Glossary

Stands for "Advanced Electronic Signature" and is an extension of the normal electronic signature (e-signature) and offers greater security and validity. There are several types, such as CAdes (Compact) or XAdes (Extended). AdES signatures are particularly important in applications in which the electronic signature must be validated over a longer period of time.

API (application programming interface) means application programming interface. In computer science, APIs are used for the standardized and structured transfer of data between programs and program parts.

Associated Signature Containers (ASiC) specifies the use of container structures to associate one or more signed objects with the associated electronic signatures or timestamp tokens.

The retention period is the period within which documents subject to retention must be archived in an orderly manner.

A document that is issued by a sovereign authority and contains information that enables authentication. It proves the identity of the document holder.

AusweisApp is an eID client implementation that is commissioned by the (German) Federal Government . In addition to the "full" eID client version, AusweisApp is also available as an SDK version. The SDK interfaces are also extended accordingly to include the option of using mobile identity.

An authentication server is an application that executes authentication mechanisms to check whether an entity has the right to access a network or service.

The authentication provides proof (i.e. verification) of the authenticity (authenticity) of a person, document or device.

Proof of identity using knowledge (e.g. entering a code), possession (showing an ID card) or biometric features.

Access granted; in IT, for example, work can be carried out in a user account after authorization.

Operator Committee

The German Civil Code is the central codification of German general private law.

The Federal Ministry of the Interior and for Home Affairs and its divisions cover a broad spectrum of tasks and activities. These range from civil protection, integration and sports promotion to security tasks. The numerous fields of activity make it clear that domestic policy affects all areas of society.

The Federal Office for Information Security (BSI) is the federal government's cyber security authority and is responsible for shaping secure digitalization in Germany. The BSI is part of the Federal Ministry of the Interior and Home Affairs and is based in Bonn.

BundID offers you a central account for identification for all your online applications (e.g. with an online ID card). Once the individual accounts in the federal states have been discontinued, this will be the only service account.

The beBPo (special public authority mailbox) is a secure transmission channel for electronic communication between "public authorities" and courts. Since January 1, 2018, authorities have been obliged under the FördEIRV to open a secure transmission channel for the delivery of electronic documents. In addition to public authorities, "public authorities" within the meaning of the Act on the Promotion of Electronic Legal Transactions also includes, for example, corporations and institutions under public law. Examples include savings banks, associations of statutory health insurance physicians, employers' liability insurance associations, etc.

The Certificate Validation Server (CVS) is a service that is included in DATA Varuna. It checks the validity and determines the level of electronic certificates. The CVS is addressed by many Governikus products in order to outsource certificate validation (e.g. as part of signature validation).

Service providers offer services online for users. These services can be both state services such as applying for child benefit and private services such as online ordering.

Also known as electronic identities, these are all processes in which people, objects and processes authenticate themselves online using certain attributes in order to prove their own identity. A digital identity can be clearly assigned to a person, object or process.

The German Institute for Standardization deals with international standardization. As a service, it develops innovative solutions through standardization in areas such as the digitalization of the economy or supports research projects.

DMS is the abbreviation for document management system and refers to a software solution that enables the automated and holistic management of documents and information.

The German Administrative Services Directory is a cross-disciplinary and cross-administrative infrastructure component for the secure and reliable addressing of automated services and specialized procedures for communication between and with public administration authorities in Germany.

The Digital Healthcare Act aims to ensure better healthcare through digitalization and innovation.

An electronic residence permit (eAT) is a document that has an electronic memory and a processing medium. With this card, a foreigner can prove his/her right of residence in the European Union. In appearance, this card is very similar to an identity card.

The electronic citizen and organization mailbox is an extension of the EGVP infrastructure to include another special electronic mailbox as a secure transmission channel for citizens and organizations. This secure transmission channel makes it possible to send messages and documents in electronic legal transactions without using the written form.

The eEB (electronic acknowledgement of receipt) is the electronic version of the acknowledgement of receipt in paper form, which is already known primarily in the legal profession. The eEB contains a data record in XML format, which may only be transmitted back to the court in a structured, machine-readable form.

eID is the abbreviation for electronic identification and describes a digital passport solution for proving the identity of citizens or an organization. It can be used to access services from public authorities, banks or other companies.

The eID client is the interface between the electronic means of identification, the service provider and the user. To integrate a mobile identity, it must be expanded to enable communication with an eID applet located on the SE of the mobile device.

The eID server handles secure communication with the eID client and the ID card chip and forwards read data to the service provider. It determines the authenticity and validity of the ID card, checks whether it has been blocked and transmits the results of the eID function.

Legal basis for electronic identification and trust services in the EU. The Digital Healthcare Act is intended to ensure better healthcare through digitalization and innovation.

