From b63df30687d118f039833b7e3935a75b03ed9318 Mon Sep 17 00:00:00 2001
From: Governikus <ausweisapp2@governikus.de>
Date: Wed, 20 Jun 2018 13:59:17 +0200
Subject: [PATCH] Add revision: v1.14.2

---
 CMakeLists.txt                                |   2 +-
 docs/releasenotes/1.14.2.rst                  |  21 +
 docs/releasenotes/announce.rst                |  17 +
 docs/releasenotes/appcast.rst                 |   1 +
 docs/releasenotes/conf.py.in                  |   2 +-
 docs/releasenotes/issues.rst                  |   4 +
 docs/releasenotes/support.rst                 |  10 +-
 docs/releasenotes/versions.rst                |   1 +
 docs/sdk/conf.py.in                           |   2 +-
 docs/sdk/intro.rst                            |   2 +-
 docs/sdk/messages.rst                         |  14 +-
 libs/CMakeLists.txt                           |   8 +-
 ...on-ensure-BN_mod_inverse-and-BN_mod_.patch |  31 ++
 ...-use-a-better-method-to-identify-gcc.patch |  75 ++++
 patches/qt-Fix-reopening-on-macOS.patch       |  49 ---
 ...tFontEngine-Fix-build-with-Xcode-9.3.patch |  35 ++
 resources/config.json.in                      |   5 +-
 .../Governikus/EnterPinView/EnterPinView.qml  |   1 +
 .../InformationView/Information.qml           |  12 +-
 .../qml/Governikus/MoreView/MoreView.qml      |  12 +-
 .../RemoteServiceSettings.qml                 |  15 +-
 .../RemoteServiceView/RemoteServiceView.qml   |   1 +
 .../TechnologyInfo/TechnologyInfo.qml         |  15 +-
 .../Governikus/Workflow/BluetoothWorkflow.qml |   1 -
 .../qml/Governikus/Workflow/NfcWorkflow.qml   |   1 -
 .../Governikus/Workflow/RemoteWorkflow.qml    |   3 +-
 resources/translations/ausweisapp2_de.ts      | 376 ++++++++++--------
 .../updatable-files/supported-providers.json  |  57 +--
 .../updatable-files/supported-readers.json    |  10 +-
 .../CustomSchemeActivationContext.h           |   2 +-
 .../CustomSchemeActivationHandler.h           |   2 +-
 src/card/base/ReaderInfo.h                    |   4 +
 src/card/base/asn1/CertificateDescription.cpp |  11 +-
 src/card/nfc/NfcReader.cpp                    |   1 -
 src/card/remote/RemoteReader.cpp              |   4 -
 src/core/context/AuthContext.cpp              |  15 +-
 src/core/context/WorkflowContext.cpp          |  14 +
 src/core/context/WorkflowContext.h            |   5 +
 src/core/controller/AuthController.cpp        |  13 +-
 src/core/controller/SelfAuthController.cpp    |  13 +-
 src/core/states/StateConnectCard.cpp          |   2 +-
 src/core/states/StateEstablishPaceCan.cpp     |  33 +-
 src/core/states/StateSelectPasswordId.cpp     |  28 ++
 src/core/states/StateSelectPasswordId.h       |  27 ++
 src/core/states/StateSelectReader.cpp         |   3 +-
 src/global/Env.h                              |  11 +
 src/qml/NumberModel.cpp                       |  18 +
 src/qml/NumberModel.h                         |   7 +
 src/remote_device/RemoteDeviceModel.cpp       |  12 +-
 src/widget/PinSettingsWidget.cpp              |  62 ++-
 src/widget/PinSettingsWidget.ui               |  40 +-
 src/widget/ReaderDeviceWidget.cpp             |   4 +-
 src/widget/ReaderDriverModel.cpp              |   8 +-
 src/widget/SetupAssistantWizard.cpp           |  24 +-
 src/widget/generic/GuiUtils.cpp               |  15 +-
 src/widget/generic/GuiUtils.h                 |   2 +-
 src/widget/generic/HelpAction.cpp             |   4 +-
 src/widget/step/StepAuthenticationEac1Gui.cpp |  11 +-
 .../step/StepAuthenticationEac1Widget.cpp     |  15 +-
 src/widget/step/StepChooseCardGui.cpp         |  93 ++---
 src/widget/step/StepChooseCardGui.h           |   3 +-
 .../workflow/WorkflowChangePinQtGui.cpp       |   2 +-
 .../test_ProviderConfigurationParser.cpp      |   6 +-
 test/qt/core/states/test_TermsOfUsage.cpp     |  38 +-
 test/qt/network/test_TlsChecker.cpp           |   2 +-
 test/qt/securestorage/test_SecureStorage.cpp  |   5 +-
 test/qt/widget/test_ReaderDriverModel.cpp     |   8 +-
 67 files changed, 829 insertions(+), 521 deletions(-)
 create mode 100644 docs/releasenotes/1.14.2.rst
 create mode 100644 patches/openssl-RSA-key-generation-ensure-BN_mod_inverse-and-BN_mod_.patch
 create mode 100644 patches/openssl-Revert-Configure-use-a-better-method-to-identify-gcc.patch
 delete mode 100644 patches/qt-Fix-reopening-on-macOS.patch
 create mode 100644 patches/qt-QCoreTextFontEngine-Fix-build-with-Xcode-9.3.patch
 create mode 100644 src/core/states/StateSelectPasswordId.cpp
 create mode 100644 src/core/states/StateSelectPasswordId.h

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 075b67412..4a1efa1f4 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -33,7 +33,7 @@ ELSE()
 ENDIF()
 
 
-PROJECT(AusweisApp2 VERSION 1.14.1 LANGUAGES ${LANGUAGES})
+PROJECT(AusweisApp2 VERSION 1.14.2 LANGUAGES ${LANGUAGES})
 
 # Set TWEAK if not defined in PROJECT_VERSION above to
 # have a valid tweak version without propagating it
diff --git a/docs/releasenotes/1.14.2.rst b/docs/releasenotes/1.14.2.rst
new file mode 100644
index 000000000..d51717d3b
--- /dev/null
+++ b/docs/releasenotes/1.14.2.rst
@@ -0,0 +1,21 @@
+AusweisApp2 1.14.2
+^^^^^^^^^^^^^^^^^^
+
+**Releasedatum:** 20. Juni 2018
+
+
+
+Anwender
+""""""""
+  - Optimierungen in der Benutzerfreundlichkeit.
+
+  - Ein leerer Zweck im Berechtigungszertifikat wird nun
+    korrekt dargestellt.
+
+
+Entwickler
+""""""""""
+  - Unterstützung von Vor-Ort-Auslesen von Ausweisdaten unter
+    Anwesenden (gem. §18a PAuswG).
+
+  - Aktualisierung von OpenSSL auf die Version 1.0.2o.
diff --git a/docs/releasenotes/announce.rst b/docs/releasenotes/announce.rst
index 6b99dad66..72ef4866b 100644
--- a/docs/releasenotes/announce.rst
+++ b/docs/releasenotes/announce.rst
@@ -7,6 +7,23 @@ folgender Systeme eingestellt.
   - OS X 10.10
 
 
+Mit der Version 1.16.0 der AusweisApp2 wird die Unterstützung
+folgender TLS-Cipher eingestellt.
+
+  - DHE-DSS-AES256-GCM-SHA384
+  - DHE-DSS-AES256-SHA256
+  - DHE-DSS-AES128-GCM-SHA256
+  - DHE-DSS-AES128-SHA256"
+  - DHE-DSS-AES256-SHA
+  - DHE-DSS-AES128-SHA
+  - ECDHE-ECDSA-AES256-SHA
+  - ECDHE-RSA-AES256-SHA
+  - DHE-RSA-AES256-SHA
+  - ECDHE-ECDSA-AES128-SHA
+  - ECDHE-RSA-AES128-SHA
+  - DHE-RSA-AES128-SHA
+
+
 Mit der Version 1.14.0 der AusweisApp2 wurde die Unterstützung
 folgender Systeme eingestellt.
 
diff --git a/docs/releasenotes/appcast.rst b/docs/releasenotes/appcast.rst
index b44ed59ab..c6cb3ed29 100644
--- a/docs/releasenotes/appcast.rst
+++ b/docs/releasenotes/appcast.rst
@@ -4,6 +4,7 @@ Release Notes
 .. toctree::
    :maxdepth: 1
 
+   1.14.2
    1.14.1
    1.14.0
    announce
diff --git a/docs/releasenotes/conf.py.in b/docs/releasenotes/conf.py.in
index c8bdc2a9f..27f74e5e0 100644
--- a/docs/releasenotes/conf.py.in
+++ b/docs/releasenotes/conf.py.in
@@ -42,7 +42,7 @@ master_doc = 'index'
 
 # General information about the project.
 project = 'AusweisApp2'
-copyright = '2016-2017, Governikus GmbH & Co. KG'
+copyright = '2016-2018, Governikus GmbH & Co. KG'
 author = 'Governikus GmbH & Co. KG'
 
 # The version info for the project you're documenting, acts as replacement for
diff --git a/docs/releasenotes/issues.rst b/docs/releasenotes/issues.rst
index d477d8798..4a07e7dbd 100644
--- a/docs/releasenotes/issues.rst
+++ b/docs/releasenotes/issues.rst
@@ -24,3 +24,7 @@ Die nachfolgende Liste bezieht sich auf die aktuelle Version der AusweisApp2.
 
   - Unter Umständen kommt es zu Stabilitätsproblemen der NFC-Schnittstelle
     auf Android.
+
+  - Das Vor-Ort-Auslesen von Ausweisdaten unter Anwesenden (gem. §18a PAuswG)
+    funktioniert nicht, wenn ein Smartphone als Kartenlesegerät genutzt wird
+    und der Tastaturmodus "PIN-Eingabe auf diesem Gerät" aktiviert ist.
diff --git a/docs/releasenotes/support.rst b/docs/releasenotes/support.rst
index a234ca3b9..3e9d95614 100644
--- a/docs/releasenotes/support.rst
+++ b/docs/releasenotes/support.rst
@@ -48,13 +48,13 @@ und sollte daher mit allen marktüblichen Browsern verwendet werden können.
 Im Rahmen der Qualitätssicherung werden die folgenden Browserversionen
 getestet.
 
-  - Firefox 57
+  - Firefox 60
 
-  - Chrome 62
+  - Chrome 66
 
   - Internet Explorer 11
 
-  - Safari 11
+  - Safari 11.1.1
 
 
 
@@ -112,9 +112,9 @@ Im mobilen Umfeld ist die Funktionalität jedoch abhängig von der vom
 Diensteanbieter umgesetzten Aktivierung. Daher empfehlen wir einen der
 folgenden Browser zu verwenden.
 
-  - Firefox Klar 2.5
+  - Firefox Klar 5.0
 
-  - Chrome 63
+  - Chrome 66
 
   - Android System WebView 60
 
diff --git a/docs/releasenotes/versions.rst b/docs/releasenotes/versions.rst
index 512c63ef3..28f415f3d 100644
--- a/docs/releasenotes/versions.rst
+++ b/docs/releasenotes/versions.rst
@@ -6,6 +6,7 @@ Versionszweig 1.14
 .. toctree::
    :maxdepth: 1
 
+   1.14.2
    1.14.1
    1.14.0
 
diff --git a/docs/sdk/conf.py.in b/docs/sdk/conf.py.in
index c594a7722..347363472 100644
--- a/docs/sdk/conf.py.in
+++ b/docs/sdk/conf.py.in
@@ -42,7 +42,7 @@ master_doc = 'index'
 
 # General information about the project.
 project = 'AusweisApp2 SDK'
-copyright = '2016-2017, Governikus GmbH & Co. KG'
+copyright = '2016-2018, Governikus GmbH & Co. KG'
 author = 'Governikus GmbH & Co. KG'
 
 # The version info for the project you're documenting, acts as replacement for
diff --git a/docs/sdk/intro.rst b/docs/sdk/intro.rst
index c19a5f6c7..94fac2d0f 100644
--- a/docs/sdk/intro.rst
+++ b/docs/sdk/intro.rst
@@ -42,7 +42,7 @@ show a possible communication.
 
