Required equipment
This is what you need to use all the functions of the new electronic residence title securely.
Using both the on-line identification function and the signature function is voluntary. You may decide if you wish to use these functions. For use at home, you will need the following components.
The reader
The most important component is a card reader that is equipped for cards with a contactless interface. A basic reader is sufficient for the on-line identification function. By contrast, for the signature function, a "premium reader" with its own display and a separate keypad (PIN pad) is required to input the signature PIN.
Readers are available in the shops. The Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) (BSI) recommends using certified card readers. A list of available readers is available on the Federal Network Agency’s website.
There are three types of reader:
- Basic card reader
- Standard card reader
- Premium card reader
Whereas standard and premium card readers have their own keyboard to input the PIN and their own display, you must input the PIN via your computer or screen keyboard when using a basic card reader.
display as attention: Note:
Security of readers
If you would like to use a value basic reader that does not have its own keyboard, you should preferably only use the "AusweisApp"' software's screen keyboard, which is operated using the mouse. If your computer is not protected with an up-to-date virus scanner, firewall and current operating system software and you are using a basic reader, it is possible for a "keylogger", an infiltrating malware, to record what you input via your keyboard and sometimes even to record your PIN and pass the details onto third parties.
In this regard, standard or premium readers offer greater security because you input your confidential details (PIN) using a separate keypad.
However, it is not possible for someone to abuse the system simply by reading your PIN. In addition to knowing the PIN, the attacker must also have access to the electronic residence title. The electronic residence title should therefore always be kept safe. This means only putting the electronic residence title on the card reader if you want to use it on the internet.
The most important prerequisite for your security is that your computer is free of viruses and infiltrating malware. If you take note of the instructions on the Data protection and data security web pages, you do not need to worry when using the electronic residence title on the internet.
The software
To achieve a connection between your computer and the identification, you need driver software, which has to be installed on your computer.
This software, called "AusweisApp" is available free of charge.
The AusweisApp is available for the following operating systems:
- Windows XP, Windows Vista and Windows 7
- Mac OS X (from 30 November 2010)
- Linux for the distributions Ubuntu, OpenSuse and Debian
About your security
To protect your data when using these new electronic functions you will receive a "PIN letter" from the Bundesdruckerei GmbH (Federal Printing Office). This contains a confidential 5-digit number (transport PIN), a 10-digit unlock key (PUK) and a locking password.
PIN (confidential number)
The PIN is a confidential 6-digit code.
display as attention: Note:
You can change the transport PIN to a personal PIN either at home with the aid of the card reader or at your local foreign affairs office. You should not use a combination of digits that would be easy to guess (e.g. 123456, a date of birth, or figures that are printed on the electronic residence title). You can change the PIN as many times as you like. The PIN is always required to use the on-line identity function.
In the event that you input the PIN incorrectly on two consecutive occasions, you will be required to input the access number on the front of your electronic residence title. If this attempt to access the system also fails, your PIN will be blocked. The block can only be removed by inputting the release number (PUK).
If you have forgotten your PIN, you can pay for a new PIN to be set at your local foreign affairs office.
Signature PIN (only for the signature function)
You will require your own signature PIN to use the qualified electronic signature function. You set this yourself when you receive a signature certificate and load it on your electronic residence title.
PUK (release number)
The PUK is a 10-digit number. It is used to release a PIN that has been blocked after inputting the wrong combination of numbers three times in a row.
Please note that the PUK can only be used ten times. After this, a block can only be removed by resetting the PIN in the local foreign affairs office. It is recommended that you only scratch off the film concealing the PUK when you need it to release a blocked PIN.
Locking password
If your electronic residence title is stolen or lost, you must have the on-line identity function blocked. To do this you will have to tell the block hotline staff or the local foreign affairs office the locking password. It is useful to have a word that is easy to remember (e.g. locomotive).
Further information on blocking the on-line identity function or the signature function can be found under "Data protection".
