Sector-specific personal identifier (ssPIN)
The abbreviation ssPIN stands for sector-specific personal identifier (bPK – bereichsspezifische Personenkennzeichen). This is a way of maintaining data protection within the Citizen Card concept. The ssPIN is derived from the sourcePIN, which must not be stored by the authorities as an identifying feature. In reverse, however, it is not possible to derive the sourcePIN from the ssPIN. An administrative agency can only use the sector-specific personal identifier for a different sector in encrypted form (vbPK). Citizens may request their ssPIN by signing an application using their ID Austria account. The authority responsible for the SourcePIN Register may only determine the ssPIN itself in exceptional circumstances.
The abbreviation ssPIN stands for sector-specific personal identifier (bPK – bereichsspezifische Personenkennzeichen). This is a way of maintaining data protection within the Citizen Card concept. The ssPIN is derived from the sourcePIN, which must not be stored by the authorities as an identifying feature. In reverse, however, it is not possible to derive the sourcePIN from the ssPIN. An administrative agency can only use the sector-specific personal identifier for a different sector in encrypted form (vbPK). Citizens may request their ssPIN by signing an application using their ID Austria account. The authority responsible for the SourcePIN Register may only determine the ssPIN itself in exceptional circumstances.
Determining the ssPIN (bPK)
The SourcePIN Register Authority requires the relevant authority's public key.
The following two steps are carried out to determine the ssPIN:
- A character string is generated based on the sourcePIN and the procedural sector
- A hash algorithm works out the secure cryptographic single-use decoder
Special cases
Legal representatives
Legal representatives require a traceable sector-specific personal identifier so that government action remains transparent. The ssPIN is determined by querying the SourcePIN Register directly using a symmetrically encrypted and encoded key known only to the authority responsible for the SourcePIN Register.
Business
An ssPIN can be used for online business transactions. To do this, either the Companies’ Register number or the Register of Associations number or the GLN, i.e. the sourcePIN for businesses, is used to generate a sector. Use of this sector requires the consent of all concerned. Unlike the authorities, the sector may not first request the sourcePIN in order to derive the ssPIN. Instead, the ssPIN is produced directly in the Citizen Card environment for the sector.
Configuration of all data processing using the ssPIN within the public administration service
Public servants can agree with the authority responsible for the SourcePIN Register to carry out data processing using the ssPIN. This enables administrative procedures to be carried out more efficiently while saving resources. The following requirements must be met when making such an application:
- The individual must work in the public sector and be under a legal obligation to record other people’s identifying data
- They must know their own administration service identifier
- They must send their public key to the SourcePIN Register Authority
- They must submit an application to configure data using sector-specific personal identifiers
ID Austria