    In case your client application requires data input from the
    ID card, you need to get this from the backend system
-   (e.g. the eID server) after a succesfull authentication.
+   (e.g. the eID server) after a successful authentication.
 
 
    .. seealso::
diff --git a/docs/sdk/messages.rst b/docs/sdk/messages.rst
index 90f91f082..b420bb393 100644
--- a/docs/sdk/messages.rst
+++ b/docs/sdk/messages.rst
@@ -328,9 +328,14 @@ Indicates that a CAN is required to continue workflow.
 If the AusweisApp2 sends this message, you will have to
 provide the CAN of the inserted card with :ref:`set_can`.
 
-The workflow will automatically continue if the CAN was correct
-and the AusweisApp2 will send an :ref:`enter_pin` message.
-If the correct CAN is entered the retryCounter will still be **1**.
+The CAN is required to enable the last attempt of PIN input if
+the retryCounter is **1**. The workflow continues automatically with
+the correct CAN and the AusweisApp2 will send an :ref:`enter_pin` message.
+Despite the correct CAN being entered, the retryCounter remains at **1**.
+
+The CAN is also required, if the authentication terminal has an approved
+"CAN allowed right". This allows the workflow to continue without
+an additional PIN.
 
 If your application provides an invalid :ref:`set_can` command
 the AusweisApp2 will send an :ref:`enter_can` message with an error
@@ -340,6 +345,9 @@ If your application provides a valid :ref:`set_can` command
 and the CAN was incorrect the AusweisApp2 will send :ref:`enter_can`
 again but without an error parameter.
 
+.. versionadded:: 1.14.2
+   Support of "CAN allowed right".
+
 
   - **error**: Optional error message if your command :ref:`set_can`
     was invalid.
diff --git a/libs/CMakeLists.txt b/libs/CMakeLists.txt
index 07d217b8e..43141951c 100644
--- a/libs/CMakeLists.txt
+++ b/libs/CMakeLists.txt
@@ -107,8 +107,8 @@ INCLUDE(Messages)
 SET(QT 5.9.3)
 SET(QT_HASH 57acd8f03f830c2d7dc29fbe28aaa96781b2b9bdddce94196e6761a0f88c6046)
 
-SET(OPENSSL 1.0.2n)
-SET(OPENSSL_HASH 370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe)
+SET(OPENSSL 1.0.2o)
+SET(OPENSSL_HASH ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d)
 
 ################################## Files
 SET(QT_FILE qt-everywhere-opensource-src-${QT}.tar.xz)
@@ -205,6 +205,8 @@ ExternalProject_Add(openssl
 	PATCH_COMMAND
 		${OPENSSL_PATCH_COMMAND}
 		${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-fix-no-engine-build.patch &&
+		${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-Revert-Configure-use-a-better-method-to-identify-gcc.patch &&
+		${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-RSA-key-generation-ensure-BN_mod_inverse-and-BN_mod_.patch &&
 		${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl_rsa_psk.patch
 
 	CONFIGURE_COMMAND ${OPENSSL_ENV} ${PERL_EXECUTABLE} Configure --prefix=${DESTINATION_DIR} ${OPENSSL_CONFIGURE_FLAGS} "${COMPILER_FLAGS}" "${OPENSSL_COMPILER_FLAGS}"
@@ -313,7 +315,7 @@ ExternalProject_Add(qt
 			${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Avoid-using-deprecated-APIs-on-iOS-10.0.patch &&
 			${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Add-IsoDep-to-the-techList-on-Android.patch &&
 			${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-macOS-iOS-Fix-garbled-text-under-some-conditions.patch &&
-			${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Fix-reopening-on-macOS.patch &&
+			${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-QCoreTextFontEngine-Fix-build-with-Xcode-9.3.patch &&
 			${CMAKE_COMMAND} -E touch qtbase/.gitignore
 	CONFIGURE_COMMAND ${QT_ENV} ${QT_CONFIGURE} ${QT_CONFIGURE_FLAGS} ${QT_CONFIGURE_FLAGS_SKIP_MODULES}
 	BUILD_COMMAND ${MAKE} ${MAKE_JOBS}
diff --git a/patches/openssl-RSA-key-generation-ensure-BN_mod_inverse-and-BN_mod_.patch b/patches/openssl-RSA-key-generation-ensure-BN_mod_inverse-and-BN_mod_.patch
new file mode 100644
index 000000000..a724b2cba
--- /dev/null
+++ b/patches/openssl-RSA-key-generation-ensure-BN_mod_inverse-and-BN_mod_.patch
@@ -0,0 +1,31 @@
+From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001
+From: Billy Brumley <bbrumley@gmail.com>
+Date: Wed, 11 Apr 2018 10:10:58 +0300
+Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
+ both get called with BN_FLG_CONSTTIME flag set.
+
+CVE-2018-0737
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
+---
+ crypto/rsa/rsa_gen.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git x/crypto/rsa/rsa_gen.c y/crypto/rsa/rsa_gen.c
+index 9ca5dfefb7..42b89a8dfa 100644
+--- x/crypto/rsa/rsa_gen.c
++++ y/crypto/rsa/rsa_gen.c
+@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+     if (BN_copy(rsa->e, e_value) == NULL)
+         goto err;
+ 
++    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
++    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
+     BN_set_flags(r2, BN_FLG_CONSTTIME);
+     /* generate p and q */
+     for (;;) {
+-- 
+2.17.0
+
diff --git a/patches/openssl-Revert-Configure-use-a-better-method-to-identify-gcc.patch b/patches/openssl-Revert-Configure-use-a-better-method-to-identify-gcc.patch
new file mode 100644
index 000000000..f8797e188
--- /dev/null
+++ b/patches/openssl-Revert-Configure-use-a-better-method-to-identify-gcc.patch
@@ -0,0 +1,75 @@
+From 2a33b07d56c7e30a18dda5760111af267271c236 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
+Date: Tue, 24 Apr 2018 16:13:56 +0200
+Subject: [PATCH] Revert "Configure: use a better method to identify gcc and
+ derivates"
+
+This reverts commit 78e9e3f945935c91d8dfe0e832a95d6ea8d05f34.
+---
+ Configure | 22 ++++++++--------------
+ 1 file changed, 8 insertions(+), 14 deletions(-)
+
+diff --git x/Configure y/Configure
+index 744b493b96..fe7565ebd9 100755
+--- x/Configure
++++ y/Configure
+@@ -1269,7 +1269,7 @@ my ($prelflags,$postlflags)=split('%',$lflags);
+ if (defined($postlflags))	{ $lflags=$postlflags;	}
+ else				{ $lflags=$prelflags; undef $prelflags;	}
+ 
+-if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
++if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
+ 	{
+ 	$cflags =~ s/\-mno\-cygwin\s*//;
+ 	$shared_ldflag =~ s/\-mno\-cygwin\s*//;
+@@ -1661,25 +1661,18 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
+ 	$shlib_minor=$2;
+ 	}
+ 
+-my %predefined;
+-
+-# collect compiler pre-defines from gcc or gcc-alike...
+-open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
+-while (<PIPE>) {
+-  m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
+-  $predefined{$1} = defined($2) ? $2 : "";
+-}
+-close(PIPE);
++my $ecc = $cc;
++$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
+ 
+ if ($strict_warnings)
+ 	{
+ 	my $wopt;
+-	die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
++	die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
+ 	foreach $wopt (split /\s+/, $gcc_devteam_warn)
+ 		{
+ 		$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
+ 		}
+-	if (defined($predefined{__clang__}))
++	if ($ecc eq "clang")
+ 		{
+ 		foreach $wopt (split /\s+/, $clang_devteam_warn)
+ 			{
+@@ -1730,14 +1723,15 @@ while (<IN>)
+ 		s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
+ 		s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
+ 		s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
+-		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
++		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
+ 		}
+ 	else	{
+ 		s/^CC=.*$/CC= $cc/;
+ 		s/^AR=\s*ar/AR= $ar/;
+ 		s/^RANLIB=.*/RANLIB= $ranlib/;
+ 		s/^RC=.*/RC= $windres/;
+-		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
++		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
++		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
+ 		}
+ 	s/^CFLAG=.*$/CFLAG= $cflags/;
+ 	s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
+-- 
+2.17.0
+
diff --git a/patches/qt-Fix-reopening-on-macOS.patch b/patches/qt-Fix-reopening-on-macOS.patch
deleted file mode 100644
index 5f1689dd2..000000000
--- a/patches/qt-Fix-reopening-on-macOS.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From d9c149dbc2021ed1e82cd34ae30dfd39f7d82a8d Mon Sep 17 00:00:00 2001
-From: Jens Trillmann <jens.trillmann@governikus.de>
-Date: Mon, 12 Mar 2018 12:06:05 +0100
-Subject: [PATCH] Fix reopening on macOS
-
-When a user reopens an application while the application is already
-running, then macOS does not run the application a second time but
-sends kAEReopenApplication to inform the running instance.
-Qt ignores this event and the application does not open. To handle this
-event a new event handler is registered. The application state is set
-to Qt::ApplicationActive when the handler is called. An application that
-wants to react to reopening has to react to QEvent::ApplicationActivate
-in the running QApplication.
-
-Change-Id: Ic3adeb6b334c85f36671c254657170c71a2dfb59
----
- src/plugins/platforms/cocoa/qcocoaapplicationdelegate.mm | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git x/qtbase/src/plugins/platforms/cocoa/qcocoaapplicationdelegate.mm y/qtbase/src/plugins/platforms/cocoa/qcocoaapplicationdelegate.mm
-index a94e0dc517..ccf16addea 100644
---- x/qtbase/src/plugins/platforms/cocoa/qcocoaapplicationdelegate.mm
-+++ y/qtbase/src/plugins/platforms/cocoa/qcocoaapplicationdelegate.mm
-@@ -259,6 +259,10 @@ - (void) applicationWillFinishLaunching:(NSNotification *)notification
-                       andSelector:@selector(appleEventQuit:withReplyEvent:)
-                     forEventClass:kCoreEventClass
-                        andEventID:kAEQuitApplication];
-+    [eventManager setEventHandler:self
-+                      andSelector:@selector(appleEventReopen:withReplyEvent:)
-+                    forEventClass:kCoreEventClass
-+                       andEventID:kAEReopenApplication];
-     [eventManager setEventHandler:self
-                       andSelector:@selector(getUrl:withReplyEvent:)
-                     forEventClass:kInternetEventClass
-@@ -438,4 +442,11 @@ - (void)appleEventQuit:(NSAppleEventDescriptor *)event withReplyEvent:(NSAppleEv
-     [NSApp terminate:self];
- }
- 
-+- (void)appleEventReopen:(NSAppleEventDescriptor *)event withReplyEvent:(NSAppleEventDescriptor *)replyEvent
-+{
-+    Q_UNUSED(event);
-+    Q_UNUSED(replyEvent);
-+    QWindowSystemInterface::handleApplicationStateChanged(Qt::ApplicationActive, true);
-+}
-+
- @end
--- 
-2.14.3 (Apple Git-98)
-
diff --git a/patches/qt-QCoreTextFontEngine-Fix-build-with-Xcode-9.3.patch b/patches/qt-QCoreTextFontEngine-Fix-build-with-Xcode-9.3.patch
new file mode 100644
index 000000000..860230c7a
--- /dev/null
+++ b/patches/qt-QCoreTextFontEngine-Fix-build-with-Xcode-9.3.patch
@@ -0,0 +1,35 @@
+From 05eed1cd4505bf9912b84ed39ab1ad22846e7d09 Mon Sep 17 00:00:00 2001
+From: Gabriel de Dietrich <gabriel.dedietrich@qt.io>
+Date: Fri, 30 Mar 2018 11:58:16 -0700
+Subject: QCoreTextFontEngine: Fix build with Xcode 9.3
+
+Apple LLVM version 9.1.0 (clang-902.0.39.1)
+
+Error message:
+
+.../qfontengine_coretext.mm:827:20: error: qualified reference to
+      'QFixed' is a constructor name rather than a type in this context
+    return QFixed::QFixed(int(CTFontGetUnitsPerEm(ctfont)));
+
+Change-Id: Iebe26b3b087a16b10664208fc8851cbddb47f043
+Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
+---
+ src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git x/qtbase/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm y/qtbase/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
+index 66baf162d9..89794ef109 100644
+--- x/qtbase/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
++++ y/qtbase/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
+@@ -830,7 +830,7 @@ void QCoreTextFontEngine::getUnscaledGlyph(glyph_t glyph, QPainterPath *path, gl
+ 
+ QFixed QCoreTextFontEngine::emSquareSize() const
+ {
+-    return QFixed::QFixed(int(CTFontGetUnitsPerEm(ctfont)));
++    return QFixed(int(CTFontGetUnitsPerEm(ctfont)));
+ }
+ 
+ QFontEngine *QCoreTextFontEngine::cloneWithSize(qreal pixelSize) const
+-- 
+2.16.2
+
diff --git a/resources/config.json.in b/resources/config.json.in
index 39f3671ee..a8759fe1b 100644
--- a/resources/config.json.in
+++ b/resources/config.json.in
@@ -35,9 +35,8 @@
 