One for all - In other words, each country should digitize services in such a way that other countries can use them and do not have to develop the online process themselves. This saves time, resources and costs. The basic idea behind EfA is therefore that the federal states and local authorities do not develop each new digital administrative service independently, but instead coordinate and share the work.

The electronic court and administrative mailbox is an electronic communication infrastructure that is characterized above all by strong end-to-end encryption. The infrastructure established in the justice system was introduced back in 2004 and has been continuously expanded and further developed since then.

A process that consists of all chronologically and logically sequential sub-processes that are necessary to fulfill a specific customer need.

This type of encryption prevents unauthorized reading or modification of data across all transmission stations. Only the communication partners are able to decrypt the message.

Act on the Promotion of Electronic Legal Transactions with the Courts.

The Electronic Legal Transactions Ordinance regulates how citizens, lawyers, authorities and other groups submit electronic documents to all civil, labor, administrative, financial and social courts of the federal states and the federal government, as well as to bailiffs, in accordance with a uniform technical framework.

The European Telecommunications Standards Institute has been responsible for the development of standards in the field of telecommunications since 1988. Its aim is to develop global standards for all communication technologies. ETSI holds the standardization mandate M460, issued by the European Commission, which entails the task of translating the legal requirements of the eIDAS Regulation into technical specifications and European standards.

The European digital identity is intended for people and companies in the EU who want to identify themselves throughout the EU or prove certain personal information - online or offline for public or private services.

Electronic specialist procedures, also known as IT specialist procedures or specialist procedures for short, are information management tools that are used in administration - especially in public administration (for specific offices/services).

Free Hanseatic City of Bremen.

Central coordination and networking office for digitization projects in public administration in Germany. "Mutated into the digitization agency of the federal government."

The Act on the Promotion of Electronic Legal Transactions with the Courts is intended to reduce barriers to electronic communication with the judiciary by providing for authorities to open up a secure transmission channel for sending and receiving electronic documents to and from the judiciary.

The Money Laundering Act (GWG) is the law on the tracing of profits from serious crime.

Governikus MultiMessenger

A GUI, short for Graphical User Interface, is a computer program that allows a person to communicate with a computer using icons, visual metaphors and pointing devices. The GUI is the standard interface of today's computers. It replaces text interfaces, which can often only be used with commands that are difficult to remember, with a relatively intuitive system.

The Money Laundering Act is intended to ensure a comprehensive, sustainable and effective fight against money laundering and terrorist financing.

In cryptography and computer science, a hash tree or Merkle tree is a tree in which each leaf node is labeled with the hash of a data block and each non-leaf node is labeled with the cryptographic hash of the labels of its child nodes.

An ID system secures the entire identity value chain. This includes securely capturing and registering identity data, securely processing and sending it, producing and issuing identity documents and reliably verifying them.

The identity of a person or an object describes the totality of all the specific features that characterize it and distinguish it from all other individuals.

Identity providers are also called identity providers. These are systems that manage identity information for users and authenticate them to third parties. An identity provider confirms certain attributes of a user to a service provider.

Identity theft is the misuse of a person's personal data (identity) by third parties. The terms identity fraud or identity misuse are also commonly used.

Identity provider (IdP) means identity service provider. An IdP is the party that manages the primary authentication and identification data of users and issues assurances derived from this access data. The term "external service account" is often used as a synonym.

A token containing the call authorization credential identity that is required by the receiving server together with the client authentication token in order to accept the presented identity.

A service that links several identity providers with service providers as an intermediary. An identity broker forwards the attributes confirmed by the identity provider to the service provider.

Identification service provider

Integrity refers to ensuring the correctness (intactness) of data and the correct functioning of systems. When the term integrity is applied to "data", it means that the data is complete and unchanged.

Some of the data transmissions based on OSCI take place via intermediaries (virtual post offices) in the connection network in accordance with Section 3 IT-NetzG. When a message is transmitted in the EGVP, the message and the sender's data to be transmitted are sent to the intermediary responsible for the recipient. The intermediary stores the information until the recipient collects it (asynchronous communication) or forwards it directly to the recipient (synchronous communication).

The ability of different (information) technology systems or components to function together, in particular to exchange data.

Information security management system

International Organization for Standardization. This is an association of the national standards organizations of currently 163 countries, with each country having one member. This makes ISO the world's largest international standards organization.

The IT-Planungsrat is the political steering body of the federal, state and local governments for information technology and e-government.

The Coordination Office for IT Standards has the task of coordinating the development and operation of IT standards for data exchange in public administration.

Originally refers to the science of encrypting information. Today, it also deals with information security in general, i.e. the conception, definition and construction of information systems that are resistant to manipulation and unauthorized reading.

