1. Personal identification cards
In Hungary, a new type of permanent personal identification card (personal e-ID) was introduced on 1 January, 2016, which, in addition to visual and electronic personal identification as well as electronic signature, is also suitable for taking over the functions of health insurance cards (TAJ cards) and tax cards.
The introduction of the document equipped with an electronic storage unit served two major purposes fundamentally: on the one hand, to enhance document security, and on the other hand, to create a new basic tool for e-government and e-administration ensuring wide-scale, EU interoperable access.
The personal identification cards are official documents publicly certifying the citizens’ personal identities as well as their data specified in Act LXVI of 1992 (Nytv.Act)* on the basis of the citizens’ written statements, the civil registry and public records; in the case of foreign citizens, beyond the former, also on the basis of the citizens’ passports and the public documents certifying their title of residence in Hungary. Permanent personal identification cards can be used for the electronic public identification of citizens; at citizens’ request and with the exceptions specified in Nytv. Act, for making qualified electronic signatures and, in the cases specified in the law, for exercising the right to travel abroad.
*Act LXVI of 1992 on Keeping Records on the Personal Data and Address of Citizens (Nytv.)
1.1. Types of personal identification cards
- permanent personal identification cards;
- temporary personal identification cards.
1.2. What data do personal e-ID cards contain?
Since 1 January 2016, permanent personal ID cards have been equipped with an electronic data carrier/storage unit (chip). This storage unit electronically contains all personal data and document data visually displayed on the permanent personal ID card. In addition to these the storage unit contains the following data:
- the citizen’s fingerprint, except if the citizen
- is under the age of 12 on the date of issuing the personal identification card,
- has refused to give a fingerprint, or
- is physically unable to give a fingerprint;
- (at the citizen’s request) the data required for creating an electronic signature and the citizen’s signature certificate,
- the citizen’s social security identification number,
- the citizen’s tax identification number,
- the unique electronic identifier of the personal identification card and,
- where requested by the citizen, up to two telephone numbers to be called in the case of emergency.
If a citizen has a social security identification number and a tax identification number, these get recorded on the storage unit of the permanent personal ID card. However, the availability of a social security identification number and tax identification number is no requirement for applying for a personal identification card. If a citizen does have a social security identification number and a tax identification number, s/he will be able to certify these identification numbers before the authorities with authorised access to these numbers and having the appropriate card reading device also by using his personal identification card. Considering all these, the new personal identification card is no replacement for the social security card or the tax card yet, but it does offer a new way of certifying the social security and the tax identification numbers.
The unique electronic identifier of the personal identification card is a unique electronic identifier required for the primary card function as provided by the act on the uniform electronic card issuing framework*.
The telephone number to be called in case of emergency is the telephone number of the person whom the card holder wishes to have informed in the case of his death or any other change in his health condition rendering him unable to communicate about his condition, registered on the storage unit of the permanent personal ID card at the card holder’s request. When the contact number is given, it must always be stated that it was given with the approval of the holder of the telephone number. Requests for the registration/replacement/cancellation of the emergency telephone number must be filed with the administering authority.
The set of data specifying the card holder’s nationality constitutes a three-letter code on the card.
*Act LXXXIII of 2014 on the uniform electronic card issuing framework
**MRZ (Machine Readable Zone): a set of machine readable data making the identification of citizens and their personal identification cards possible
1.3. Who is entitled to have a personal ID card?
Permanent personal ID cards may be issued to
- Hungarian citizens or
- immigrants, established persons, refugees or persons with subsidiary protection
under the scope of the personal data and address register.
As from 1 January 2016, Hungarian citizens living abroad have also been entitled to apply for personal identification cards.
Citizens entitled to receive a personal identification card shall be issued, upon their application for a permanent personal ID and unless they have an official document certifying their personal identity, a temporary personal identification card. No temporary personal ID cards may be issued within the framework of proceedings for issuing a permanent personal ID card initiated with a participating authority or a consular official.
