Conformity assessment for eIDAS | identity Trust Management AG | identity Management

Certificate SRC.00028.TSP.08.2018 Certificate SRC.00028.TSP.08.2018 // Amendment 1
Type of certificationConformity Assessment (eIDAS)
SRC certificate registration numberSRC.00028.TSP.08.2018
Valid fromAugust 26, 2018
Valid untilAugust 26, 2020
Certificate holderidentity Trust Management AG
Certified productidentity Management
The audit includesThe conformity assessment of the identity management service identity Management according to Regulation (EU) No. 910 / 2014 by the ISO 17065 accredited conformity assessment body of SRC and an amendment for the enhancement of the conformity assessment.
DescriptionThe identity Trust Management AG offers the identity management service identity Management, which can be used by trust service providers as part of their trust service for the issuance of qualified certificates. Therefore, identity Trust Management AG is contractually bound as a commissioned third party for the identification process.

As part of identity Management various identification methods are offered to natural persons. Partly the methods offer the possibility to legally sign contracts by hand or by an qualified electronic signature after successful completion of the identification process:

  • identity Kurier: For the method identity Kurier, the user is visited by an employee of a courier service, which was commisioned by identity, at the location of his choice and is identified by using a valid identification document. The process is documented by the employee of the courier service by filling a form which was provided beforehand by identity. The filled form is sent to and verified by identity after completion of the identification process.
  • identity Kurier Sign: The method identity Kurier Sign is an extension of the identity Kurier method, offering the user the possibility to legally sign contracts after the employee of the courier service has successful completed the idenfication process.
  • identity Shop Papier: For the method identity Shop Papier, the user is identified by an employee of a shop commissioned and authorized by identity. Therefore, a valid identification document is used. The process is documented by the employee of the shop by filling a form which was provided beforehand by identity. The filled form is sent to and verified by identity after completion of the identification process.
  • identity Shop Sign: The method identity Shop Sign is an extension of the identity Shop Papier method, offering the user the possibility to legally sign contracts after the employee of the shop has successful completed the idenfication process.
  • identity Shop Papierlos: For the method identity Shop Papierlos the identity of the user is confirmed in the same way as for the method identity Shop Papier. However, the process is digitally documented and the documentation is transmitted to identity in encrypted form.
  • identity Video: For the method identity Video the user is identified by employees of a video call centre, which is cooperating with identity. Therefore, an uninterrupted video stream with the user has to be established, showing the user and its valid identification document. The user has to respond to questions from the identifier and has to act in a specific manner defined by the identifier in order to prove the authenticity of the identification process and the identification document. The process is documented by archiving screenshots and the video stream of the process.
  • identity PoS: The method identity PoS is offered to users who want to identify themselves at the Point of Sale of an cooperation partner of identity. After successful identification it is  offered to the user to legally sign a contract with the cooperation partner with a qualified electronic signature. Therefore, identity cooperates with a Trust Service Provider (TSP). The user has to provide its identification data to a computer system placed at the Point of Sale, which is sent to the TSP. The TSP transmits the data to identity. Afterwards, an employee at the PoS identifies the user by using a valid identification document. The collected identification data is transmitted to identity as well. If both transmitted data sets are matching, identity informs the TSP that the identification process was successful. Afterwards the user can use the trust service provided by the TSP in order to legally sign a contract with a qualified electronic signature.
  • identity eID: For the method identity eID, the user can identify himself by using his German governmental identity card (nPA) at a cooperation partner of identity. Therefore, the user provides his identity data and gets a code for starting the identification process. Afterwards the user is requested to start the process for reading out the data for the identity card. The user has to confirm by providing his eID-PIN that the service provider is allowed to read out the data. Afterwards the data is read out by the service provider, who transmits the collected data to identity. Identity compares the identification data provided initially by the user with those read out from his identity card. If the data sets are matching, the identification was successful.

SRC confirms, that the identity management service identity Management is operated by identity Trust Management AG compliant to the requirements of Regulation (EU) No. 910 / 2014.