 	"_comment_5": "array of certificates for checking the authenticity of updates; DER format, hex encoded",
 	"updateCertificates": [
-		"308208673082074fa00302010202086b5eeeb3f0155141300d06092a864886f70d01010b05003081d8310b300906035504061302444531253023060355040a131c542d53797374656d7320496e7465726e6174696f6e616c20476d6248311e301c060355040b131554727573742043656e7465722053657276696365733120301e0603550403131754656c6553656320536572766572506173732043412032311c301a060355040813134e6f7264726865696e205765737466616c656e310e300c0603550411130535373235303110300e060355040713074e65747068656e3120301e06035504091317556e7465726520496e647573747269657374722e203230301e170d3135303532303039353335315a170d3138303532353233353935395a3081a6310b30090603550406130244453121301f060355040a0c18476f7665726e696b757320476d6248202620436f2e204b47310b3009060355040b13025345310f300d060355040813064272656d656e310f300d060355040713064272656d656e3124302206092a864886f70d01090116156265747269656240676f7665726e696b75732e6465311f301d060355040313166170706c2e676f7665726e696b75732d6173702e646530820222300d06092a864886f70d01010105000382020f003082020a0282020100c1d969514392105ce65b089b7357f75356f076b21168233d1eb57ae81f826c74258ec4814c48a3e99633fcac1fb444412cba421c1569d21b6317b6614b096203ab5b605128671764d30186dec09716d2173bfab911a9ad3d2d0b850ff2595dd9c72113bd64879c39c39b3debbfdd7f8d68e8d1bdaf2cca0508583bd59b965ec5f4950e4fbbe48b7be351237d478253bc34ac5aed9448f5ae31878067bdad75179cb776ef19f8e49e62b830de8279142233030189c20008345553847b7edc6471bf7c15c98b087159b44faa5a35fe16adc285e4d8266fab49b7b4e7fbcbd91767e05dbb45a5564cb11abcbeb0ff66869ca72dd7919eae796340fb5b26fb8ecc65b8380d3eb30e46150725e2156ad156773a79b482133b846b247868a6d3fcc18f96cfc6044fb7678fd79c04fb580b7bfb86e3252554b9a97dfd6fb9ae0e0d8d663a56b471d37752fc88a172151494553d78a39ade4669076e5ddfa13fd684b7eb800efedf9af8f90d4bab6d80378b950d43ef6de6f9ca5dccb81ecbbf820126d90923c5b87462af2acf0fc460599b2d7022e488f20069e2b3e80e057ebbd1454891929c2e0252688a1c0e801eb8bec795251087a755a6edcd22759a5c1869550d63b0596cb5ac20a7e5cb11f5412598990092cbe058b4ec67b98dd9ed2b2a5f8b7994e92b89a1ef51517beb2e2594cb8007d514f988968c52246a18945fba0adf0203010001a38203633082035f301f0603551d2304183016801415bbded6256fbdf2319f6213dc5ca6f465b46df2300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604148c76a1377b9cad8059a5d4126a53bc633671ca1c30590603551d2004523050304406092b06010401bd470d023037303506082b060105050702011629687474703a2f2f7777772e74656c657365632e64652f736572766572706173732f6370732e68746d6c3008060667810c010202308201220603551d1f04820119308201153045a043a041863f687474703a2f2f63726c2e736572766572706173732e74656c657365632e64652f726c2f54656c655365635f536572766572506173735f43415f322e63726c3081cba081c8a081c58681c26c6461703a2f2f6c6461702e736572766572706173732e74656c657365632e64652f636e3d54656c65536563253230536572766572506173732532304341253230322c6f753d547275737425323043656e74657225323053657276696365732c6f3d542d53797374656d73253230496e7465726e6174696f6e616c253230476d62482c633d64653f63657274696669636174655265766f636174696f6e6c6973743f626173653f63657274696669636174655265766f636174696f6e6c6973743d2a3082013a06082b060105050701010482012c30820128303306082b060105050730018627687474703a2f2f6f6373702e736572766572706173732e74656c657365632e64652f6f63737072304c06082b060105050730028640687474703a2f2f63726c2e736572766572706173732e74656c657365632e64652f6372742f54656c655365635f536572766572506173735f43415f322e6365723081a206082b060105050730028681956c6461703a2f2f6c6461702e736572766572706173732e74656c657365632e64652f636e3d54656c65536563253230536572766572506173732532304341253230322c6f753d547275737425323043656e74657225323053657276696365732c6f3d542d53797374656d73253230496e7465726e6174696f6e616c253230476d62482c633d64653f63414365727469666963617465300c0603551d130101ff0402300030210603551d11041a301882166170706c2e676f7665726e696b75732d6173702e6465300d06092a864886f70d01010b050003820101005f35f8a5ed5fe3879dbb137d1505768bff7635e3c7824735bf8c0b1bdd02335de7928f484192925c29738b034b152805935aa54d92abc3be5c7cfec5017ca506a33c2b15fdb2762037b0b4615e39d7697f64dba763ad0b6e05b7e8b6dd29c7ace3ec86ea74a82ce9a5575166375849afbd48cebdbd18bfdab0f905b094b4e686649bee5fba153ff5786cbb5926807891ae07871127a887c2e2747dcfd1bd18d34b0642eb2fa8309e8b434b2cf91ab0e918c3f3c59d70aa096a46abfc50b3e66baacd7748b7ef98110760cce271c1528ed4e84ae9144983ad26aa27f00a527053c50739d2592ad13179a33eb1d299081be8b9824bc63ac70e1ad518380df08a56%",
-		"308205633082044ba00302010202135100000749e339b5a8a2ecb8e8000000000749300d06092a864886f70d01010b0500304431153013060a0992268993f22c64011916056c6f63616c31153013060a0992268993f22c6401191605626f736b67311430120603550403130b676f766b67726f6f746361301e170d3136313232393039343930325a170d3138313232393039353930325a307c310b3009060355040613024445310b3009060355040813024445310f300d060355040713064272656d656e31163014060355040a130d476f7665726e696b7573204b47311c301a060355040b131353797374656d7320456e67696e656572696e6731193017060355040314102a2e74662e626f732d746573742e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100c2ce4b611d136b4a99f43bd6487c323f812f00c433ed7ec3d343b93c1b064ba12ff3f950634bbba55283ea48bf91d3a6736ee17c3467918b22d9ba1d55f9b8593461b42ed54454d15577abe0ec286203c4c33a82aae8216c802f8f81f1d06473f85acbf6ba69357828030a97086aa1bc6836cae3916d2d83f24c153a05402e13828a30822e7a861395be7d7c511b84baf4bc4a5daeb3db755b37e8ffb5dd18f8ac22c018801e212ab59b96e64b85c3d418c577c33ef73cc0ba5fef68041ba39fa0b795e7b5eabfa408c36ca582572ca2adde4cd104ccad376eaa06b41e737121f349eedb063438b406bd32dc032659e9cbad809afb5679d8a7d776a916ead35b0203010001a382021430820210300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b0601050507030130240603551d11041d301b82102a2e74662e626f732d746573742e646582012a87040ad2f861301d0603551d0e04160414262451b4431de1ccdb523d93038d7e01c4a3d153301f0603551d230418301680144b7e48a7b2f2db121642634bcd7e1c0deee96285303b0603551d1f043430323030a02ea02c862a687474703a2f2f676f7663726c2e676f7665726e696b75732e64652f63726c2f7265766f6b652e63726c3081eb06082b060105050701010481de3081db3081aa06082b0601050507300286819d6c6461703a2f2f2f434e3d676f766b67726f6f7463612c434e3d4149412c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d626f736b672c44433d6c6f63616c3f634143657274696669636174653f626173653f6f626a656374436c6173733d63657274696669636174696f6e417574686f72697479302c06082b060105050730018620687474703a2f2f676f7663726c2e676f7665726e696b75732e64652f6f637370303b06092b0601040182371507042e302c06242b060104018237150887a4920efcad6b83a98117819cb41586e9ea5a1791ff2e87b7af7c020164020109301b06092b060104018237150a040e300c300a06082b06010505070301300d06092a864886f70d01010b05000382010100a41dd5971c9b983bc3369bc9f3046481ff05aab5b47fac27a8cb7f917585b15c5acfbc8d083375a459b0642974968f4e00ad501d715dfb8a9e098437459ddcbba5a7d49f0278bd841b89fb93e86683bd89334f6b5ab556834e1fb4ec86647e812438e17512ee87b01bd0679b3abf4a67fe7272eae0c4cd9ed174d70b2728e72361cded46a42d445dfe244efb55feb1eee13f614d30237ee399b4108bc596b8aab377ad98d22c87ce4ce976ec1ceac512c33d6941b715d9fa60882b4644f9a066dcd51ff6c429af37cfa38f06444e6682d09643b2866a23a42da0ae21a787e8fe40aa2b21aa55a10aa42097c9a219528ac4968eb12cec5f223791a40d21fcce05",
-		"3082083a30820722a003020102020900d5b6a4dc1fd8854a300d06092a864886f70d01010b05003081df310b300906035504061302444531253023060355040a0c1c542d53797374656d7320496e7465726e6174696f6e616c20476d6248311f301d060355040b0c16542d53797374656d732054727573742043656e746572311c301a06035504080c134e6f7264726865696e205765737466616c656e310e300c06035504110c0535373235303110300e06035504070c074e65747068656e3120301e06035504090c17556e7465726520496e647573747269657374722e2032303126302406035504030c1d54656c65536563205365727665725061737320436c6173732032204341301e170d3137313230313130343733325a170d3230313230363233353935395a308180310b30090603550406130244453121301f060355040a0c18476f7665726e696b757320476d6248202620436f2e204b47310b3009060355040b13025345310f300d060355040813064272656d656e310f300d060355040713064272656d656e311f301d060355040313166170706c2e676f7665726e696b75732d6173702e646530820222300d06092a864886f70d01010105000382020f003082020a0282020100c1d969514392105ce65b089b7357f75356f076b21168233d1eb57ae81f826c74258ec4814c48a3e99633fcac1fb444412cba421c1569d21b6317b6614b096203ab5b605128671764d30186dec09716d2173bfab911a9ad3d2d0b850ff2595dd9c72113bd64879c39c39b3debbfdd7f8d68e8d1bdaf2cca0508583bd59b965ec5f4950e4fbbe48b7be351237d478253bc34ac5aed9448f5ae31878067bdad75179cb776ef19f8e49e62b830de8279142233030189c20008345553847b7edc6471bf7c15c98b087159b44faa5a35fe16adc285e4d8266fab49b7b4e7fbcbd91767e05dbb45a5564cb11abcbeb0ff66869ca72dd7919eae796340fb5b26fb8ecc65b8380d3eb30e46150725e2156ad156773a79b482133b846b247868a6d3fcc18f96cfc6044fb7678fd79c04fb580b7bfb86e3252554b9a97dfd6fb9ae0e0d8d663a56b471d37752fc88a172151494553d78a39ade4669076e5ddfa13fd684b7eb800efedf9af8f90d4bab6d80378b950d43ef6de6f9ca5dccb81ecbbf820126d90923c5b87462af2acf0fc460599b2d7022e488f20069e2b3e80e057ebbd1454891929c2e0252688a1c0e801eb8bec795251087a755a6edcd22759a5c1869550d63b0596cb5ac20a7e5cb11f5412598990092cbe058b4ec67b98dd9ed2b2a5f8b7994e92b89a1ef51517beb2e2594cb8007d514f988968c52246a18945fba0adf0203010001a382035430820350301f0603551d2304183016801494c87446f53ab4464826f82bca341e5626041200300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604148c76a1377b9cad8059a5d4126a53bc633671ca1c305a0603551d20045330513045060a2b06010401bd470d17013037303506082b060105050702011629687474703a2f2f7777772e74656c657365632e64652f736572766572706173732f6370732e68746d6c3008060667810c010202308201030603551d1f0481fb3081f83040a03ea03c863a687474703a2f2f63726c2e736572766572706173732e74656c657365632e64652f726c2f536572766572506173735f436c6173735f322e63726c3081b3a081b0a081ad8681aa6c6461703a2f2f6c6461702e736572766572706173732e74656c657365632e64652f434e3d54656c6553656325323053657276657250617373253230436c6173732532303225323043412c4f553d542d53797374656d73253230547275737425323043656e7465722c4f3d542d53797374656d73253230496e7465726e6174696f6e616c253230476d62482c433d44453f43657274696669636174655265766f636174696f6e4c6973743082014906082b060105050701010482013b30820137303306082b060105050730018627687474703a2f2f6f6373702e736572766572706173732e74656c657365632e64652f6f63737072305206082b060105050730028646687474703a2f2f63726c2e736572766572706173732e74656c657365632e64652f6372742f54656c655365635f536572766572506173735f436c6173735f325f43412e6365723081ab06082b0601050507300286819e6c6461703a2f2f6c6461702e736572766572706173732e74656c657365632e64652f434e3d54656c6553656325323053657276657250617373253230436c6173732532303225323043412c4f553d542d53797374656d73253230547275737425323043656e7465722c4f3d542d53797374656d73253230496e7465726e6174696f6e616c253230476d62482c433d44453f63414365727469666963617465300c0603551d130101ff0402300030210603551d11041a301882166170706c2e676f7665726e696b75732d6173702e6465300d06092a864886f70d01010b050003820101006376f829a32345d2d590176bf2294d9ab6fe44e6c7db3b467bd597eebda4121d6e8795ec33de253ff9f271857c4a1ddf4b80b080464a51741a53de5137be13fc482e41b3649afbb571bfec2a894022d933ca60c691a99f31fe40209e7ca2e7fcd15d33baf8c1d20e107750cbd8628bc883af062a622f29c36574decaf97ef00471bbbe81380042ab82e46788491e4f77e58168f154d5210748263bfb8b2c3c82937436f758e1b2360c22458803a304eb90a4617bdcaa591176f4002e63dce3c9a3c7dcec83472dec70346544105118227fce63bae6a6686950846f65f30de621c1e5d6b7b20f3ce7d8ebbd95667c89123adb9efcbdd5ea1ba6e71b152bea43d3"
+		"3082083a30820722a003020102020900d5b6a4dc1fd8854a300d06092a864886f70d01010b05003081df310b300906035504061302444531253023060355040a0c1c542d53797374656d7320496e7465726e6174696f6e616c20476d6248311f301d060355040b0c16542d53797374656d732054727573742043656e746572311c301a06035504080c134e6f7264726865696e205765737466616c656e310e300c06035504110c0535373235303110300e06035504070c074e65747068656e3120301e06035504090c17556e7465726520496e647573747269657374722e2032303126302406035504030c1d54656c65536563205365727665725061737320436c6173732032204341301e170d3137313230313130343733325a170d3230313230363233353935395a308180310b30090603550406130244453121301f060355040a0c18476f7665726e696b757320476d6248202620436f2e204b47310b3009060355040b13025345310f300d060355040813064272656d656e310f300d060355040713064272656d656e311f301d060355040313166170706c2e676f7665726e696b75732d6173702e646530820222300d06092a864886f70d01010105000382020f003082020a0282020100c1d969514392105ce65b089b7357f75356f076b21168233d1eb57ae81f826c74258ec4814c48a3e99633fcac1fb444412cba421c1569d21b6317b6614b096203ab5b605128671764d30186dec09716d2173bfab911a9ad3d2d0b850ff2595dd9c72113bd64879c39c39b3debbfdd7f8d68e8d1bdaf2cca0508583bd59b965ec5f4950e4fbbe48b7be351237d478253bc34ac5aed9448f5ae31878067bdad75179cb776ef19f8e49e62b830de8279142233030189c20008345553847b7edc6471bf7c15c98b087159b44faa5a35fe16adc285e4d8266fab49b7b4e7fbcbd91767e05dbb45a5564cb11abcbeb0ff66869ca72dd7919eae796340fb5b26fb8ecc65b8380d3eb30e46150725e2156ad156773a79b482133b846b247868a6d3fcc18f96cfc6044fb7678fd79c04fb580b7bfb86e3252554b9a97dfd6fb9ae0e0d8d663a56b471d37752fc88a172151494553d78a39ade4669076e5ddfa13fd684b7eb800efedf9af8f90d4bab6d80378b950d43ef6de6f9ca5dccb81ecbbf820126d90923c5b87462af2acf0fc460599b2d7022e488f20069e2b3e80e057ebbd1454891929c2e0252688a1c0e801eb8bec795251087a755a6edcd22759a5c1869550d63b0596cb5ac20a7e5cb11f5412598990092cbe058b4ec67b98dd9ed2b2a5f8b7994e92b89a1ef51517beb2e2594cb8007d514f988968c52246a18945fba0adf0203010001a382035430820350301f0603551d2304183016801494c87446f53ab4464826f82bca341e5626041200300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604148c76a1377b9cad8059a5d4126a53bc633671ca1c305a0603551d20045330513045060a2b06010401bd470d17013037303506082b060105050702011629687474703a2f2f7777772e74656c657365632e64652f736572766572706173732f6370732e68746d6c3008060667810c010202308201030603551d1f0481fb3081f83040a03ea03c863a687474703a2f2f63726c2e736572766572706173732e74656c657365632e64652f726c2f536572766572506173735f436c6173735f322e63726c3081b3a081b0a081ad8681aa6c6461703a2f2f6c6461702e736572766572706173732e74656c657365632e64652f434e3d54656c6553656325323053657276657250617373253230436c6173732532303225323043412c4f553d542d53797374656d73253230547275737425323043656e7465722c4f3d542d53797374656d73253230496e7465726e6174696f6e616c253230476d62482c433d44453f43657274696669636174655265766f636174696f6e4c6973743082014906082b060105050701010482013b30820137303306082b060105050730018627687474703a2f2f6f6373702e736572766572706173732e74656c657365632e64652f6f63737072305206082b060105050730028646687474703a2f2f63726c2e736572766572706173732e74656c657365632e64652f6372742f54656c655365635f536572766572506173735f436c6173735f325f43412e6365723081ab06082b0601050507300286819e6c6461703a2f2f6c6461702e736572766572706173732e74656c657365632e64652f434e3d54656c6553656325323053657276657250617373253230436c6173732532303225323043412c4f553d542d53797374656d73253230547275737425323043656e7465722c4f3d542d53797374656d73253230496e7465726e6174696f6e616c253230476d62482c433d44453f63414365727469666963617465300c0603551d130101ff0402300030210603551d11041a301882166170706c2e676f7665726e696b75732d6173702e6465300d06092a864886f70d01010b050003820101006376f829a32345d2d590176bf2294d9ab6fe44e6c7db3b467bd597eebda4121d6e8795ec33de253ff9f271857c4a1ddf4b80b080464a51741a53de5137be13fc482e41b3649afbb571bfec2a894022d933ca60c691a99f31fe40209e7ca2e7fcd15d33baf8c1d20e107750cbd8628bc883af062a622f29c36574decaf97ef00471bbbe81380042ab82e46788491e4f77e58168f154d5210748263bfb8b2c3c82937436f758e1b2360c22458803a304eb90a4617bdcaa591176f4002e63dce3c9a3c7dcec83472dec70346544105118227fce63bae6a6686950846f65f30de621c1e5d6b7b20f3ce7d8ebbd95667c89123adb9efcbdd5ea1ba6e71b152bea43d3",
+		"308205633082044ba00302010202135100000749e339b5a8a2ecb8e8000000000749300d06092a864886f70d01010b0500304431153013060a0992268993f22c64011916056c6f63616c31153013060a0992268993f22c6401191605626f736b67311430120603550403130b676f766b67726f6f746361301e170d3136313232393039343930325a170d3138313232393039353930325a307c310b3009060355040613024445310b3009060355040813024445310f300d060355040713064272656d656e31163014060355040a130d476f7665726e696b7573204b47311c301a060355040b131353797374656d7320456e67696e656572696e6731193017060355040314102a2e74662e626f732d746573742e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100c2ce4b611d136b4a99f43bd6487c323f812f00c433ed7ec3d343b93c1b064ba12ff3f950634bbba55283ea48bf91d3a6736ee17c3467918b22d9ba1d55f9b8593461b42ed54454d15577abe0ec286203c4c33a82aae8216c802f8f81f1d06473f85acbf6ba69357828030a97086aa1bc6836cae3916d2d83f24c153a05402e13828a30822e7a861395be7d7c511b84baf4bc4a5daeb3db755b37e8ffb5dd18f8ac22c018801e212ab59b96e64b85c3d418c577c33ef73cc0ba5fef68041ba39fa0b795e7b5eabfa408c36ca582572ca2adde4cd104ccad376eaa06b41e737121f349eedb063438b406bd32dc032659e9cbad809afb5679d8a7d776a916ead35b0203010001a382021430820210300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b0601050507030130240603551d11041d301b82102a2e74662e626f732d746573742e646582012a87040ad2f861301d0603551d0e04160414262451b4431de1ccdb523d93038d7e01c4a3d153301f0603551d230418301680144b7e48a7b2f2db121642634bcd7e1c0deee96285303b0603551d1f043430323030a02ea02c862a687474703a2f2f676f7663726c2e676f7665726e696b75732e64652f63726c2f7265766f6b652e63726c3081eb06082b060105050701010481de3081db3081aa06082b0601050507300286819d6c6461703a2f2f2f434e3d676f766b67726f6f7463612c434e3d4149412c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d626f736b672c44433d6c6f63616c3f634143657274696669636174653f626173653f6f626a656374436c6173733d63657274696669636174696f6e417574686f72697479302c06082b060105050730018620687474703a2f2f676f7663726c2e676f7665726e696b75732e64652f6f637370303b06092b0601040182371507042e302c06242b060104018237150887a4920efcad6b83a98117819cb41586e9ea5a1791ff2e87b7af7c020164020109301b06092b060104018237150a040e300c300a06082b06010505070301300d06092a864886f70d01010b05000382010100a41dd5971c9b983bc3369bc9f3046481ff05aab5b47fac27a8cb7f917585b15c5acfbc8d083375a459b0642974968f4e00ad501d715dfb8a9e098437459ddcbba5a7d49f0278bd841b89fb93e86683bd89334f6b5ab556834e1fb4ec86647e812438e17512ee87b01bd0679b3abf4a67fe7272eae0c4cd9ed174d70b2728e72361cded46a42d445dfe244efb55feb1eee13f614d30237ee399b4108bc596b8aab377ad98d22c87ce4ce976ec1ceac512c33d6941b715d9fa60882b4644f9a066dcd51ff6c429af37cfa38f06444e6682d09643b2866a23a42da0ae21a787e8fe40aa2b21aa55a10aa42097c9a219528ac4968eb12cec5f223791a40d21fcce05"
 	],
 
