• A-SIT

    The Secure Information Technology Center - Austria (A-SIT) is an organisation that is supported by the Federal Ministry of Finance (BMF), the Central Bank of the Republic of Austria (OeNB), the Graz University of Technology (TU Graz) and the Federal Computing Centre (BRZ). A-SIT Website

    A-SIT Logo

  • A-Trust

    A-Trust is a qualified trust service provider in Austria. The Federal Chancellery authorised A-Trust to issue digital certificates for use with Citizen Cards. The company is owned by various partners: A-Trust partners

  • a.sign Client

    A free software application by the A-Trust company, which makes Citizen Card functionality available for Windows operating system. (Cryptographic Service Provider). The a.sign client is required for Citizen Card software (Citizen Card environment) from A-Trust and the program VPDFSign, for signing PDF files. a.sign Client Website
    a.sign Client

  • a.sign premium

    The product name for A-Trustqualified certificate on the Citizen Card.

  • Activation

    Activation describes the process of setting-up your mobile phone or your e-card as a Citizen Card. Activate your Citizen Card

  • Administrative signature

    Precursor to the qualified signature. Certificates for administrative signatures are not issued anymore, but still remain valid until their expiry date (end of 2012 at the latest). An administrative signature is an advanced signature that is equivalent to a qualified signature in e-government If you have an administrative signature and want to change to a qualified signature, you will need a new e-card:

    • Online e-card order form (in the Reason field enter the following: Citizen Card (change to a qualified certificate) or
    • call the e-card service line: 050 124 33 11
  • Adobe signature

    A worldwide standard for signing PDFs. It was developed by Adobe (creator of the PDF format). Adobe signatures can be verified directly in Adobe Reader. They are not compatible with PDF-ASsignatures. In order to create a qualified signature, a plug-in is required.
    More information on PDF signatures

  • Advanced signature

    In the eIDAS-Regulation, this is the medium quality level for an electronic signature As opposed to a qualified signature, the advanced signature does not generally have the same validity as a written signature. Also see: Background information: Contents of the law

  • Applet

    A software program that runs in a browser (Firefox, Internet Explorer, Safari, etc.) Applets are written in the programming language Java.

  • Asymmetric encryption [Public key encryption]

    A sophisticated encryption method in which a different key is used for encryption and decryption. One part of this key pair is open (public key), the other part is secret (private key). Well-known asymmetric encryption algorithms are RSA and ECDSA.

  • Base64

    A coding system that uses 64 different characters (26 upper-case letters, 26 lower-case letters, 10 digits 0-9, + and /). Base64 is widely used - e.g. all e-mail attachments are coded in this form.

  • BDC

    The company BDC EDV Consulting GmbH specialises in IT consulting, project management and software development in the areas

    • IT security, security concepts, cryptography
    • smartcards
    • digital signatures, public key infrastructure (PKI)
    • electronic payment systems
    BDC Website
  • BMDW

    Federal Ministry for Digital, Business and Enterprise
    Website of BMDW

  • Card PIN [Secret PIN, Authentication PIN]

    The card PIN can be used to create an advanced signature and enables access to the identity link. The card PIN is a 4 to 10 digit combination that you can select upon activation of your card.

  • Card reading device [Card Reader, Smart Card Reader]

    A device that is connected to your computer. It is able to read and write data on a Chipcard.
    Gemalto card-reading device

  • Certificate

    Simply put, a certificate is an electronic file that confirms your identity. Technical explanation: A trust service provider (e.g. A-Trust) confirms that a public key really belongs to a certain person. The certificate is only valid for a certain length of time (genereally 5 years) and is signed by the trust service provider with its private key.
    The eIDAS regulation differentiates between qualified certificates and (non-qualified) certificates.

  • Trust service provider [TSP]

    A certificate provider. With Citizen Cards, this is the company A-Trust, a qualified trust service provider in Austria.

  • Chipcards [Smartcard]

    A plastic card with an embedded metal chip (usually gold coloured). Examples: e-card, A-Trust card, ...

  • CIN [Cardholder Identification Number, Signature contract number]

    This is your customer number at the trust service provider (A-Trust). You will receive a new CIN each time the activation process is carried out. It is displayed in your signature contract as your signature contract number .

  • Citizen Card environment [CCE, Citizen Card software]

    Software that is necessary for using Citizen Card functionality on the card. The Austrian Federal Chancellery recommends Mocca software for the Citizen Card. Additional Citizen Card environments are available from other private companies such as the A-Trust Citizen Card environment, trustDesk and hotSign.