Steering Committee

Long-term retention (LTA) refers to the generation and preservation of evidence values of cryptographic documents.

The so-called routing slip controls the processing of delivery orders during the transport of an OSCI message. It is created and updated by the intermediary. It logs the communication and also serves as a "receipt" for all communication parties. The routing slip can be retrieved by the intermediary at any time.

The service catalog (LeiKa) is the first uniform, complete and comprehensive directory of administrative services across all administrative levels in Germany. This code list contains the key and the names of the LeiKa services.

The National Once-Only Technical System provides the technical basis for the modernization of administrative processes and is a key component of register modernization. It is intended to ensure that, on the one hand, citizens only have to submit evidence once and, on the other hand, authorities can easily retrieve data from administrative registers.

User accounts are used in particular as proof of identity. They ensure the secure authentication of people who use digital administrative services for themselves or on behalf of an organization. They function in a similar way to customer accounts in online stores. A user account can be created on an administration portal and used for digital identification with an authority. There are different user accounts for citizens and companies.

Standardized framework for electronic signatures that provides a method to manage and validate eSignatures and timestamps across a variety of applications and platforms.

Optical Character Recognition is a software program. It automatically recognizes text on images and scanned documents, which can be in various formats such as PDF, PNG or JPEG. The software identifies the letters displayed on them and puts them together to form words. This turns the image into an editable and searchable file.

The Online Certificate Status Protocol (OCSP) is a network protocol that enables clients to query the status of X.509 certificates from a validation service. It is described in RFC 6960 and is an Internet standard.

OpenPGP is a standardized data format for encrypted and digitally signed data. It also defines the format of certificates, which are commonly referred to as "keys".

Online Services Computer Interface. The technical protocol standard for the secure electronic exchange of messages via the Internet and other public administration networks with particularly high security requirements Developed as an open standard since 2001 and continuously updated, around two billion messages are now transmitted every year in accordance with OSCI. The specific uses are very numerous and varied. They range from use in reporting to the judiciary to the registration of hazardous goods transports in waste management.

Online Access Act. The Act to Improve Online Access to Administrative Services therefore obliges the (German) Federal Government, federal states and municipalities to offer their administrative services digitally via administrative portals by the end of 2022.

Identity card

In Germany, the ID Card Act regulates the obligation to have an ID card and the content of ID cards, their period of validity, the keeping of ID card registers and the use of ID card data.

Peppol is an open network that allows all registered partners to exchange electronic documents related to electronic procurement processes (e-procurement) via a single connection. The global governance of the Peppol network is carried out by the non-profit organization OpenPeppol (AISBL under Belgian law).

The Personal Identification Number is a numerical code known only to one or a few people, with which they can authenticate themselves to a machine. A PIN can only be used to check whether the user knows the code, but not whether they are authorized to use it.

In information and communication technology, power users are users who have special knowledge and skills compared to average users and/or who make particularly heavy use of the systems.

The public key is the public part of an asymmetric pair of cryptographic keys. It is used to verify digital signatures or to encrypt data. The public key is usually part of a certificate.

The qualified electronic signature is the level of electronic signatures defined by the eIDAS Regulation (910/2014) that has the greatest legal effect. It has the same legal effect as a handwritten signature. It is also suitable for fulfilling the written form requirement in accordance with Section 126a BGB.

Stands for "Quick Response" and describes a method for making information machine-readable. The internationally recognized square code can be used to scan information, for example using a smartphone.

Qualified Signature Creation Device (QSCD) is a secure hardware device designed for the creation of signatures and seals. In contrast to other analog devices, QSCDs are controlled and confirmed by official bodies to meet the highest security requirements. Examples of QSCDs are qualified signature or seal cards issued by qualified trust service providers.

The Register Modernization Act (RegMoG for short), which came into force in 2021, is intended to enable citizens and companies to only have to provide data to the authorities once thanks to efficient registers. And vice versa, the authorities should also be able to easily access data that has been recorded once. In short: the implementation of the once-only principle. The technical basis for the implementation of register modernization is the National Once-Only-Technical-System (NOOTS).

REST API has become the most versatile and useful web service API over the years. Due to its flexibility, simplicity and compatibility, it is suitable for working with different types of data and is linked to the most popular apps.

Software as a service is a license and sales model in which software applications are offered via the Internet, i.e. as a service. Use is usually on a subscription basis.

The SAFE (Secure Access to Federated E-Justice / E-Government) application is an eID and addressing service under the leadership of the state of Baden-Württemberg, for which the Conference of Ministers of Justice is technically responsible. The SAFE concept has been implemented several times and has proven itself in practice many times over.

