Conformity assessment for eIDAS | identity Trust Management AG | identity Management

Certificate SRC.00041.TSP.08.2020 Certificate SRC.00041.TSP.08.2020 // Amendment 1 Certificate SRC.00041.TSP.08.2020 // Amendment 2

Type of certificationConformity Assessment (eIDAS)
SRC certificate registration numberSRC.00041.TSP.08.2020
Valid fromAugust 27, 2020
Valid untilAugust 26, 2022
Certificate holderidentity Trust Management AG
Certified productidentity Management
The audit includesThe conformity assessment of the identity management service identity Management according to Regulation (EU) No. 910 / 2014 by the ISO 17065 accredited conformity assessment body of SRC and an amendment for the conformity assessment for remediation of non-conformities identified in the initial assessment.
DescriptionThe identity Trust Management AG offers the identity management service identity Management, which can be used by trust service providers as part of their trust service for the issuance of qualified certificates. Therefore, identity Trust Management AG is contractually bound as a commissioned third party for the identification process.

As part of identity Management various identification methods are offered to natural persons. Partly the methods offer the possibility to legally sign contracts by hand or by a qualified electronic signature after successful completion of the identification process:

  • identity Kurier: For the method identity Kurier, the user is visited by an employee of a courier service, which was commisioned by identity, at the location of his choice and is identified by using a valid identification document. The process is documented by the employee of the courier service by filling out a form which was provided beforehand by identity. The form is then sent to and verified by identity after completion of the identification process.
  • identity Kurier Sign: The method identity Kurier Sign is an extension of the identity Kurier method, offering the user the possibility to legally sign contracts after the employee of the courier service has successfully completed the idenfication process.
  • identity Shop Papier: For the method identity Shop Papier, the user is identified by an employee of a shop commissioned and authorized by identity. Here, a valid identification document is used. The process is documented by the employee of the shop by filling out a form which was provided beforehand by identity. The form is then sent to and verified by identity after completion of the identification process.
  • identity Shop Sign: The method identity Shop Sign is an extension of the identity Shop Papier method, offering the user the possibility to legally sign contracts after the employee of the shop has successfully completed the idenfication process.
  • identity Shop Papierlos: For the method identity Shop Papierlos the identity of the user is confirmed in the same way as for the method identity Shop Papier. However, the process is digitally documented and the documentation is transmitted to identity in encrypted form.
  • identity Video: For the method identity Video the user is identified by employees of a video call centre, which is cooperating with identity. For this purpose, an uninterrupted video stream with the user has to be established, showing the user and its valid identification document. The user has to respond to questions from the identifier and has to act in a specific manner defined by the identifier in order to prove the authenticity of the identification process and the identification document. The process is documented by archiving screenshots and the video stream of the process.
  • identity autoID: In the identity autoID process, the user is identified in an AI-based video identification process. To start the procedure, the user is asked to scan a QR code with the identity autoID app. Then, the user is asked to hold the front and back of their valid and accepted identity document into the camera of their smartphone and move the document to make holograms visible. In addition, the person to be identified must take a selfie video (for liveliness detection and to match the person with the photo of the identity document).All security checks (e.g. verification of the authenticity of the ID document, evaluation of the data for liveliness detection) are performed by an AI-supported software of IDnow GmbH. Communication with the IDnow GmbH software takes place via an SDK that is integrated into the identity autoID app.

    The collected identity data as well as screenshots and video streams are transferred to identity by IDnow GmbH for further storage (or forwarding to the respective client) after completion of the actual identification process.

  • identity PoS: The method identity PoS is offered to users who want to identify themselves at the Point of Sale of a cooperation partner of identity. After successful identification it is offered to the user to legally sign a contract with the cooperation partner with a qualified electronic signature. Therefore, identity cooperates with a Trust Service Provider (TSP). The user has to provide its identification data to a computer system placed at the Point of Sale, which is sent to the TSP. The TSP transmits the data to identity. Afterwards, an employee at the PoS identifies the user by using a valid identification document. The collected identification data is transmitted to identity as well. If both transmitted data sets are matching, identity informs the TSP that the identification process was successful. Afterwards the user can use the trust service provided by the TSP in order to legally sign a contract with a qualified electronic signature.
  • identity eID: For the method identity eID, the user can identify himself by using his German governmental identity card (nPA) at a cooperation partner of identity. For this purpose, the user provides his identity data and gets a code for starting the identification process. Afterwards the user is requested to start the process for reading out the data from the identity card. The user has to confirm that the service provider is allowed to read out the data by providing his eID-PIN. Afterwards the data is read out by the service provider, who transmits the collected data to identity. Identity compares the identification data provided initially by the user with those read out from his identity card. If the data sets are matching, the identification was successful.

SRC confirms, that the identity management service identity Management is operated by identity Trust Management AG compliant to the requirements of Regulation (EU) No. 910 / 2014.