Entitlement to a personal ID card shall cease if
- the qualification as a refugee or a person with subsidiary protection, or the residence permits of immigrant or established persons have been withdrawn, and no other entitlements to a permanent personal ID under other legal titles have been awarded,
- a citizen’s Hungarian citizenship has terminated,
- a citizen with an immigrant or established status has acquired the right of free movement and residence, as long as this right exists,
- a non-Hungarian citizen leaves the territory of Hungary with the intention to settle abroad.
1.4. Where can you apply for a personal e-ID card?
Permanent personal ID cards can be personally applied for at:
- any district office,
- the Budapest Metropolitan Government Office (designated government office),
- an official body in charge of a register (in case the citizen lacks any other official document suitable for certifying their personal identity or if s/he applies for a personal ID card with a storage unit for the first time),
- a consular official (only in the case of applicants with Hungarian citizenship),
- the notary with competence at the place of permanent or temporary residence (if the applicant is unable to apply personally due to health restrictions),
- penitentiary facilities (in the case of applicants in detention).
Permanent personal ID cards for Hungarian citizen newborn babies born in Hungary can be applied for by their legal representatives, without personal attendance, at the registrar’s registering the birth.
Permanent personal ID’s for established persons, refugees and persons with subsidiary protection may be applied for according to the general rules, at a district office or designated government office.
1.5. What documents are required in order to apply for a personal e-ID card?
If the applicant has a valid permanent personal ID card or any other valid document certifying their personal identity at the time of the application or used to have one in the year preceding that date, this must be presented with the application.
Applicants not having the above documents, or refugee applicants or applicants with subsidiary protection status lacking a valid document, beyond their passports, suitable for personal identification on the date of application or the year preceding that date shall have to present with the application:
- if they wish to use a doctor title and this doctor title is not registered in the personal data and address register, a document certifying entitlement to use the doctor title and, in the case of a doctor title awarded abroad, an official document certifying its naturalisation, or authentic copies of the former;
- in the case of Hungarian citizens returning from abroad with the intention to settle in Hungary or Hungarian citizens living abroad, official documents certifying their personal identification number and place of residence,
- in the case of immigrant or refugee applicants or those with subsidiary protection or established status, the immigration permit, the document certifying the refugee or subsidiary protection status or the established status, as well as the official document certifying the personal identification number and the place of residence,
- in the case of applicants with a refugee or subsidiary protection status – if it is the first personal ID card that is applied for – a photograph on the back of which the immigration authority shall specify the number of the authority decision recognising the person concerned as a refugee or a person granted subsidiary protection and certifying the fact that the photograph is identical with the person recognised as a refugee or protected person by a seal and a signature.
If the applicant lacks a valid permanent personal ID card or other documents certifying their personal identity but does have, at the time of submitting the application, a birth certificate issued by Hungarian authorities and a marriage certificate issued by Hungarian authorities suitable for establishing the use of names, s/he may present these with the application. If the applicant does not have a valid personal ID card or other valid documents certifying their personal identity and fails to present a birth or marriage certificate, the administering authority shall ex officio contact the registrar in charge in order to consult on the required data, provided the birth and marriage were registered in Hungary.
In the case of incapacitated applicants, beyond the above documents the final court decision establishing guardianship may also be presented, and the legally binding decision of the guardianship authority certifying representation before the law, as well as a document certifying the identity of the representative before the law shall be presented with the application.
In the case of incapacitated minor applicants, beyond what is listed above, if only one of the parents appears personally, a statement of approval made by the other parent (legal representative) before a notary public, a district (metropolitan) office acting on behalf of the municipal and county government office in child protection and guardianship issues, the head of the penitentiary facility, a consular official, the designated government office, the body keeping the register or a district office, or a statement issued by the parent in a private document of probative value, by which the parent gives consent to issuing the personal ID card, or a final decision certifying the termination or suspension of parental authority shall be attached to the application.
Applicants living abroad who acquired Hungarian citizenship by naturalization or re-naturalization shall make a statement when submitting their application for the first personal ID card that the natural personal identification data, i.e. especially their name displayed on their official document certifying their personal identification number and place of residence is identical with the name entered in the register or the naturalization certificate including their name change.
In addition to the above provisions, the authority administering the issuing of the personal ID card may ask the citizen to reveal their personal identification number displayed on their official document certifying their personal identification number and place of residence.