 	"tlsSettings": {
diff --git a/resources/qml/Governikus/EnterPinView/EnterPinView.qml b/resources/qml/Governikus/EnterPinView/EnterPinView.qml
index 467f09d14..d215ea7af 100644
--- a/resources/qml/Governikus/EnterPinView/EnterPinView.qml
+++ b/resources/qml/Governikus/EnterPinView/EnterPinView.qml
@@ -54,6 +54,7 @@ SectionPage
 				}
 				text: (!pinField.confirmedInput ? qsTr("The entered PIN does not match the new PIN. Please correct your input.") :
 					  !!numberModel.inputError ? numberModel.inputError :
+					  baseItem.state === "CAN" && numberModel.isCanAllowedMode ? qsTr("Please enter the six-digit card access number. You can find the card access number on the front of the ID card.") :
 					  baseItem.state === "CAN" ? qsTr("You have entered the wrong PIN twice. Prior to a third attempt, you have to enter your six-digit card access number first. You can find your card access number on the front of your ID card.") :
 					  baseItem.state === "PUK" ? qsTr("You have entered a wrong PIN three times. Your PIN is now blocked. You have to enter the PUK now for unblocking.") :
 					  baseItem.state === "PIN_NEW" ? qsTr("Please enter a new 6-digit PIN of your choice.") :
diff --git a/resources/qml/Governikus/InformationView/Information.qml b/resources/qml/Governikus/InformationView/Information.qml
index 11cb59227..4ee95de7c 100644
--- a/resources/qml/Governikus/InformationView/Information.qml
+++ b/resources/qml/Governikus/InformationView/Information.qml
@@ -95,7 +95,17 @@ SectionPage {
 				Loader {
 					readonly property string titleText: qsTr("Software license") + settingsModel.translationTrigger
 					readonly property string descriptionText: qsTr("Read the software license text on the application homepage.") + settingsModel.translationTrigger
-					function onClickFunction() { Qt.openUrlExternally(qsTr("https://www.ausweisapp.bund.de/en/download/")) }
+					function onClickFunction() {
+							if (Qt.platform.os === "android") {
+								Qt.openUrlExternally(qsTr("https://www.ausweisapp.bund.de/en/download/android/"))
+							}
+							else if (Qt.platform.os === "ios") {
+								Qt.openUrlExternally(qsTr("https://www.ausweisapp.bund.de/en/download/ios/"))
+							}
+							else {
+								Qt.openUrlExternally(qsTr("https://www.ausweisapp.bund.de/en/download/windows-and-mac/"))
+							}
+					}
 					width: parent.width
 					sourceComponent: subMenu
 				}
diff --git a/resources/qml/Governikus/MoreView/MoreView.qml b/resources/qml/Governikus/MoreView/MoreView.qml
index ef971d8af..f8e83712e 100644
--- a/resources/qml/Governikus/MoreView/MoreView.qml
+++ b/resources/qml/Governikus/MoreView/MoreView.qml
@@ -65,7 +65,17 @@ SectionPage {
 		MoreViewMenuItem {
 			text: qsTr("Software license") + settingsModel.translationTrigger
 			imageSource: "qrc:///images/iOS/more/icon_mehr_license.svg"
-			onClicked: Qt.openUrlExternally(qsTr("https://www.ausweisapp.bund.de/en/download/"))
+			onClicked: {
+				if (Qt.platform.os === "android") {
+					Qt.openUrlExternally(qsTr("https://www.ausweisapp.bund.de/en/download/android/"))
+				}
+				else if (Qt.platform.os === "ios") {
+					Qt.openUrlExternally(qsTr("https://www.ausweisapp.bund.de/en/download/ios/"))
+				}
+				else {
+					Qt.openUrlExternally(qsTr("https://www.ausweisapp.bund.de/en/download/windows-and-mac/"))
+				}
+			}
 		}
 