  • CRR number [Central Register of Residents number]

    A number assigned to you in the Central Register of Residents (CRR). Every person registered in Austria can be uniquely identified by this number. CRR numbers are 12 digits long, e.g. 000247681888. They consist of random numbers and a checksum. You can see your CRR number on your proof of residency certificate (this replaces the old registration document starting Mar. 1, 2002):
    Request your proof of residency certificate using your Citizen Card

  • Datentechnik Innovation

    Datentechnik Innovation is a software company located in Vienna and Graz. The company focuses on development and integration of software products and complete solutions for e-government and e-health.
    Website of Datentechnik Innovation

  • Digital Austria

    A platform at the Federal Chancellery for coordinating e-governmentactivities in Austria.
    Digital Austria Website
    Digital Austria

  • Directory service

    A public directory made available by a certification service provider (i.e. A-Trust) . The directory contains a list of certificates that have been issued. A-Trust directory service

  • e-card G2 [e-card 2nd Generation]

    All cards issued before December 2009. You can also check the top right corner (under the SV logo) - there will not be any braille text. G2 e-cards contain two ECDSA key pairs.

    e-card G2

    Note: Starting from December 2009, e-cards of the next generation (G3) are rolled out. G2 e-cards are replaced continuously by means of common occassions (expiration, loss, theft,...). From April 2014, activation of Citizen-Card functionality is not possible any longer for G2 cards due to security reasons. If you still have a G2 e-card and wish to activate Citizen-Card functionality, please request a new e-card (G3) and activate Citizen-Card functionality on this card. Alternatively, you can also activate your Mobile Phone Signature.
  • e-card G3 [e-card 3rd Generation]

    All cards issued starting from December 2009. Also identifiable by the braille text on the top right (under the SV logo).
    G3 e-cards contain an ECDSA key pair (for a qualified certificate) and a RSA key pair (for a non-qualified certificate).
    e-card G3

  • e-card G4 [e-card 4th Generation]

    All cards issued starting from November 2014 are 4th Generation e-cards. They have a different SV Logo right on the top, as well as another green tone.

    e-card G3 and G4

  • e-government

    e-government (German: "e-Regierung") is a general description for the effort to simplify public administration processes using computers.


    A newer asymmetrisc encryption algorithm that is based on elliptic curves. ECDSA is more advanced than RSA (i.e., it produces shorter signature values), but is not yet as widely used. The abbreviation stands for Elliptic Curve Digital Signature Algorithm.

  • EGIZ

    The e-Government Innovation Centre (EGIZ) is a shared initiative between the Federal Chancellery and the Technical University Graz. It is responsible for developing the Citizen Card software amongst other things Mocca.

    EGIZ Website


  • Electronic signature [digital signature]

    The electronic version of a hand-written signature. The eIDAS-Regulation recognises three levels of quality for electronic signatures:

    1. 1. electronic signature (also referred to as the simple electronic signature for reasons of clarity)
    2. 2. advanced electronic signature
    3. 3. qualified electronic signature
  • FinanzOnline

    The Finance Office's Internet platform for taking care of tax matters online.

  • Hash value [fingerprint, message digest]

    A checksum number derived from the original text. It is used to check if the text is complete and whether or not it has been manipulated. Popular hash algorithms are MD5, CRC and SHA.
    It comes from the English verb "to hash", meaning to cut into small pieces. On restaurant menus, "hash" is another name for ground beef.

  • hotSign

    Citizen Card software (Citizen Card environment) from the BDC company. (some costs may be involved)
    hotSign Website
    BDC hotSign

  • Identity link

    An identity link is used to establish a connection between your qualified certificate and your Source PIN Since you are only identified in the certificate by your name, mix-ups can occur if someone has the same name as you. On a technical level, the identity link is a file signed by the Source PIN Register Authority in XML format. It is saved to the chip on your card during the activation process

  • Infobox

    Memory area on the e-card. The identity link is e.g., saved in an infobox; as are mandates.

  • Infobox PIN

    With Citizen Cards on older debit cards (Maestro), access to the Infobox(where the e.g. identity link is saved) is protected with a PIN. The infobox PIN is set to 0000 by default.