2. Functions of personal ID cards issued to foreign citizens
2.1. e-identification function
The e-identification function provides the electronic identification/verification functions required for using e-government and e-public administration systems at a higher degree of efficiency and security than other identification systems. In the longer run this function will be available not only in Hungary but in all EU countries where the cross-border system of electronic services is implemented and mutual cooperation agreements are signed.
What is e-identification?
The convenient identification services made possible by the e-ID card require that the holder is personally present; the authentication services can be used in electronic administration. Provided the citizen gives consent by entering the PIN code related to his/her personal ID card, the document allows the authorised organs to read from the electronic storage unit of the document, using the reading key provided, the citizen’s personal data (thus including even his/her social security and tax identification numbers) they are authorised to read and require for the administrative purpose concerned. A prerequisite for this is for the service provider to have a certified card reading device. For use at home, citizens are required to have, in addition to a computer, an appropriate contact-free card reader as well. The identifier function makes it possible for the citizen to remotely connect to public administration systems by using network services, to have him/herself identified electronically and perform the administration tasks required; with the help of the former and provided the necessary IT developments are available, to fill in forms by automatically importing the data; in addition, it makes it possible for other competent players with authorised access to the data to access the authentic data of the person concerned from the card and build their services upon these.
What services are related to it?
Within the framework of this service, provided there is open internet network access available, the validity of a personal ID card can be checked anywhere, any time. Since one of the reasons the document may be invalid (beyond the case when it is lost) may be that it is reported to have been stolen, this service – considering that it is an underlying public register kept by the Ministry of Interior that provides the data – may significantly contribute to enhancing the security of legal transactions.
Client portal registration from home, without personal attendance
The first Client portal registration can be performed from home, without personal attendance, which service requires the document number and the registration code for one-time use (the latter is provided together with the PIN and PUK codes related to the document). By entering these data, citizens can perform Client portal registration electronically, even from home, whereby they get immediate access to administering things online instead of having to appear personally as they had been required before.
- The Client’s opportunity, at the customer services of the Document Office and the Government Office, to check the data on the storage unit as well as the organizations having authorised access to these
At the customer services of the Document Office and the Government Office citizens have the opportunity to check the data on the storage unit of their personal ID cards. In order to do so, citizens can use the administrator’s work station of the customer service to check what data were placed on the storage unit of their personal ID cards and what organs are authorised to read them.
At the citizen’s specific request, the telephone numbers of up to two persons identified by the citizen whom s/he wishes to have informed in the case of his death or any other change in his health condition rendering him/her unable to communicate about his/her condition are registered on the storage unit of the permanent ID card. When identifying these telephone numbers to be called in the case of emergency the applicant is required to make a statement that the telephone numbers are given with their holders’ approval.
2.2 E-signature and timestamp service
While paper-based documents are authenticated with a handwritten signature, electronic documents require an electronic signature (e-signature) for authentication.
The free e-signature and timestamp service related to the e-ID card gives opportunity for online administration.
E-signature is time-saving and cost-friendly, fast, efficient, simple, convenient and safe.
While an electronic signature certifies who signed the document, the timestamp certifies when it was signed. The timestamp service provided for e-ID cards is exclusively available for signing electronically, via an e-ID card.
Opportunities to use e-signature
E-signature is a legally valid (allowed and accepted) solution for authenticating electronic documents in most countries in the world, and thus in all Member States of the European Union.
E-signatures can be used for both private and public administration tasks. In the European Union, qualified electronic signatures have the same legal effect as handwritten signatures.
In Hungary, with the exception of a few areas, electronically signed statements may be used in almost any case. A wide range of documents including (e.g. movable property sale) contracts, requests, forms and notifications may be signed electronically.
A few areas areexceptions to the above: e.g. real property transfer contracts, wills and marriages may not be authenticated with an electronic signature.
When signing electronic documents, the so-called transaction limit specified by the service provider must be considered.
In the case of electronic signatures related to e-ID cards, the transaction limit is 10 000, i.e. ten thousand Euros. This is the maximum commitment that is allowed to be assumed by the signer (e.g. an e-ID card may be used for signing a vehicle sale and purchase contract of a value of up to 10 thousand Euros).