 		MoreViewMenuItem {
diff --git a/resources/qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml b/resources/qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml
index cee5bdccf..2cf574f7f 100644
--- a/resources/qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml
+++ b/resources/qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml
@@ -48,7 +48,7 @@ SectionPage {
 
 			Text {
 				color: Constants.secondary_text
-				text: qsTr("Choose a device name here to identify it in the network:") + settingsModel.translationTrigger
+				text: qsTr("Set device name:") + settingsModel.translationTrigger
 				width: parent.width
 				font.pixelSize: Constants.normal_font_size
 				wrapMode: Text.WordWrap
@@ -87,9 +87,9 @@ SectionPage {
 				Text {
 					id: nameText
 					anchors.bottomMargin: Utils.dp(2)
-					font.pixelSize: Utils.sp(16)
-					color: Constants.secondary_text
-					opacity: 0.87
+					font.pixelSize: Constants.normal_font_size
+					color: Constants.blue
+					font.bold: true
 					text: qsTr("PIN pad mode") + settingsModel.translationTrigger
 				}
 
@@ -97,10 +97,9 @@ SectionPage {
 					id: dateText
 					width: parent.width
 					anchors.top: nameText.bottom
-					font.pixelSize: Utils.sp(14)
+					font.pixelSize: Constants.normal_font_size
 					color: Constants.secondary_text
-					opacity: 0.38
-					text: qsTr("Enter PIN on smartphone") + settingsModel.translationTrigger
+					text: qsTr("Enter PIN on this device") + settingsModel.translationTrigger
 					wrapMode: Text.WordWrap
 				}
 			}
@@ -205,7 +204,7 @@ SectionPage {
 				width: parent.width
 				wrapMode: Text.WordWrap
 				font.pixelSize: Constants.normal_font_size
-				text: qsTr("Start the pairing mode on the other device if it is not already started.") + settingsModel.translationTrigger
+				text: qsTr("Please start pairing mode first.") + settingsModel.translationTrigger
 			}
 
 			GButton {
diff --git a/resources/qml/Governikus/RemoteServiceView/RemoteServiceView.qml b/resources/qml/Governikus/RemoteServiceView/RemoteServiceView.qml
index ebabaccd1..1ec628f15 100644
--- a/resources/qml/Governikus/RemoteServiceView/RemoteServiceView.qml
+++ b/resources/qml/Governikus/RemoteServiceView/RemoteServiceView.qml
@@ -86,6 +86,7 @@ SectionPage {
 		anchors.top: text.bottom
 		anchors.horizontalCenter: parent.horizontalCenter
 		anchors.margins: Constants.component_spacing
+		enabled: canEnableNfc || remoteServiceModel.runnable || running
 		onClicked: {
 			if (canEnableNfc) {
 				qmlExtension.showSettings("android.settings.NFC_SETTINGS")
diff --git a/resources/qml/Governikus/TechnologyInfo/TechnologyInfo.qml b/resources/qml/Governikus/TechnologyInfo/TechnologyInfo.qml
index 54dff84f5..0745ea77f 100644
--- a/resources/qml/Governikus/TechnologyInfo/TechnologyInfo.qml
+++ b/resources/qml/Governikus/TechnologyInfo/TechnologyInfo.qml
@@ -8,8 +8,7 @@ Item {
 	property alias enableButtonText: enableButton.text
 	property alias enableButtonVisible: enableButton.visible
 	property alias titleText: title.text
-	property alias subTitleText: subTitle.text
-	property bool subTitleTextRedColor
+	property string subTitleText: ""
 
 	signal enableClicked()
 
@@ -71,6 +70,11 @@ Item {
 		}
 	}
 
+	onSubTitleTextChanged: {
+		subTitleTextColor.value = numberModel.hasError ? Constants.red : Constants.secondary_text
+		subTitle.text = subTitleText
+	}
+
 	Item {
 		anchors.left: parent.left
 		anchors.top: parent.verticalCenter
@@ -93,7 +97,12 @@ Item {
 				SequentialAnimation {
 					PropertyAnimation { target: subTitle; property: "anchors.topMargin"; to: baseItem.height/2; duration: 500}
 					PropertyAction { target: subTitle; property: "text" }
-					PropertyAction { target: subTitle; property: "color"; value: baseItem.subTitleTextRedColor ? Constants.red : Constants.secondary_texte }
+					PropertyAction {
+						id: subTitleTextColor
+						target: subTitle;
+						property: "color";
+						value: Constants.secondary_text
+					}
 					PropertyAnimation { target: subTitle; property: "anchors.topMargin"; to: 0; duration: 500 }
 				}
 			}
diff --git a/resources/qml/Governikus/Workflow/BluetoothWorkflow.qml b/resources/qml/Governikus/Workflow/BluetoothWorkflow.qml
index f09bf461c..ba7dad283 100644
--- a/resources/qml/Governikus/Workflow/BluetoothWorkflow.qml
+++ b/resources/qml/Governikus/Workflow/BluetoothWorkflow.qml
@@ -78,7 +78,6 @@ Item {
 					  (state === "card") ?
 							qsTr("Please insert your ID card.") : ""
 					  ) + settingsModel.translationTrigger
-		subTitleTextRedColor: false
 	}
 
 	TechnologySwitch {
diff --git a/resources/qml/Governikus/Workflow/NfcWorkflow.qml b/resources/qml/Governikus/Workflow/NfcWorkflow.qml
index 1cb38f626..acd9d540f 100644
--- a/resources/qml/Governikus/Workflow/NfcWorkflow.qml
+++ b/resources/qml/Governikus/Workflow/NfcWorkflow.qml
@@ -43,7 +43,6 @@ Item {
 					  numberModel.pinDeactivated ? qsTr("The online identification function of your ID card is deactivated. Please contact the authority responsible for issuing your identification document to activate the online identification function.") :
 					  qsTr("Please place your device<br/>on your ID card.")
 					  ) + settingsModel.translationTrigger
-		subTitleTextRedColor: numberModel.extendedLengthApdusUnsupported || numberModel.pinDeactivated
 	}
 
 
diff --git a/resources/qml/Governikus/Workflow/RemoteWorkflow.qml b/resources/qml/Governikus/Workflow/RemoteWorkflow.qml
index 83e79af88..c7b7258d0 100644
--- a/resources/qml/Governikus/Workflow/RemoteWorkflow.qml
+++ b/resources/qml/Governikus/Workflow/RemoteWorkflow.qml
@@ -91,13 +91,14 @@ Item {
 				return "";
 			} else if (!!numberModel.inputError) {
 				return numberModel.inputError;
+			} else if (numberModel.extendedLengthApdusUnsupported) {
+				qsTr("Your remote device does not meet the technical requirements (Extended Length not supported).");
 			} else if (numberModel.pinDeactivated) {
 				qsTr("The online identification function of your ID card is deactivated. Please contact the authority responsible for issuing your identification document to activate the online identification function.");
 			} else {
 				return qsTr("Connected to %1. Please insert your ID card.").arg(remoteServiceModel.connectedServerDeviceNames);
 			}
 		}
-		subTitleTextRedColor: false
 	}
 