Security Assertion Markup Language; An XML framework for exchanging authentication and authorization information. It provides functions for describing and transferring security-related information.

A software development kit is a collection of programming tools and program libraries used to develop software. It supports software developers in creating applications based on them. There is usually a software development kit for every programming language, but for interpreted languages this can be identical to the runtime environment.

A service provider (SP) is an entity that relies on the authenticators and credentials of users or the assurance of a user's identity by an identity provider, typically to process a transaction or grant access to information or a system.

A secure identity means that the identity cannot be manipulated or falsified and used for improper purposes. It guarantees complete consistency that a person is actually who they say they are. The identities of objects or processes can also be secured accordingly.

Electronic seals are data linked to electronic information that can be used to check the authenticity and the integrity of the sealed electronic information. In contrast to electronic signatures, electronic seals are applied by authorities and companies, for example.

An electronic signature is data linked to electronic information that can be used to identify the signatory or signature creator and verify the integrity of the signed electronic information. There are three different signature levels (qualified, advanced and simple). As a rule, the electronic information is electronic documents. The electronic signature therefore technically fulfills the same purpose as a handwritten signature on paper documents. Electronic signatures are only assigned to natural persons, while electronic seals are available for public authorities and companies.

SOAP (Simple Object Access Protocol) is a network protocol that can be used to exchange data between systems and make remote procedure calls. SOAP is an industrial standard of the World Wide Web Consortium (W3C).

"The basis for the digital wallet." The term self-sovereign identity is also translated as self-determined digital identity. It is the basic prerequisite for modern eGovernment and the future of ID cards, Post-Ident procedures and dealing with authorities. To make this possible, the SSI approach in the highest expansion stage (ambition level 3) pursues a decentralized strategy based on blockchain: users are given full access to their personal digital identity, which they can manage independently. They are not dependent on a central identity service provider

Technical Committee

The Telecommunications Act (TKG) regulates competition in the telecommunications sector. Telecommunications refers to the transmission of information of any kind (spoken and written texts, images and films) using technical devices, in particular (mobile) telephones.

The telematics infrastructure is intended to connect all those involved in the healthcare system, such as doctors, dentists, psychotherapists, hospitals, pharmacies and health insurance companies, as part of the digital healthcare application. Medical information required for the treatment of patients should thus be available more quickly and easily.

BSI TR-03138: Replacement scanning (RESISCAN)

Validation in the context of secure data refers to the verification of signed/sealed documents or certificates. This involves checking the validity of the applied signatures or seals and determining their legal level (qualified, advanced, simple). A successful check ensures the authenticity and integrity of the signed objects.

The German Trust Services Act supplements the eIDAS Regulation. It defines the cooperation obligations of providers who provide trust services (such as the creation, verification and validation of electronic signatures) and determines the responsible national supervisory authority in this context.

Confirmation by means of evidence that an assertion meets certain requirements and that the facts to be verified are therefore true.

The aim of encryption is to subject data to a mathematical transformation in such a way that it is impossible for an unauthorized person to reconstruct the original data from the transformed, encrypted data. However, in order for the encrypted data to remain usable for its legitimate user, it must be possible to generate the original data from it again by applying an inverse transformation.

The security or trust level indicates the degree of trustworthiness that a digital administrative service requires. The more confidential the data is, the better it should be protected.

1. Basic registration: user name and password
2. Substantial: ELSTER certificate
3. High: Online ID card function

The trustworthy proof of origin identifies messages that were sent from a special mailbox (beBPo, beA, beN, EGVP mailbox, beST, eBO, etc.) and this mailbox is managed in a secure directory service and the mailbox owner is logged in to the mailbox when the message is created.

VideoIdent is a remote identification procedure that is carried out via an online video chat. The VideoIdent procedure is used by banks to open an account, by mobile phone providers before issuing a SIM card, etc. In contrast to a visual check with a physical presence, the visual check in the VideoIdent procedure takes place via the live video image. The verifier guides the person to be identified through the identification process.

The Administrative Procedure Act regulates everything that the administration does and how it may do it. It contains general procedural principles that apply to all authorities. § Section 3a à A written form prescribed by law can be replaced by electronic form unless otherwise stipulated by law (previously only "replacing written form" vis-à-vis public authorities).

XML (Extensible Markup Language) is a text-based file format in which structured data can be read by both humans and machines.

XÖV standards (XML in public administration) are standardization frameworks and specifications for communication in public administration - between administrations as well as between administrations and customers.

XTA2 is a standardized transport interface for specialist and transport procedures.

Method of authentication that is based on two independent components. With this method, the owner of a digital identity usually authenticates themselves via a combination of knowledge and possession. A typical example is authentication at an ATM via the bank card (possession) and the individual PIN (knowledge).