Service provider and contributors
The issuing of certificates related to the electronic signature function and their lifecycle management are performed by the Government Authentication Service. The service is provided, by virtue of the act delegating the service provider, by NISZ Nemzeti Infokommunikációs Szolgáltató Zrt. (NISZ National Infocommunications Service Company); contributors to the service comprise the Ministry of Interior and the district offices (government and document offices).
The technical conditions required for using e-signature
The following are required in order to use the e-signature and timestamp services:
- an e-mail address (required for the application already),
- a valid e-ID card with an e-signature function,
- an e-signature key pair (created on the storage unit of the e-ID card at the time of application),
- a valid e-signature certificate (established on the storage unit of the e-ID card at the time of application),
- an e-signature PIN code for establishing the signature (to be established via an activating PIN code),
- a withdrawal password for the potential withdrawal of the certificate (issued to the client together with the activating PIN code at the time of application),
- a computer (the currently supported operational systems are: Windows 7, 8, 8.1, 10),
- an e-Personal Client card management application,
- signature, timestamp and signature-control applications,
- a card reading device,
- internet connection for checking the signed documents and using the timestamp service.
We recommend to follow the Service provider’s information notices since changes in the legislation or developments in the services may involve changes in using the services.
3. General information on the card reading device
The permanent ID card can be used, after the appropriate tools and software have been obtained, for using online services as well. In addition to the application an appropriate card reader is also required, which is available for sale in several places.
There are several devices suitable for reading electronic personal identification cards, of which two fundamental types should be differentiated according to the area of use: those with and those without a PIN pad.
The card readers already examined by the Ministry of Interior as regards technology and applicability are the following:
- Reiner cyberJack® RFID standard HUN
- Reiner cyberJack® RFID basis
- ACS ACR1252U USB NFC Reader
- Gemalto IDBridge CL3000 (Prox-DU)
- Kobil ID Token
- Identiv CLOUD 3700F
The Reiner cyberJack® RFID standard HUN device is equipped with a PIN PAD and an LCD display. In this case the communication with the software can be seen on this display, while the data can be entered on the PIN PAD. We wish to call your attention to the fact that the Reiner cyberJack® RFID standard devices sold abroad do NOT guarantee the suitable operation of the services provided by the electronic ID card; only those with a Hungarian menu, bearing the mark ‘HUN’ do so.
The devices Reiner cyberJack® RFID basis and ACS ACR1252U USB NFC Reader do not have either a display or a PIN PAD. In this case, the computer’s keyboard should be used when entering the data requested by the software and the information is displayed on the surface of the application.
Useful advice: In the case of certain card readers that are not automatically installed (no “plug and play”), a driver, too, must be installed.
4. Card reading application (e-Personal Client)
The latest, currently downloadable version of the card reading application is suitable for activating and replacing PIN codes as well as for managing the e-signature function.
The current version of the application is suitable for activating and replacing PIN codes and for managing the e-signature function in the following operational systems:
Windows OS (7, 8, 8.1, 10 – 32/64 bit)
Mac OS X (Yosemite, El Capitan, Sierra)
Linux (CentOS 7, Debian 8, SuSe 13.2, Ubuntu 14.04.5 LTS)
Note: MacOS operational systems and Linux distributions currently do not support ReinerSCT cyberJack RFID standard readers.
You can download and install the application under the downloadable applications.
5. International outlook
The new document follows the appropriate and published norms of the EU. The mid-term target to be achieved sequentially is that the services provided both by the Hungarian and the European state and public administration systems economic players as well as by the European cross-border internal market could be made accessible and usable with the personal ID card.
The above means that a document with a storage unit will be able to provide services in future that other EU states will recognize as equivalent to the services provided by their own states. Thus in practice you will be able to perform electronic administration in relation to the public administration of another state using your Hungarian personal ID card already. This is a visionary ability that actually makes cross border electronic administration possible.
At the moment there is no single European regulation that would provide an exclusive framework for issuing electronic identification cards in EU Member States. Considering this, when the concept of the Hungarian personal identification card with an electronic storage unit was worked out, the system of European national identification cards was examined, establishing three distinctive and relatively easy to differentiate periods of development.
