When it comes to the security and interoperability of electronic passports and identity cards, De-Mail, health cards or reading devices, the IT security experts of TÜVIT are in demand.
TÜVIT is recognized by the German Federal Office for Information Security (BSI) as an evaluation body for Technical Guidelines (TR). TÜVIT is also involved in the development of new Technical Guidelines. For example, our IT security experts helped to develop Technical Guideline TR-03109 for the Smart Meter Gateway.
Our approach
You will receive support from our IT security experts during the certification process.
For manufacturers who have not yet come into contact with the Technical Guidelines of the BSI and who are aiming for their first audit, we recommend conducting an information workshop. It is often possible to identify potential problems for the subsequent procedure during the workshop, which at this time are usually fairly easy to solve. After completion of the workshop, you will receive a binding offer.
As soon as you have concluded a contract with a recognized evaluation body such as TÜVIT, you can submit an application to the BSI for certification.
This is followed by the actual evaluation of the product on the basis of the Technical Guidelines and within the framework of the previously agreed schedule. We draw up a test report and submit it to the BSI.
Finally, the certification body of the BSI reviews our test report. After a positive review, the BSI will issue the certificate.
Conformity test of passports, identity cards and associated reading devices
TÜVIT validates the functionality of the chip in the electronic identity card according to TR-03105. One particular feature of the new identity card (nPA) is the online function (also referred to as the eID function). With this, users can prove their identity via the Internet with special software (AusweisApp) and a dedicated card reader. In accordance with TR-03105, our IT security experts test the interface software with Windows, Linux and Apple OS, the functionality of the AusweisApp and the matching reading devices (for public authorities and home use).
TÜVIT was the first evaluation body to be recognized by the BSI for testing the reading devices. For the passport (ePassport), TÜVIT evaluates the chip and the reading device, in each case both physically (electrical properties, protocols) and logically (security functions, applications).
Technical data recording for official electronic ID documents
The Technical Guideline on production data recording, quality testing of the data and its transmission for government documents (TR-03104) with its associated Technical Guidelines (TR-03121, TR-03123 and TR-03132) document the technical and functional requirements which are to be implemented within the framework of the entire electronic application process for official electronic ID documents. This is aimed at hardware, software, document producers, process developers, public authorities and other bodies which process such data.
Among other things, TÜVIT tests software components within the field of the recording, quality assurance and encoding of biometric features, as well as for the generation and transfer of data formats for application data for official electronic ID documents.
De-Mail – legally secure communication
Anyone who wishes to offer De-Mail services must have themselves accredited by the BSI. Within this context, TÜVIT offers De-Mail service providers (DMDA) interoperability and functionality tests according to TR-01201.
The testing of a DMDA covers the following modules as specified by TR-01201:
- account management
- mailbox and dispatch service
- IT basis infrastructure
- document storage (optional)
- identity confirmation service (optional)
After a successful testing, a test report certifies that:
- specific organizational and technical measures which are required for reliable and confidential communication have been complied with
- interoperability with other De-Mail service providers is ensured
Electronic health card, health professional card and reading devices
For the electronic Health Card (eGK), TÜVIT has also successfully carried out tests in accordance with Technical Guideline BSI TR-03144, as well as testing and confirming the conformity of the associated reading devices and card terminals in accordance with the certification specifications of gematik.
Last but not least, TÜVIT also tests conformity according to the Technical Guidelines of the BSI, such as physical access control systems according to TL-03402, TL-03403 and TL-03424.
Certification of electronic POS systems
Since January 2020, every electronic recording system must have a certified technical security system (CTSS) that meets the requirements of the Federal Office for Information Security (BSI) and the Kassensicherungsverordnung (KassenSichV). Since then, a corresponding certificate will be required to prove that the CTSS complies with the requirements of Technical Guideline BSI TR-03153.
TÜVIT is recognized by the BSI as an evaluation body for TR-03153 / TR-03151 and performs tests and assessments to achieve the certificate. Our experienced IT security experts accompany manufacturers along the entire TR certification process and ensure successful and timely project completion.
Your benefits at a glance
- TÜVIT has been working as a recognized evaluation body for Technical Guidelines for 15 years and therefore has the longest and most comprehensive experience in this field
- furthermore, the BSI has certified TÜVIT employees as De-Mail auditors; thus, of the six De-Mail auditors operating throughout Germany (ISMS on the basis of “IT Grundschutz”), two are from TÜVIT
- support from the start: we assist you during the auditing process for the protection of your business, IT processes and data
- you receive the necessary verification of the conformity of your products in order to submit your application for certification to the BSI
Tel.: +49 201 8999-531
Fax: +49 201 8999-666
b.leidner@tuvit.de