identity provider, typically to process a transaction or grant access to information or a system.

A secure identity means that the identity cannot be manipulated or falsified and used for improper purposes. It guarantees complete consistency that a person is actually who they say they are. The identities of objects or processes can also be secured accordingly.

Electronic seals are data linked to electronic information that can be used to verify the authenticity and integrity of the sealed electronic information. In contrast to electronic signatures, electronic seals are applied by authorities and companies, for example.

Unter einer elektronischen Signatur versteht man mit elektronischen Informationen verknüpfte Daten, mit denen man den Unterzeichner bzw. Signaturersteller identifizieren und die Integrität der signierten elektronischen Informationen prüfen kann. Es gibt drei verschiedene Signaturniveaus (qualifiziert, fortgeschritten und einfach). In der Regel handelt es sich bei den elektronischen Informationen um elektronische Dokumente. Die elektronische Signatur erfüllt somit technisch gesehen den gleichen Zweck wie eine eigenhändige Unterschrift auf Papierdokumenten. Elektronische Signaturen sind nur natürlichen Personen zugeordnet, während für Behörden und Unternehmen elektronische Siegel zur Verfügung stehen.

SOAP (Simple Object Access Protocol) is a network protocol that can be used to exchange data between systems and make remote procedure calls. SOAP is an industrial standard of the World Wide Web Consortium (W3C).

"The basis for the digital wallet." The term self-sovereign identity is also translated as self-determined digital identity. It is the basic prerequisite for modern eGovernment and the future of ID cards, Post-Ident procedures and dealing with authorities. To make this possible, the SSI approach in the highest expansion stage (ambition level 3) pursues a decentralized strategy based on blockchain: users are given full access to their personal digital identity, which they can manage independently. They are not dependent on a central identity service provider

Technical Committee

The Telecommunications Act (TKG) regulates competition in the telecommunications sector. Telecommunications refers to the transmission of information of any kind (spoken and written texts, images and films) using technical devices, in particular (mobile) telephones.

The telematics infrastructure is intended to connect all those involved in the healthcare system, such as doctors, dentists, psychotherapists, hospitals, pharmacies and health insurance companies, as part of the digital healthcare application. Medical information required for the treatment of patients should thus be available more quickly and easily.

BSI TR-03138: Replacement scanning (RESISCAN)

Die Validierung im Kontext sicherer Daten bezeichnet das Prüfen signierter/gesiegelter Dokumente oder von Zertifikaten. Hierbei werden die aufgebrachten Signaturen bzw. Siegel auf ihre Gültigkeit geprüft sowie ihr rechtliches Niveau (qualifiziert, fortgeschritten, einfach) bestimmt. Eine erfolgreiche Prüfung stellt die Authentizität und Integrität der signierten Objekte sicher.

The German Trust Services Act supplements the eIDAS Regulation. It defines the cooperation obligations of providers who provide trust services (such as the creation, verification and validation of electronic signatures) and determines the responsible national supervisory authority in this context.

Confirmation by means of evidence that an assertion meets certain requirements and that the facts to be verified are therefore true.

The aim of encryption is to subject data to a mathematical transformation in such a way that it is impossible for an unauthorized person to reconstruct the original data from the transformed, encrypted data. However, in order for the encrypted data to remain usable for its legitimate user, it must be possible to generate the original data from it again by applying an inverse transformation.

The security or trust level indicates the degree of trustworthiness that a digital administrative service requires. The more confidential the data is, the better it should be protected.

1. Basic registration: user name and password
2. Substantial: ELSTER certificate
3. High: Online ID card function

The trustworthy proof of origin identifies messages that were sent from a special mailbox (beBPo, beA, beN, EGVP mailbox, beST, eBO, etc.) and this mailbox is managed in a secure directory service and the mailbox owner is logged in to the mailbox when the message is created.

VideoIdent is a remote identification procedure that is carried out via an online video chat. The VideoIdent procedure is used by banks to open an account, by mobile phone providers before issuing a SIM card, etc. In contrast to a visual check with a physical presence, the visual check in the VideoIdent procedure takes place via the live video image. The verifier guides the person to be identified through the identification process.

The Administrative Procedure Act regulates everything that the administration does and how it may do it. It contains general procedural principles that apply to all authorities. § Section 3a à A written form prescribed by law can be replaced by electronic form unless otherwise stipulated by law (previously only "replacing written form" vis-à-vis public authorities).

XML (Extensible Markup Language) is a text-based file format in which structured data can be read by both humans and machines.

XÖV standards (XML in public administration) are standardization frameworks and specifications for communication in public administration - between administrations as well as between administrations and customers.

XTA2 is a standardized transport interface for specialist and transport procedures.

Method of authentication based on two independent components. With this method, the owner of a digital identity usually authenticates themselves via a combination of knowledge and possession. A typical example is authentication at an ATM using the bank card (possession) and the individual PIN (knowledge).