Sector-specific personal identifier (ssPIN)

The abbreviation ssPIN stands for sector-specific personal identifier (bPK bereichsspezifische Personenkennzeichen). This is a way of maintaining data protection within the Citizen Card concept. The ssPIN is derived from the sourcePIN, which must not be stored by the authorities as an identifying feature. In reverse, however, it is not possible to derive the sourcePIN from the ssPIN. An administrative agency can only use the sector-specific personal identifier for a different sector in encrypted form (vbPK). Citizens may request their ssPIN by signing an application using their ID Austria account. The authority responsible for the SourcePIN Register may only determine the ssPIN itself in exceptional circumstances. 

Determining the ssPIN (bPK)

The SourcePIN Register Authority requires the relevant authority's public key.
The following two steps are carried out to determine the ssPIN:

  • A character string is generated based on the sourcePIN and the procedural sector
  • A hash algorithm works out the secure cryptographic single-use decoder


Special cases


Legal representatives

Legal representatives require a traceable sector-specific personal identifier so that government action remains transparent. The ssPIN is determined by querying the SourcePIN Register directly using a symmetrically encrypted and encoded key known only to the authority responsible for the SourcePIN Register.

Business

An ssPIN can be used for online business transactions. To do this, either the Companies’ Register number or the Register of Associations number or the GLN, i.e. the sourcePIN for businesses, is used to generate a sector. Use of this sector requires the consent of all concerned. Unlike the authorities, the sector may not first request the sourcePIN in order to derive the ssPIN. Instead, the ssPIN is produced directly in the Citizen Card environment for the sector.


Configuration of all data processing using the ssPIN within the public administration service

Public servants can agree with the authority responsible for the SourcePIN Register to carry out data processing using the ssPIN. This enables administrative procedures to be carried out more efficiently while saving resources. The following requirements must be met when making such an application:

icon

The sector-specific personal identifier is a way of maintaining data protection that has been implemented within the Citizen Card concept. It means that the authorities are normally only entitled to call up personal data if they have been authorised to do so by the person in question.