 	TechnologySwitch {
diff --git a/resources/translations/ausweisapp2_de.ts b/resources/translations/ausweisapp2_de.ts
index 5ce5276e0..f6cd3ffc5 100644
--- a/resources/translations/ausweisapp2_de.ts
+++ b/resources/translations/ausweisapp2_de.ts
@@ -480,36 +480,41 @@
     </message>
     <message>
         <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="57"/>
+        <source>Please enter the six-digit card access number. You can find the card access number on the front of the ID card.</source>
+        <translation>Bitte geben Sie Ihre 6-stellige Zugangsnummer ein. Sie finden Ihre Zugangsnummer auf der Vorderseite Ihres Ausweises.</translation>
+    </message>
+    <message>
+        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="58"/>
         <source>You have entered the wrong PIN twice. Prior to a third attempt, you have to enter your six-digit card access number first. You can find your card access number on the front of your ID card.</source>
         <translation>Sie haben Ihre PIN zweimal falsch eingegeben. Für einen dritten Versuch müssen Sie vorher Ihre 6-stellige Zugangsnummer eingeben. Sie finden Ihre Zugangsnummer auf der Vorderseite Ihres Ausweises.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="58"/>
+        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="59"/>
         <source>You have entered a wrong PIN three times. Your PIN is now blocked. You have to enter the PUK now for unblocking.</source>
         <translation>Sie haben Ihre PIN dreimal falsch eingegeben. Ihre PIN ist jetzt gesperrt. Zum Entsperren geben Sie bitte Ihre PUK ein.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="59"/>
+        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="60"/>
         <source>Please enter a new 6-digit PIN of your choice.</source>
         <translation>Geben Sie nun bitte eine neue 6-stellige PIN Ihrer Wahl ein.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="60"/>
+        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="61"/>
         <source>Please enter your new 6-digit PIN again.</source>
         <translation>Wiederholen Sie bitte Ihre neue 6-stellige PIN.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="62"/>
+        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="63"/>
         <source>Enter the pairing code shown on your other device to use it as a card reader.</source>
         <translation>Geben Sie den Kopplungscode, der auf Ihrem anderen Gerät angezeigt wird, ein, um dieses als Kartenlesegerät verwenden zu können.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="63"/>
+        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="64"/>
         <source>Please enter your current PIN or your initial transport PIN first.</source>
         <translation>Geben Sie bitte zunächst Ihre aktuelle PIN bzw. die Transport-PIN ein.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="61"/>
+        <location filename="../qml/Governikus/EnterPinView/EnterPinView.qml" line="62"/>
         <source>Please enter your personal PIN.</source>
         <translation>Geben Sie bitte Ihre persönliche PIN ein.</translation>
     </message>
@@ -1214,9 +1219,19 @@
         <translation>Lesen Sie die Softwarelizenz auf der Internetseite der Anwendung.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/InformationView/Information.qml" line="98"/>
-        <source>https://www.ausweisapp.bund.de/en/download/</source>
-        <translation>https://www.ausweisapp.bund.de/download/</translation>
+        <location filename="../qml/Governikus/InformationView/Information.qml" line="100"/>
+        <source>https://www.ausweisapp.bund.de/en/download/android/</source>
+        <translation>https://www.ausweisapp.bund.de/download/android/</translation>
+    </message>
+    <message>
+        <location filename="../qml/Governikus/InformationView/Information.qml" line="103"/>
+        <source>https://www.ausweisapp.bund.de/en/download/ios/</source>
+        <translation>https://www.ausweisapp.bund.de/download/ios/</translation>
+    </message>
+    <message>
+        <location filename="../qml/Governikus/InformationView/Information.qml" line="106"/>
+        <source>https://www.ausweisapp.bund.de/en/download/windows-and-mac/</source>
+        <translation>https://www.ausweisapp.bund.de/download/windows-und-mac/</translation>
     </message>
 </context>
 <context>
@@ -1336,17 +1351,31 @@
         <translation>Softwarelizenz</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/MoreView/MoreView.qml" line="68"/>
-        <source>https://www.ausweisapp.bund.de/en/download/</source>
-        <translation>https://www.ausweisapp.bund.de/download/</translation>
+        <location filename="../qml/Governikus/MoreView/MoreView.qml" line="70"/>
+        <source>https://www.ausweisapp.bund.de/en/download/android/</source>
+        <translation>https://www.ausweisapp.bund.de/download/android/</translation>
     </message>
     <message>
         <location filename="../qml/Governikus/MoreView/MoreView.qml" line="73"/>
+        <source>https://www.ausweisapp.bund.de/en/download/ios/</source>
+        <translation>https://www.ausweisapp.bund.de/download/ios/</translation>
+    </message>
+    <message>
+        <location filename="../qml/Governikus/MoreView/MoreView.qml" line="76"/>
+        <source>https://www.ausweisapp.bund.de/en/download/windows-and-mac/</source>
+        <translation>https://www.ausweisapp.bund.de/download/windows-und-mac/</translation>
+    </message>
+    <message>
+        <source>https://www.ausweisapp.bund.de/en/download/</source>
+        <translation type="vanished">https://www.ausweisapp.bund.de/download/</translation>
+    </message>
+    <message>
+        <location filename="../qml/Governikus/MoreView/MoreView.qml" line="83"/>
         <source>Configure remote service</source>
         <translation>Fernzugriff konfigurieren</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/MoreView/MoreView.qml" line="83"/>
+        <location filename="../qml/Governikus/MoreView/MoreView.qml" line="93"/>
         <source>Developer options</source>
         <translation>Entwickleroptionen</translation>
     </message>
@@ -1649,15 +1678,7 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
 &lt;h4&gt;Extended Length is not supported.&lt;/h4&gt;
 &lt;p&gt;Your remote reader does not meet the technical requirements (Extended Length not supported).&lt;/p&gt;
 &lt;/html&gt;</source>
-        <translation>Ihr entferntes Kartenlesegerät erfüllt leider nicht die technischen Voraussetzungen (Extended Length wird nicht unterstützt).&lt;</translation>
-    </message>
-    <message>
-        <location filename="../../src/widget/PinSettingsWidget.ui"/>
-        <source>&lt;html&gt;
-&lt;h4&gt;Extended Length is not supported.&lt;/h4&gt;
-&lt;p&gt;At least one of your card readers does not meet the technical requirements (Extended Length not supported). Please place the ID card on a different card reader.&lt;/p&gt;
-&lt;/html&gt;</source>
-        <translation>Mindestens eines Ihrer Kartenlesegeräte erfüllt leider nicht die technischen Voraussetzungen (Extended Length wird nicht unterstützt). Bitte platzieren Sie Ihren Ausweis auf einem anderen Kartenlesegerät.&lt;</translation>
+        <translation>Ihr entferntes Kartenlesegerät erfüllt leider nicht die technischen Voraussetzungen (Extended Length wird nicht unterstützt).</translation>
     </message>
 </context>
 <context>
@@ -2170,8 +2191,8 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
     </message>
     <message>
         <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="51"/>
-        <source>Choose a device name here to identify it in the network:</source>
-        <translation>Wählen Sie einen Gerätenamen, unter dem Ihr Smartphone im Netzwerk gefunden werden kann:</translation>
+        <source>Set device name:</source>
+        <translation>Wählen Sie einen Gerätenamen:</translation>
     </message>
     <message>
         <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="93"/>
@@ -2179,42 +2200,42 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
         <translation>Tastaturmodus</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="103"/>
-        <source>Enter PIN on smartphone</source>
-        <translation>PIN-Eingabe auf dem Smartphone</translation>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="102"/>
+        <source>Enter PIN on this device</source>
+        <translation>PIN-Eingabe auf diesem Gerät</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="121"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="120"/>
         <source>Paired devices</source>
         <translation>Gekoppelte Geräte</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="129"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="128"/>
         <source>No device is paired.</source>
         <translation>Kein Gerät gekoppelt.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="153"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="152"/>
         <source>Available devices</source>
         <translation>Verfügbare Geräte</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="161"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="160"/>
         <source>No new remote reader was found on your network. Make sure that the remote reader functionality in AusweisApp2 on your other device is activated and that your devices are connected to the same network.</source>
         <translation>Kein entferntes Kartenlesegerät in Ihrem Netzwerk verfügbar. Bitte stellen Sie sicher, dass die Funktion &quot;Fernzugriff&quot; in der AusweisApp2 auf Ihrem anderen Gerät aktiviert ist. Beide Geräte müssen sich im selben Netzwerk befinden.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="208"/>
-        <source>Start the pairing mode on the other device if it is not already started.</source>
-        <translation>Aktivieren Sie den Kopplungsmodus auf dem anderen Gerät wenn er noch nicht aktiviert sein sollte.</translation>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="207"/>
+        <source>Please start pairing mode first.</source>
+        <translation>Starten Sie den Kopplungsmodus auf Ihrem Smartphone, falls noch nicht geschehen.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="212"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="211"/>
         <source>OK</source>
         <translation>OK</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="227"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceSettings.qml" line="226"/>
         <source>Pairing code</source>
         <translation>Kopplungscode</translation>
     </message>
@@ -2232,37 +2253,37 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
         <translation>Bitte starten Sie den Fernzugriff, damit Sie Ihr Smartphone als Kartenlesegerät für die AusweisApp2 nutzen können. Bitte beachten Sie: dies ist nur möglich, wenn beide Geräte mit demselben WLAN verbunden sind.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="101"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="102"/>
         <source>Enable NFC</source>
         <translation>NFC aktivieren</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="103"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="104"/>
         <source>Stop remote service</source>
         <translation>Fernzugriff stoppen</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="105"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="106"/>
         <source>Start remote service</source>
         <translation>Fernzugriff starten</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="118"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="119"/>
         <source>Start pairing</source>
         <translation>Kopplung starten</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="163"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="164"/>
         <source>Card access in progress</source>
         <translation>Kartenzugriff</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="177"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="178"/>
         <source>Please pay attention to the display on your other device %1.</source>
         <translation>Bitte beachten Sie die Anzeige auf Ihrem anderen Gerät %1.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="225"/>
+        <location filename="../qml/Governikus/RemoteServiceView/RemoteServiceView.qml" line="226"/>
         <source>Settings</source>
         <translation>Einstellungen</translation>
     </message>
@@ -2291,11 +2312,16 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
     </message>
     <message>
         <location filename="../qml/Governikus/Workflow/RemoteWorkflow.qml" line="95"/>
+        <source>Your remote device does not meet the technical requirements (Extended Length not supported).</source>
+        <translation>Ihr entferntes Kartenlesegerät erfüllt leider nicht die technischen Voraussetzungen (Extended Length wird nicht unterstützt).</translation>
+    </message>
+    <message>
+        <location filename="../qml/Governikus/Workflow/RemoteWorkflow.qml" line="97"/>
         <source>The online identification function of your ID card is deactivated. Please contact the authority responsible for issuing your identification document to activate the online identification function.</source>
         <translation>Die Online-Ausweisfunktion Ihres Ausweisdokumentes ist nicht aktiviert. Bitte wenden Sie sich an die Behörde, die Ihr Ausweisdokument ausgegeben hat, um die Online-Ausweisfunktion zu aktivieren.</translation>
     </message>
     <message>
-        <location filename="../qml/Governikus/Workflow/RemoteWorkflow.qml" line="97"/>
+        <location filename="../qml/Governikus/Workflow/RemoteWorkflow.qml" line="99"/>
         <source>Connected to %1. Please insert your ID card.</source>
         <translation>Verbunden mit %1. Bitte legen Sie Ihr Ausweisdokument auf.</translation>
     </message>
@@ -3498,63 +3524,68 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
 </context>
 <context>
     <name>governikus::GuiUtils</name>
+    <message>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="27"/>
+        <source>The given card access number (CAN) is not correct.</source>
+        <translation>Die eingegebene Zugangsnummer (CAN) ist ungültig.</translation>
