MENU

Security protections of health information and sensitive data for official electronic ID documents

  1. Services
  2. Hardware & Software Evaluation
  3. Technical Guidelines of the BSI

When it comes to the security and interoperability of electronic passports and identity cards, De-Mail, health cards or reading devices, the IT security experts of TÜViT are in demand.

TÜViT is recognized by the German Federal Office for Information Security (BSI) as an evaluation body for Technical Guidelines (TR). TÜViT is also involved in the development of new Technical Guidelines. For example, our IT security experts helped to develop Technical Guideline TR-03109 for the Smart Meter Gateway.

 

Our approach

You will receive support from our IT security experts during the certification process.

For manufacturers who have not yet come into contact with the Technical Guidelines of the BSI and who are aiming for their first audit, we recommend conducting an information workshop. It is often possible to identify potential problems for the subsequent procedure during the workshop, which at this time are usually fairly easy to solve. After completion of the workshop, you will receive a binding offer.

As soon as you have concluded a contract with a recognized evaluation body such as TÜViT, you can submit an application to the BSI for certification.

This is followed by the actual evaluation of the product on the basis of the Technical Guidelines and within the framework of the previously agreed schedule. We draw up a test report and submit it to the BSI.

Finally, the certification body of the BSI reviews our test report. After a positive review, the BSI will issue the certificate.

Conformity test of passports, identity cards and associated reading devices

TÜViT validates the functionality of the chip in the electronic identity card according to TR-03105. One particular feature of the new identity card (nPA) is the online function (also referred to as the eID function). With this, users can prove their identity via the Internet with special software (AusweisApp) and a dedicated card reader. In accordance with TR-03105, our IT security experts test the interface software with Windows, Linux and Apple OS, the functionality of the AusweisApp and the matching reading devices (for public authorities and home use). TÜViT was the first evaluation body to be recognized by the BSI for testing the reading devices.

For the passport (ePassport), TÜViT evaluates the chip and the reading device, in each case both physically (electrical properties, protocols) and logically (security functions, applications).

Technical data recording for official electronic ID documents

The Technical Guideline on production data recording, quality testing of the data and its transmission for government documents (TR-03104) with its associated Technical Guidelines (TR-03121, TR-03123 and TR-03132) document the technical and functional requirements which are to be implemented within the framework of the entire electronic application process for official electronic ID documents. This is aimed at hardware, software, document producers, process developers, public authorities and other bodies which process such data.

Among other things, TÜViT tests software components within the field of the recording, quality assurance and encoding of biometric features, as well as for the generation and transfer of data formats for application data for official electronic ID documents.

De-Mail – legally secure communication

Anyone who wishes to offer De-Mail services must have themselves accredited by the BSI. Within this context, TÜViT offers De-Mail service providers (DMDA) interoperability and functionality tests according to TR-01201.

The testing of a DMDA covers the following modules as specified by TR-01201:

  • account management
  • mailbox and dispatch service
  • IT basis infrastructure
  • document storage (optional)
  • identity confirmation service (optional) 

After a successful testing, a test report certifies that:

  • specific organizational and technical measures which are required for reliable and confidential communication have been complied with
  • interoperability with other De-Mail service providers is ensured

Electronic health card, health professional card and reading devices

For the electronic Health Card (eGK), TÜViT has also successfully carried out tests in accordance with Technical Guideline BSI TR-03144, as well as testing and confirming the conformity of the associated reading devices and card terminals in accordance with the certification specifications of gematik.

Last but not least, TÜViT also tests conformity according to the Technical Guidelines of the BSI, such as physical access control systems according to TL-03402, TL-03403 and TL-03424.

Your benefits at a glance

  • TÜViT has been working since 1993 as a recognized evaluation body for Technical Guidelines and therefore has the longest and most comprehensive experience in this field
  • furthermore, the BSI has certified TÜViT employees as De-Mail auditors; thus, of the six De-Mail auditors operating throughout Germany (ISMS on the basis of “IT Grundschutz”), two are from TÜViT
  • support from the start: we assist you during the auditing process for the protection of your business, IT processes and data
  • you receive the necessary verification of the conformity of your products in order to submit your application for certification to the BSI

TÜViT has been recognized for more than 10 years as an evaluation body for Technical Guidelines by the BSI.

Jürgen Atrott

Product Manager IT Conformity

+49 271 3378-192
Fax: +49 271 3378-197

j.atrott@tuvit.de

Further services

Evaluation Body for IT Security

With its evaluation body for IT security, TÜViT is one of the world's leading providers of testing services for IT products and systems. The evaluation body has been recognized by the German Federal Office for Information Security (BSI) since 1991 and accredited by the DAkkS, the German Accreditation Body, according to DIN EN ISO/IEC 17025.
Read more

Common Criteria

Globally-recognized security evaluations for IT components, products and systems: TÜViT is one of the world's leading testing service providers for Common Criteria. With our 50 licensed evaluators, we have successfully completed over 600 evaluation projects according to CC (from EAL1 to EAL6+).
Read more

Hardware

Hardware tests for more security: Hardware security modules or chip cards are used for the protection of sensitive data. TÜViT evaluates these IT products and their components in accordance with recognized international security standards and performs the necessary penetration tests in its own hardware test laboratory.
Read more

Software

Making software subsequently secure is always complicated and expensive. This is why it is important to consider the subject of IT security at the beginning and throughout the entire life cycle within the framework of a Common Criteria (CC) evaluation.
Read more

Site Certification

Audit of development and production environments: If IT products are certified in accordance with the Common Criteria IT security standard or EMVCo, audits of development and production environments represent an integral part of the evaluation process. For many years now, TÜViT has been successfully carrying out site audits for production and development environments.
Read more

FIPS 140-2

Testing of crypto modules and crypto algorithms: The TÜViT test laboratory is approved by the National Institute of Standards and Technology (NIST, USA) for testing and validation according to FIPS PUB 140-2.
Read more

Electronic Payments

Components that are used within electronic payment systems must fulfil specific security standards and require corresponding approvals. TÜViT performs these approval procedures in its capacity as an accredited security assessor.
Read more