TO OUR PARTNERS
ELECTRONIC IDENTIFICATION SERVICE
Online identification, authentication and authorization of eID card is available through the eSzemélyi Kliens software and the online eID server. The service allows, with the appropriate authorisation, to read personal data stored on the document, such as the social security number, tax identification number, personal identification number, address data and other identifiers, in addition to the visualised data. The following special functions are also available with eIdentification:
- Age verification: This function allows you to check whether the cardholder was born before a certain date, i.e. if they are over a certain age, while respecting the privacy of the cardholder.
- Log in to service provider systems: This function allows you to log in to service provider systems using eID card with two-factor authentication. It has the advantage that no personal data need to be handled by the service provider (e.g. logging into work systems, anonymous services, etc.). The service provider assigns an authentication code to the document holder: this is generated by the service provider from its own public key and the eID card private identifier. The document holder is then able to log into the service provider’s system and the service provider is able to authenticate the individual via eID card. Since the public keys of the service providers differ, the generated codes vary from provider to provider. However, the eID card private identifier does not change in case of a document change, so service providers do not need to generate a new code for authentication in these cases either. An additional advantage of the solution is that it also provides maximum support for the protection of personal data.
Connecting to the electronic identification (eID server) service
Using the eIdentification (eID server) service requires registration and the issuing of the necessary certificates. The organisations involved in the registration process are the Ministry of Interior, NISZ Zrt. and IdomSoft Zrt.
In the case of the launch of the ‘LIVE’ registration (enabling the reading of documents used by citizens), the purpose and legal basis for accessing the data stored in the eID card must be indicated in each case, together with the exact legal status, which is verified by the Ministry of Interior for each partner within the framework of a specific procedure. The certificate issued during the verification of the legal basis and the connection will ensure that only those organisations with the right to read/write data controlled by the public authority will have access to the data.
In addition to the live connection to the service, the Authority will also provide the possibility to access the test environment and use test cards for integration development tasks and testing. When using the test system, the data fields can be freely selected and thus can be accessed without a legal basis.
In order for the partner wishing to join to be able to properly consider what kind of read and possibly write access rights, certified with a legal ground they need, they should consult IdomSoft Zrt., the IT background provider of the service, in advance, in a personal consultation, to agree on exactly what kind of identification solution they would like to build and develop on the eID card.
During the professional consultation, the partner can learn about the technological details of the eID server service, from the experts he can find out the options the individual functions of eID card offer them, and how they can integrate them into their own case management system. Once the purpose of use has been clarified, the registration process will start and IdomSoft Zrt. will provide detailed information to those interested.
Idomsoft Zrt. accompanies the partners in close professional cooperation throughout the entire life cycle of the development of their own service and provides support during the use of the service, which includes:
- general administrative and technical information, personal consultation
- assistance to selecting the right solution
- providing test/live certificates for the use of the service, with the assistance of the Ministry of Interior
- supporting test/development
- providing technical, development documentation
- providing test/live service availability
- supporting for version changes, including delivery of integration test environment and documentation
- providing test documentation
In addition to the above, IdomSoft Zrt. also offers development partners – within the framework of ad hoc assignments – optional, priority development support by providing dedicated resources. Priority support includes uninterrupted access to the service during working hours, continuous, uninterrupted 8-hour periods, the availability of a delegated product support, project, organisation and development team, and the possibility of personal professional consultation.
Further detailed technical information and contact details
eIdentification can be connected via the openID Connect interface. The standard openID connect Discovery, openID Provider configuration information parameters are available at the following link.
Further developer documentation can only be made available after direct connection.
For more information about this service, please contact eid-szerver@idomsoft.hu.
ELECTRONIC SIGNATURE AND TIME STAMPING SERVICE
The eID card service, linked to electronic signature, enables citizens to make electronic legal declarations in private or administrative legal transactions, with the legal effect of a private document with full probative value.
The eID card is a document for which citizens can voluntarily request an electronic signature (eSignature) and time stamping service free of charge. Read more about electronic signatures here.
To use electronic signatures, you need to purchase a card reader and install the eID card Client. To access the service, PKCS#11 API or Smart Card Minidriver on Windows platform is provided.
SERVICE ID
The eID card is a permanent ID card with a storage element (chip). A service identifier is embedded on this chip. The service identifier can be used for a number of purposes when the document is used, which are regulated by BM Decree 36/2019 (15 October). The range of services thus available:
- use of a government print management system,
- the use of the transport services defined in the law on passenger transport services,
- use of the government card access control system,
- the use of certain services and discounts provided by the local government (…),
- (…) use of certain services and discounts provided for the purposes of mass sports, team sports, cultural, cultural, educational, commercial, medical, catering, (…) transport, leisure, social or health services,
- customer authentication for payment services.
- A special device (SAM; Secure Access Module) is also required to read the service identifier for the purposes of the above-mentioned use.
Based on the Government Decree on centralised IT and electronic communications services, IdomSoft Zrt. is the central service provider for the application development and operation of the eID card and the National Unified Card System (NEK), thus the SAMs are also procured and programmed through IdomSoft Zrt.
The request should be addressed to the Ministry of Interior of Hungary at bm-samigenyles@bm.gov.hu.
Technical arrangements and SAM programming parameters must be agreed with IdomSoft Zrt. at sam.tamogatas@idomsoft.hu prior to the submission of the request.
E-PASSPORT (EPASS)
The data in the ePASS application are the same as those visually displayed on the card. For cardholders who have their fingerprint recorded on the eID card chip, the information is also stored in this application.
The ePASS application performs similar functions to the chip in the passport. This functionality of the chip enables the eID card to be used as an electronic travel document in compliance with international standards [ICAO 9303], bringing the eID card to the level of passport security in the electronic space. After the mutual authentication of the card reader and the chip, the data on the chip can be read by entering the CAN number or by reading the MRZ mcode. (For fingerprint reading, special authorisation – for border police purposes – is required!)
The primary use of the application is to identify the citizen in person at a higher level of security than the features of an analogue document. The reading must be performed in a trusted environment. During the identification process, the document and the document holder must be separately verified (e.g. by comparing a facial image or fingerprint).
The stored data (except for the fingerprint) can be freely read using PACE (Password Authenticated Connection Establishment) or BAC (Basic Access Control) protocols. The latter will no longer be available for documents issued in the second half of 2021 and will be phased out. Both protocols are based on the password on the card: the CAN (Card Access Number) on the front or the MRZ (Machine Readable Zone) on the back. The purpose of the protocols is to ensure that data can only be read when the card is actually in the possession of the user, knowing the password on the card. This is in line with the fact that the scope of the data stored is the same as the scope of the data that can be visually recognised.
Only the Border Guards are authorised to read the fingerprint on the chip (CAN/MRZ + EAC1).
Data of the ePASS application
MRZ data
- Document type
- Issuing State
- Document ID
- Birth date
- Gender of the card owner
- Validity period
- Nationality
- Name (in MRZ format – without accents, abbreviated to a maximum of 30 characters)
- Indication restricted for travel
- Indication of the existence of a fingerprint
eMRTD data (electronically readable)
- Cardholder’s facial image
- Cardholder’s fingerprint
- Cardholder’s handwritten signature (pictorial)
- Issuing authority
- Cardholder’s given name
- Cardholder’s name at birth
- Cardholder’s place of birth
- Cardholder’s mother’s maiden name