+    </message>
     <message>
         <location filename="../../src/widget/generic/GuiUtils.cpp" line="24"/>
         <source>Wrong card access number (CAN)</source>
         <translation>Falsche Zugangsnummer (CAN)</translation>
     </message>
     <message>
-        <location filename="../../src/widget/generic/GuiUtils.cpp" line="25"/>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="31"/>
         <source>The given card access number (CAN) is not correct. You have one more try to enter the correct PIN. Please mind that you have to acknowledge this last try with your card access number (CAN).</source>
         <translation>Die eingegebene Zugangsnummer (CAN) ist nicht korrekt. Sie haben noch eine weitere Möglichkeit die korrekte PIN einzugeben. Beachten Sie, dass Sie diesen letzten Versuch mit der Zugangsnummer (CAN) bestätigen müssen.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/generic/GuiUtils.cpp" line="31"/>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="38"/>
         <source>Wrong PUK</source>
         <translation>Falsche PUK</translation>
     </message>
     <message>
-        <location filename="../../src/widget/generic/GuiUtils.cpp" line="36"/>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="43"/>
         <source>PUK is inoperative</source>
         <translation>PUK ist außer Betrieb</translation>
     </message>
     <message>
-        <location filename="../../src/widget/generic/GuiUtils.cpp" line="32"/>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="39"/>
         <source>Please enter your PUK again.</source>
         <translation>Bitte geben Sie Ihre PUK erneut ein.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/generic/GuiUtils.cpp" line="37"/>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="44"/>
         <source>You have correctly entered the PUK ten times and have thus reached the maximum count. The PUK is now inoperative and can no longer be used for unblocking the PIN. Please address your competent authority that has issued your ID card for unblocking your PIN.</source>
         <translation>Sie haben die PUK zehn Mal korrekt eingegeben und damit die maximale Anzahl erreicht. Die PUK ist daher außer Betrieb und kann nicht mehr zum Entsperren der PIN verwendet werden. Bitte wenden Sie sich zum Entsperren der PIN an die zuständige Behörde, die Ihr Ausweisdokument ausgegeben hat.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/generic/GuiUtils.cpp" line="44"/>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="51"/>
         <source>Wrong PIN</source>
         <translation>Falsche PIN</translation>
     </message>
     <message>
-        <location filename="../../src/widget/generic/GuiUtils.cpp" line="53"/>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="60"/>
         <source>After three wrong entries your PIN is blocked. Using the online identification function is no longer possible. &lt;/p&gt;&lt;p&gt;You can unblock your PIN in the following dialog. The program supports you with the steps now required.</source>
         <translation>Ihre PIN ist nach dreimaliger Fehleingabe gesperrt. Die Nutzung der Online-Ausweisfunktion ist in diesem Zustand nicht mehr möglich.&lt;/p&gt;&lt;p&gt;Sie können die PIN im folgenden Dialog entsperren. Die Anwendung unterstützt Sie in den nun notwendigen Schritten.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/generic/GuiUtils.cpp" line="59"/>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="66"/>
         <source>The given PIN is not correct. You have one more try to enter the correct PIN. Please mind that you have to acknowledge this last try with your card access number (CAN).</source>
         <translation>Die eingegebene PIN ist nicht korrekt. Sie haben noch eine weitere Möglichkeit die korrekte PIN einzugeben. Beachten Sie, dass Sie diesen letzten Versuch mit der Zugangsnummer (CAN) bestätigen müssen.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/generic/GuiUtils.cpp" line="65"/>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="72"/>
         <source>The given PIN is not correct. You have %1 tries to enter the correct PIN.</source>
         <translation>Die eingegebene PIN ist nicht korrekt. Sie haben noch %1 weitere Möglichkeiten die korrekte PIN einzugeben.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/generic/GuiUtils.cpp" line="86"/>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="93"/>
         <source>PIN blocked</source>
         <translation>PIN gesperrt</translation>
     </message>
     <message>
-        <location filename="../../src/widget/generic/GuiUtils.cpp" line="87"/>
+        <location filename="../../src/widget/generic/GuiUtils.cpp" line="94"/>
         <source>After three wrong entries your PIN is blocked. Using the online identification function is no longer possible. &lt;br/&gt;You can unblock the PIN as follows:&lt;ol&gt;&lt;li&gt; Select the &quot;Settings&quot; function.&lt;/li&gt;&lt;li&gt;Select the &quot;PIN Management&quot; tab. &lt;/li&gt;&lt;li&gt;Follow the instructions on the screen.&lt;/li&gt;&lt;/ol&gt;Note: You will find the PUK in the letter you received during the application for the ID card in the &quot;Unblocking key PUK&quot; section. Further information is available on the site &lt;a href=&quot;http://www.personalausweisportal.de&quot;&gt;http://www.personalausweisportal.de&lt;/a&gt;.&lt;br&gt;Do you want to unblock the PIN now?</source>
         <translation>Sie haben Ihre PIN dreimal falsch eingegeben. Die Online-Ausweisfunktion ist jetzt blockiert. Die Blockierung können Sie mit Ihrer Entsperrnummer (PUK) aufheben. Sie finden Ihre PUK in dem Schreiben, das Sie nach Beantragung Ihres Ausweisdokuments von der für die Ausgabe Ihres Ausweisdokuments zuständigen Behörde erhalten haben. Bitte beachten Sie: Sie können mit Ihrer PUK lediglich Ihren Online-Ausweis entsperren. Sollten Sie Ihre PIN vergessen haben, können Sie von der für die Ausgabe Ihres Ausweisdokuments zuständigen Behörde eine neue PIN setzen lassen.&lt;br&gt;Wollen Sie die Blockierung nun aufheben?</translation>
     </message>
@@ -3685,27 +3716,27 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
 <context>
     <name>governikus::NumberModel</name>
     <message>
-        <location filename="../../src/qml/NumberModel.cpp" line="157"/>
+        <location filename="../../src/qml/NumberModel.cpp" line="165"/>
         <source>The given PIN is not correct. You have 2 tries to enter the correct PIN.</source>
         <translation>Die eingegebene PIN ist nicht korrekt. Sie haben noch 2 weitere Möglichkeiten die korrekte PIN einzugeben.</translation>
     </message>
     <message>
-        <location filename="../../src/qml/NumberModel.cpp" line="161"/>
+        <location filename="../../src/qml/NumberModel.cpp" line="169"/>
         <source>You have entered the wrong PIN twice. Prior to a third attempt, you have to enter your six-digit card access number first. You can find your card access number on the front of your ID card.</source>
         <translation>Sie haben Ihre PIN zweimal falsch eingegeben. Für einen dritten Versuch müssen Sie vorher Ihre 6-stellige Zugangsnummer eingeben. Sie finden Ihre Zugangsnummer auf der Vorderseite Ihres Ausweises.</translation>
     </message>
     <message>
-        <location filename="../../src/qml/NumberModel.cpp" line="167"/>
+        <location filename="../../src/qml/NumberModel.cpp" line="175"/>
         <source>You have entered a wrong PIN three times. Your PIN is now blocked. You have to enter the PUK now for unblocking.</source>
         <translation>Sie haben Ihre PIN dreimal falsch eingegeben. Ihre PIN ist jetzt gesperrt. Zum Entsperren geben Sie bitte Ihre PUK ein.</translation>
     </message>
     <message>
-        <location filename="../../src/qml/NumberModel.cpp" line="174"/>
+        <location filename="../../src/qml/NumberModel.cpp" line="182"/>
         <source>You have entered a wrong CAN, please try again.</source>
         <translation>Sie haben eine falsche CAN eingegeben. Bitte versuchen Sie es erneut.</translation>
     </message>
     <message>
-        <location filename="../../src/qml/NumberModel.cpp" line="178"/>
+        <location filename="../../src/qml/NumberModel.cpp" line="186"/>
         <source>You have entered a wrong PUK. Please try again.</source>
         <translation>Sie haben eine falsche PUK eingegeben. Bitte versuchen Sie es erneut.</translation>
     </message>
@@ -3820,22 +3851,22 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
         <translation>PIN ändern</translation>
     </message>
     <message>
-        <location filename="../../src/widget/PinSettingsWidget.cpp" line="494"/>
+        <location filename="../../src/widget/PinSettingsWidget.cpp" line="486"/>
         <source>The PIN in the field &quot;%1&quot; does not match the PIN in the field &quot;%2&quot;.</source>
         <translation>Die PIN im Feld &quot;%1&quot; stimmt nicht mit der PIN im Feld &quot;%2&quot; überein.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/PinSettingsWidget.cpp" line="223"/>
+        <location filename="../../src/widget/PinSettingsWidget.cpp" line="204"/>
         <source>PIN correct.</source>
         <translation>Die PIN stimmt überein.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/PinSettingsWidget.cpp" line="526"/>
+        <location filename="../../src/widget/PinSettingsWidget.cpp" line="518"/>
         <source>card inserted</source>
         <translation>karte aufgelegt</translation>
     </message>
     <message>
-        <location filename="../../src/widget/PinSettingsWidget.cpp" line="531"/>
+        <location filename="../../src/widget/PinSettingsWidget.cpp" line="523"/>
         <source>no card inserted</source>
         <translation>karte nicht aufgelegt</translation>
     </message>
@@ -3936,12 +3967,12 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
     <message>
         <location filename="../../src/widget/ReaderDeviceWidget.cpp" line="128"/>
         <source>No connected card reader found. See %1 for installation of card readers.</source>
-        <translation>Es konnte kein verbundenes Kartelesegerät gefunden werden. Informationen zur Installation von Kartenlesegeräten befinden sich unter %1.</translation>
+        <translation>Es wurde kein Kartenlesegerät gefunden. Details zur Installation finden Sie in der %1.</translation>
     </message>
     <message>
         <location filename="../../src/widget/ReaderDeviceWidget.cpp" line="175"/>
-        <source>No card reader detected</source>
-        <translation>Kein Kartenlesegerät erkannt</translation>
+        <source>Please connect suitable card reader</source>
+        <translation>Bitte schließen Sie ein geeignetes Kartenlesegerät an.</translation>
     </message>
     <message>
         <location filename="../../src/widget/ReaderDeviceWidget.cpp" line="179"/>
@@ -3960,8 +3991,8 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
     </message>
     <message>
         <location filename="../../src/widget/ReaderDeviceWidget.cpp" line="297"/>
-        <source>Start the pairing mode on the other device if it is not already started.</source>
-        <translation>Aktivieren Sie den Kopplungsmodus auf dem anderen Gerät wenn er noch nicht aktiviert sein sollte.</translation>
+        <source>Please start pairing mode first.</source>
+        <translation>Starten Sie den Kopplungsmodus auf Ihrem Smartphone, falls noch nicht geschehen.</translation>
     </message>
     <message>
         <location filename="../../src/widget/ReaderDeviceWidget.cpp" line="333"/>
@@ -3972,19 +4003,19 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
 <context>
     <name>governikus::ReaderDriverModel</name>
     <message>
-        <location filename="../../src/widget/ReaderDriverModel.cpp" line="75"/>
-        <source>Connected w/ driver</source>
-        <translation>Angeschlossen mit Treiber</translation>
+        <location filename="../../src/widget/ReaderDriverModel.cpp" line="70"/>
+        <source>Not connected</source>
+        <translation>Nicht angeschlossen</translation>
     </message>
     <message>
-        <location filename="../../src/widget/ReaderDriverModel.cpp" line="78"/>
-        <source>Connected w/o driver</source>
-        <translation>Angeschlossen ohne Treiber</translation>
+        <location filename="../../src/widget/ReaderDriverModel.cpp" line="75"/>
+        <source>Driver installed</source>
+        <translation>Treiber installiert</translation>
     </message>
     <message>
-        <location filename="../../src/widget/ReaderDriverModel.cpp" line="70"/>
-        <source>Not connected</source>
-        <translation>Nicht angeschlossen</translation>
+        <location filename="../../src/widget/ReaderDriverModel.cpp" line="78"/>
+        <source>No driver installed</source>
+        <translation>Treiber nicht installiert</translation>
     </message>
     <message>
         <location filename="../../src/widget/ReaderDriverModel.cpp" line="99"/>
@@ -3998,13 +4029,13 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
     </message>
     <message>
         <location filename="../../src/widget/ReaderDriverModel.cpp" line="158"/>
-        <source>Device is installed correctly.</source>
-        <translation>Das Kartenlesegerät ist korrekt installiert.</translation>
+        <source>Card reader ready for use.</source>
+        <translation>Das Kartenlesegerät kann verwendet werden.</translation>
     </message>
     <message>
         <location filename="../../src/widget/ReaderDriverModel.cpp" line="161"/>
-        <source>Device is not configured, please download and install the driver you can find at url: %1</source>
-        <translation>Für das Kartenlesegerät wurden keine Treiber erkannt, bitte installieren Sie den Treiber: %1</translation>
+        <source>Please download and install the driver you can find at: %1</source>
+        <translation>Bitte installieren Sie den Treiber: %1</translation>
     </message>
 </context>
 <context>
@@ -4353,16 +4384,6 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
 </context>
 <context>
     <name>governikus::SetupAssistantWizard</name>
-    <message>
-        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="102"/>