  • IT Solution

    IT Solution has been developing software for digital signatures for different areas of application since 1998.
    IT Solution Website
    IT Solution

  • Java

    A programming language that is installed by default in most browsers (Firefox, Internet Explorer, Safari, etc.).
    Java Website

  • Logo

    The graphical component of the official signature. It helps users recognize the signing authority more quickly. A logo is the electronic equivalent of an official stamp or seal. Logo examples:
    Logo of the Federal ChancelleryLogo of the state BurgenlandLogo of the Ministry for Education, the Arts and CultureLogo of the state Upper AustriaLogo of the City of Vienna

  • Mobile phone signature

    The mobile phone signature is a fully functional Citizen Card that you can activate on your mobile phone. The main advantage is that you do not need a card reader in order to use it. To activate your mobile phone as a Citizen Card, see mobile phone activation

  • Mocca

    Citizen Card software recommended by the Austrian Federal Chancellery (Citizen Card environment). EGIZ coordinates the development of the software. The software is free-of-charge; the source code is open (Open Source). The name stands for Modular Open Citizen Card Architecture. Download Mocca

  • Certificate for electronic Signature

    A certificate that is not a qualified certificate. According to Art 3 (14) eIDAS-Regulation “certificate for electronic signature” means an electronic attestation which links electronic signature validation data to a natural person and confirms at least the name or the pseudonym of that person.

  • Official photo identification (Activation) 

    These are the identification documents that are accepted at the registration sites:

    • International Passport
    • Austrian Driving License (if still paper-based available: not older than 40 years)
    • Personal Identification Card of Austria
    • Personal Identification Card of Germany
    • Identity Card of Austria
    • Identity Card of Switzerland
    • Identity Card of Liechtenstein
    • Apothekerausweis
    • Notarausweis
    • Rechtsanwaltsausweis
    • Interpreter Identification Card
    • Ziviltechnikerausweis
    • Sachverständigenausweis
    • Student Card
    • Behindertenpass
    • eDA Dienstausweis Republik Österreich
    • EDU-Card
    • Gemeindeausweis
    • Waffenbesitzkarte
    • Waffenpass
    • eDA Dienstausweis Land Oberösterreich
  • Official signature

    This is the electronic signature or electronic seal used by the authorities that adheres to the PDF-ASstandard. An official signature can be an advanced or a qualified signature or seal. An official signature consists of:

    • The Logo of the signing authority
    • Notification that the document was officially signed
    • Notification that the signature was verified
  • Online CCE [CCE online]

    Citizen Card software (Citizen Card environment) that runs in a Web browser (Firefox, Internet Explorer, Safari, etc.); Requires Java. Java Website
    Online-BKU at FinanzOnline

  • PC/SC Interface [PC/SC Standard]

    A standardised interface for card readers for accessing chipcards. The name stands for Personal Computer / Smart Card.

  • PDF-AS

    A standard specified by EGIZ for signing PDFs. The abbreviation AS originally stood for the German word Amtssignatur(official signature), in reality however, all Citizen Card users can create PDF-AS signatures.
    PDF-AS signatures are not compatible with Adobe signatures . PDF-AS signatures always contain a signature block. With PDF-AS text signatures, this makes it possible to verify the signature on printed documents (however, this requires that the entire text be typed in). More information on PDF signatures

  • PIN [PIN-Code]

    The PIN is a security measure to prevent unauthorised access. The Citizen Card on the e-card is protected by a signature PIN and a card PIN. The name stands for Personal Identification Number.

  • Private key

    The secret part of the key pair that is used in asymmetric encryption. Information that is encrypted (signed) with the private key can only be decrypted again with the public key.

  • Public key

    The public part of the key pair that is used in asymmetric encryption. Information that is encrypted (signed) with the public key can only be decrypted again with the private key.

  • Qualified certificate for electronic signatures

    A certificate that fulfils all the additional requirements listed in Annex I of the eIDAS-Regulation. A qualified signature must be based on a qualified certificate.

  • Qualified signature

    The highest quality level for an electronic signature. According to Art 25 (2) eIDAS-Regulation a qualified electronic signature shall have the equivalent legal effect of a handwritten signature. See also: Background information: Contents of the law

  • Revocation password

    This password allows you to deactivate the Citizen Card functionality (both certificates will be permanently revoked). The revocation password consists of 6 to 10 characters (letters and digits). You can choose the password upon activation. (Without your revocation password, you will not be able to revoke the Citizen Card, however, you will still be able to suspend it.)

  • Root certificate

    The certificatethat is signed by the trust service provider who issued the certificate. In other words: all Citizen Cards are dependent on the trustworthiness of the root certificate from A-Trust.

  • RSA

    One of the oldest asymmetric encryption algorithms. RSA is more widespread than the more modern ECDSA, however it creates longer signature values. The abbreviation comes from the initials of the three developers Ronald L. Rivest, Adi Shamir und Leonard Adleman.