All these periods can be characterised by some application concept, use function group, European interoperability concept and security solutions.
5.1. The period of key cards
The first period of card issuing in the years following the European regulation on electronic signatures was in 2002-2007. As a main characteristic, electronic personal identification was related to key pairs registered on contact chip cards as well as a certificate complying with the technology of electronic signatures and, within that, to the management of personal identification numbers. The document can be used as a kind of key card, ensuring the management of personal data in the system operating on the servers. A typical representative of this is Estonia. Estonian personal ID cards can be used, on the one hand, as a tangible identification document, and on the other hand, they are required for electronic administration, the built-in chip helping personal identification and the use of digital signature.
5.2. The period of the ECC initiative
The European Citizen Card (ECC) concept emerged and the standard package appeared in the years 2008-2009. The contact chip cards provided enhanced support for electronic signature, while the data required for personal identification constituted a separate unit. The personal data appeared in the memory of the card chip, the security functions related to data protection (e.g. solutions serving the protection of data groups) underwent significant development, and in the case of qualified signature, the forcing of security message transfer between the card and the card reader provided a more efficient protection system. The initiators included the Belgian card, as well as the Portugal card developed on the basis of the former.
Based on the implementation experience of the cards and card systems issued, development continued in the direction of the ICAO technical solutions used for passport systems, which gradually became characteristic.
5.3. The period of ICAO type cards
On 1 November 2010, the German personal identification card (nPA) and its system opened a new era. The document contains a contactless storage unit with three related card functions already: travel document, electronic identification and electronic signature. The Slovakian system currently being worked out also follows this German example.
5.4. The future: single identification platform
The standardisation of national identification systems is regulated by Regulation 910/2014/EU and several projects of the European Commission and the Parliament, the latter including the EU STORK/STORK2 project defining a common platform for the performance of identification tasks of the cross-border e-identification systems based on federation principle.
The standardisation of the national systems and the card acceptance infrastructure of Member States is meant to ensure that e.g. a German citizen should be able to use their personal ID card at a card acceptance point in Bratislava in a way that the document should be able to connect to both the Slovakian and the German public administration systems, i.e. the electronic identification functions should work in both.
6. For developers
6.1. General information
It is a high priority goal of the Ministry of Interior that electronic ID cards, introduced on 1 January 2016, become one of the identification and authentication tools offering the highest degree of security, beyond electronic public administration, also in relation to other (market) services in the years to come. In order to facilitate this, the electronic storage unit of the document has a certificate according to the Common Criteria (CC EAL5+, CC EAL 4+) and qualifies as a secure signature creation device (BALE). Considering all these the related services are expected to comply with the highest security requirements for online identification posed by the eIDAS Regulation (Regulation 910/2014/EU of the European Parliament and the Council of 23 July 2014).
In order to facilitate the spreading use of the services it is our goal, considering international trends and practices, that the organisations wishing to join should have the least possible resources for the implementation of the required development tasks. The platform-independent operation of the respective services is also a priority, therefore such solutions are developed which can be gradually introduced, in addition to the most widely used Windows operational system, on other platforms (OSX, various Linux distributions), too.
6.2. Electronic identification service
The online identification and authentication related to and the authentic data retrieval from the e-ID card are accessible via the e-Personal Client and the online e-ID server. Within the framework of the service – and having the necessary authorisation – the personal data stored on the document – thus, in addition to the visually displayed range of data, the social security and the tax identification numbers (as well as, according to plans, the home address and other data) - are also retrievable. Further special functions are also accessible with the help of this service:
- with an age-check function, while maximally respecting the card holder’s privacy, it can be checked if s/he was born before a specific date, i.e. whether s/he is older than a specific age.
- generating a service provider-specific identifier may be suitable for double factor authentication in the course of services where the management of the citizen’s personal data is not an option (e.g. entry to workplace systems, anonymous services, etc.). In the course of a document replacement, the generated identifier is able to ensure that the citizen concerned always appears in the system of a certain service provider with the same identifier, but the latter cannot be generated without the cardholder’s card.
The planned access to the electronic identification service will be via an openID Connect interface.