Conformity assessment for eIDAS | identity Trust Management GmbH | identity Management

Type of certificationConformity Assessment (eIDAS)
SRC certificate registration numberSRC.00054.TSP.08.2022
Valid fromAugust 27, 2022
Valid untilAugust 26, 2024
Certificate holderidentity Trust Management GmbH
Certified productidentity Management
The audit includesThe conformity assessment of the identity management service identity Management according to Regulation (EU) No. 910 / 2014 by the ISO 17065 accredited conformity assessment body of SRC.
DescriptionThe identity Trust Management GmbH offers the identity management service identity Management, which can be used by trust service providers as part of their trust service for the issuance of qualified certificates. Therefore, identity Trust Management GmbH is contractually bound as a commissioned third party for the identification process.

As part of identity Management various identification methods are offered to natural persons. Partly the methods offer the possibility to legally sign contracts by hand or by an qualified electronic signature after successful completion of the identification process:

  • identity Shop: For the method identity Shop, the user is identified by an employee of a shop commissioned and authorized by identity. Therefore, a valid identification document is used. The process is documented by the employee digitally. The collected identification data as well as the documentation regarding the identification procedure are transmitted encrypted to identity for verification.
  • identity Video: For the method identity Video the user is identified by employees of a video call centre, which is cooperating with identity. Therefore, an uninterrupted video stream with the user has to be established, showing the user and its valid identification document. The user has to respond to questions from the identifier and has to act in a specific manner defined by the identifier in order to prove the authenticity of the identification process and the identification document. The process is documented by screenshots and the video stream of the process.
  • identity autoID: In the identity autoID process, the user is identified in an AI-based video identification process. To start the procedure, the user is asked to scan a QR code with the identity autoID app. Then, the user is asked to hold the front and back of their valid and accepted identity document into the camera of their smartphone and move the document to make holograms visible. In addition, the person to be identified must take a selfie video (for liveliness detection and to match the person with the photo of the identity document). All security checks (e.g. verification of the authenticity of the ID document, evaluation of the data for liveliness detection) are performed by an AI-supported software of IDnow GmbH. Communication with the IDnow GmbH software takes place via an SDK that is integrated into the identity autoID app. The collected identity data as well as screenshots and video streams are transferred to identity by IDnow GmbH for further storage (or forwarding to the respective client) after completion of the actual identification process.
  • identity PoS: The method identity PoS is offered to users who want to identify themselves at the Point of Sale of an cooperation partner of identity. After successful identification it is  offered to the user to legally sign a contract with the cooperation partner with a qualified electronic signature. Therefore, identity cooperates with a Trust Service Provider (TSP). The user has to provide its identification data to a computer system placed at the Point of Sale, which is sent to the TSP. The TSP transmits the data to identity. Afterwards, an employee at the PoS identifies the user by using a valid identification document. The collected identification data is transmitted to identity as well. If both transmitted data sets are matching, identity informs the TSP that the identification process was successful. Afterwards the user can use the trust service provided by the TSP in order to legally sign a contract with a qualified electronic signature.
  • identity eID: For the method identity eID, the user can identify himself by using his German governmental identity card (nPA) at a cooperation partner of identity. Therefore, the user provides his identity data and gets a code for starting the identification process. Afterwards the user is requested to start the process for reading out the data for the identity card. The user has to confirm by providing his eID-PIN that the service provider is allowed to read out the data. Afterwards the data is read out by the service provider, who transmits the collected data to identity. Identity compares the identification data provided initially by the user with those read out from his identity card. If the data sets are matching, the identification was successful.

SRC confirms, that the identity management service identity Management is operated by identity trust management gmbh compliant to the requirements of Regulation (EU) No. 910 / 2014.