  • RTR-GmbH

    The Telekom Control Commission is the regulation authority for the Austrian telecommunications sector. It is also responsible for tasks in the supervisory board as set out in the Electronic Signature Act. They supervise the Radio and Telecom Regulation Company (RTR GmbH).

  • Sector specific personal identifier [ssPIN]

    A number derived from the Source PIN which can be used by public authorities to identify a person (e.g. j/NxdRQhp+tNyE9WhHdBSYuy3hA=). To calculate the sector specific personal identifer, a sector code (identifying the sector) from the respective area is used (along with the Source PIN) (e.g. UW for environment (German: Umwelt) or SA for taxes (German: Steuern und Abgaben). This process ensures that one person is not able to be identified across different administrative areas. It is also not possible to recalculate the original Source PIN from the sector specific personal identifier.

  • Security layer

    The part of the Citizen Card software (Citizen Card environment) that communicates with the chipcard.

  • SHA

    The hash algorithm used with the Citizen Card. The abbreviation stands for Secure Hash Algorithm.

  • Signature card

    A chipcard that contains a certificate but not an identity link, and is therefore not a Citizen Card.

  • Signature password [Signature password]

    This password protects access to the Citizen Card functionality on mobile phones. Basically, it's a PIN code for your mobile phone. The signature password consists of 6 to 20 characters (letters and digits). You can choose the password upon activation.

  • Signature PIN

    The signature PIN allows you to create a qualified signature. For the e-card, it is a 6 to 12 digit number. You can choose your PIN number upon activation.

  • Signature visualisation

    The relevant components of an electronic signature saved in table form as specified in PDF-AS. The main parts in the signature visualisation include:

    • The signature value (=signed hash)
    • The name of the signer
    • Date and time
    • The number of the underlying certificate
    • Info about where the signature can be verified
    For official signatures it also contains:
    • The logo of the signing authority
    • Notification that the document was officially signed
  • Social insurance number [SI number]

    This ten digit number is your customer number for your social insurance provider. The last six numbers are usually (but not always) your date of birth (e.g., 050670 for June 5, 1970).

  • Source PIN

    A number derived from your CRR number (e.g. Qq03dPrgcHsx3G0lKSH6SQ==). It builds the base for the identity link. The Source PIN is created using Triple-DES encryption. It is impossible to calculate the original CRR number from the Source PIN.

  • Source PIN Register Authority

    This authority was created especially for issuing Source PINs and managing the Supplementary Register. The Source PIN Register Authority is the Data Protection Commission. Stammzahlenregisterbehörde Website

  • Stork

    An EU initiative to link all the different "Citizen Card" (eID’s) from different European countries together. The abbreviation stands for Secure identity across borders linked. Stork Website

  • Supplementary Register

    A supplementary register to the Central Register of Residents (CRR) that allows persons not registered in Austria to obtain a Citizen Card.
    Background info: The identity link of the Citizen Card is based on the Source PIN, which is derived from the CRR number . Anyone who is not registered in Austria will not be listed in the Central Register of Residents and will therefore not have a CRR number.

    • The Supplementary Register for Natural Persons contains private persons.
    • The Supplementary Register for Others contains legal persons that are not entered in the Commercial Register.
    The Supplementary Register is managed by the Source PIN Register Authority.
  • Symmetric encryption

    An encryption method that uses the same key to encrypt as well as decrypt data (as opposed to asymmetric encryption). The most widely-used symmetric encryption algorithms are IDEA, AES and DES.

  • TAN

    The second part of authentication for the Citizen Card on your mobile phone. After you have logged in with your signature password, you receive a SMS with your TAN code. It consists of 6 characters (letters and digits) and is valid for five minutes. TAN stands for transaction number.

  • Triple-DES [3DES]

    A symmetric encryption algorithm. The block size is 64 Bit, i.e. the length of the information to be encrypted must be a multiple of 64 Bits. The triple designation means, in essence, that the DES encryption process is repeated three times. The abbreviation DES stands for Data Encryption Standard.

  • Verifying signatures on printed documents

    The E-Government Act defines that a printed electronic document of an authority is assumed to be authentic if signed with an official signature. The visual signature block of the official signature gives information on its verification. This can vary depending on the authority.


  • XML

    A standardised file format used to exchange information. For example, for a person named Susanne Muster, born Jan. 1, 1950, the following would appear in her identity link:

    <pr:FamilyName primary="undefined">Muster</pr:FamilyName>