On-line Qualified Certificate Issuance is a key component in the eID infrastructure providing the necessary functionality for issuing and renewal of qualified certificates on an eID card through the Internet.
Within the certificate issuing or renewal process the RA eService communicates directly with the card’s chip. For this purpose a secure server-to-card communication, resisting any security threads skulking in the communication infrastructure, is established.
The solution uses this secure communication channel to initiate key pair generation on a remote eID card and to store a qualified certificate on it.
The solution has been evaluated by TÜViT in accordance with the Common Criteria EAL4+.