-        <source>Welcome to the AusweisApp2 setup assistant. This assistant will guide you through the setup process in %1 steps. The setup assistant can be cancelled at any time and can be started again later from the Help menu.</source>
-        <translation>Willkommen zum Einrichtungsassistenten der AusweisApp2. Sie werden in %1 Schritten durch die Einrichtung geführt. Sie können diesen Einrichtungsassistenten jederzeit abbrechen und später über das Hilfe-Menü erneut starten.</translation>
-    </message>
-    <message>
-        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="185"/>
-        <source>Change PIN</source>
-        <translation>PIN ändern</translation>
-    </message>
     <message>
         <location filename="../../src/widget/SetupAssistantWizard.cpp" line="50"/>
         <source>setup assistant</source>
@@ -4379,6 +4400,11 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
         <source>Introduction</source>
         <translation>Einleitung</translation>
     </message>
+    <message>
+        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="102"/>
+        <source>Welcome to the AusweisApp2 setup assistant. This assistant will guide you through the setup process in %1 steps. You can cancel the setup assistant at any time. To restart it, go to the tab &quot;Help&quot; and select &quot;Setup assistant&quot;.</source>
+        <translation>Willkommen zum Einrichtungsassistenten der AusweisApp2. Sie werden in %1 Schritten durch die Einrichtung geführt. Sie können diesen Einrichtungsassistenten jederzeit abbrechen und später über den Reiter &quot;Hilfe&quot; innerhalb der AusweisApp2 durch Auswahl des Eintrags &quot;Einrichtungsassistent&quot; erneut starten.</translation>
+    </message>
     <message>
         <location filename="../../src/widget/SetupAssistantWizard.cpp" line="113"/>
         <source>History</source>
@@ -4386,43 +4412,48 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
     </message>
     <message>
         <location filename="../../src/widget/SetupAssistantWizard.cpp" line="114"/>
-        <source>AusweisApp2 offers saving the course of your authentications in a history. Subsequently you can activate this option.</source>
-        <translation>Die AusweisApp2 bietet Ihnen die Möglichkeit, durchgeführte Authentisierungen in einem Verlauf zu speichern. Nachfolgend haben Sie die Möglichkeit, diese Option zu aktivieren.</translation>
+        <source>Do you want to save the history of your authentications?</source>
+        <translation>Möchten Sie durchgeführte Authentisierungen in einem Verlauf speichern?</translation>
     </message>
     <message>
-        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="140"/>
+        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="139"/>
         <source>save</source>
         <translation>speichern</translation>
     </message>
     <message>
-        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="141"/>
+        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="140"/>
         <source>save history</source>
         <translation>Verlauf speichern</translation>
     </message>
     <message>
-        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="157"/>
+        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="156"/>
         <source>Card Readers</source>
         <translation>Kartenlesegeräte</translation>
     </message>
     <message>
-        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="167"/>
+        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="166"/>
         <source>Almost done!</source>
         <translation>Fast fertig!</translation>
     </message>
     <message>
-        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="173"/>
+        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="172"/>
         <source>Personal 6 - digit PIN</source>
         <translation>Persönliche 6-stellige PIN</translation>
     </message>
     <message>
-        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="174"/>
-        <source>Prior to the first use of the online identification function you have to replace the transport PIN by an individual 6-digit PIN. The AusweisApp&apos;s PIN management offers this function. For replacing the transport PIN you need the letter sent to you by your competent authority.</source>
-        <translation>Vor der ersten Nutzung der Online-Ausweisfunktion müssen Sie die Transport-PIN durch eine persönliche 6-stellige PIN ersetzen. Die PIN-Verwaltung der AusweisApp2 bietet Ihnen dazu die Möglichkeit. Für das Ersetzen der Transport-PIN benötigen Sie den PIN-Brief, welcher Ihnen von der für die Ausgabe Ihres Ausweisdokuments zuständigen Behörde zugesandt wurde.</translation>
+        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="173"/>
+        <source>Prior to the first use of the online identification function, you have to replace the transport PIN by an individual 6-digit PIN. The transport PIN was sent to you by postal mail.</source>
+        <translation>Vor der ersten Nutzung der Online-Ausweisfunktion müssen Sie die Transport-PIN durch eine persönliche 6-stellige PIN ersetzen. Sie finden Ihre Transport-PIN in dem PIN-Brief, welcher Ihnen postalisch zugesandt wurde.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="197"/>
-        <source>AusweisApp2 is now ready for use. You can further configure AusweisApp2 via the &quot;Settings&quot; dialog from the navigation section. AusweisApp2 uses the proxy settings configured in your system. This setup assistant can be started at any time from the &quot;Help&quot; menu. The &quot;Finish&quot; button closes the setup assistant.</source>
-        <translation>Sie können die AusweisApp2 nun verwenden. Weitere Einstellungen können Sie über die Funktion &quot;Einstellungen&quot; im Navigationsbereich vornehmen. Die AusweisApp2 verwendet die in Ihrem System konfigurierten Proxy-Einstellungen. Sie können diesen Einrichtungsassistenten jederzeit über das Menü &quot;Hilfe&quot; erneut starten. Die Schaltfläche &quot;Abschließen&quot; schließt den Einrichtungsassistenten und öffnet die Dialogseite &quot;Einstellungen&quot;.</translation>
+        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="183"/>
+        <source>Set individual PIN</source>
+        <translation>Persönliche PIN setzen</translation>
+    </message>
+    <message>
+        <location filename="../../src/widget/SetupAssistantWizard.cpp" line="196"/>
+        <source>AusweisApp2 is now ready for use. For more information on the software or the online identification function, visit the %1online help%2.</source>
+        <translation>Sie können die AusweisApp2 nun verwenden. Weitere Informationen zur Software und der Online-Ausweisfunktion erhalten Sie in der %1Online-Hilfe%2.</translation>
     </message>
 </context>
 <context>
@@ -4480,134 +4511,144 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
 <context>
     <name>governikus::StepAuthenticationEac1Widget</name>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="199"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="411"/>
+        <source>CAN:</source>
+        <translation>CAN:</translation>
+    </message>
+    <message>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="125"/>
+        <source>Please enter the six-digit card access number (CAN) for identification.</source>
+        <translation>Bitte geben Sie Ihre 6-stellige Zugangsnummer (CAN) ein.</translation>
+    </message>
+    <message>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="203"/>
         <source>Validity:
 %1 - %2</source>
         <translation>Gültigkeit:
 %1 - %2</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="363"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="367"/>
         <source>Only digits (0-9) are permitted.</source>
         <translation>Es sind nur Ziffern (0-9) erlaubt.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="247"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="251"/>
         <source>Card is being verified</source>
         <translation>Karte wird geprüft</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="243"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="247"/>
         <source>Service provider is verified</source>
         <translation>Diensteanbieter wird geprüft</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="251"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="255"/>
         <source>Reading data</source>
         <translation>Daten werden gelesen</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="255"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="259"/>
         <source>Service provider is being verified</source>
         <translation>Diensteanbieter wird geprüft</translation>
     </message>
     <message>
         <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="86"/>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="149"/>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="300"/>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="606"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="153"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="304"/>
         <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="611"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="616"/>
         <source>Identify now</source>
         <translation>Jetzt ausweisen</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="274"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="278"/>
         <source>See details under more...</source>
         <translation>Weitere Details unter &quot;mehr...&quot;</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="261"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="265"/>
         <source>OK</source>
         <translation>OK</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="452"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="457"/>
         <source>Identify</source>
         <translation>Ausweisen</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="470"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="475"/>
         <source>Identification successful</source>
         <translation>Ausweisen erfolgreich</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="470"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="475"/>
         <source>The process was cancelled by the user</source>
         <translation>Der Benutzer hat den Vorgang abgebrochen</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="476"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="481"/>
         <source>Result</source>
         <translation>Ergebnis</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="141"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="145"/>
         <source>Please pay attention to the display of your card reader.</source>
         <translation>Bitte beachten Sie die Anzeige auf Ihrem Kartenlesegerät.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="125"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="129"/>
         <source>Please enter your six-digit card access number (CAN) and your PIN for identification.</source>
         <translation>Bitte geben Sie Ihre 6-stellige Zugangsnummer (CAN)  und Ihre PIN ein, um sich auszuweisen.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="129"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="133"/>
         <source>Please enter your six digit PIN for identification</source>
         <translation>Bitte geben Sie Ihre 6-stellige PIN ein, um sich auszuweisen</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="185"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="189"/>
         <source>Service provider:</source>
         <translation>Diensteanbieter:</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="191"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="195"/>
         <source>Certificate issuer:</source>
         <translation>Aussteller des Berechtigungszertifikats:</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="213"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="217"/>
         <source>Information on the service provider who wants to read out data from your ID card is given here. For further information press the button &quot;more...&quot;.</source>
         <translation>Hier erhalten Sie Informationen über den Diensteanbieter, der die Daten aus Ihrem Personalausweis auslesen möchte. Für weitere Informationen drücken Sie bitte die Schaltfläche &quot;mehr...&quot;.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="216"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="220"/>
         <source>Here you can select or deselect data fields to be read out. Mandatory data fields required by the service provider cannot be deselected.</source>
         <translation>Hier können Sie die Datenfelder an/abwählen, die ausgelesen werden sollen. Felder, die Sie nicht abwählen können, sind durch den Diensteanbieter als Pflichtfelder festgelegt worden. Diese Felder sind daher nicht abwählbar.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="374"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="378"/>
         <source>Card access number (CAN):</source>
         <translation>Zugangsnummer (CAN):</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="383"/>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="416"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="387"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="421"/>
         <source>open on screen keyboard</source>
         <translation>öffne bildschirmtastatur</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="368"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="372"/>
         <source>please enter your can</source>
         <translation>bitte geben sie ihre zugangsnummer (can) ein</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="396"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="400"/>
         <source>please enter your pin</source>
         <translation>bitte geben sie ihre pin ein</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="407"/>
+        <location filename="../../src/widget/step/StepAuthenticationEac1Widget.cpp" line="411"/>
         <source>PIN:</source>
         <translation>PIN:</translation>
     </message>
@@ -4615,88 +4656,77 @@ Bitte beachten Sie, dass Sie mit Ihrer PUK lediglich Ihren Online-Ausweis entspe
 <context>
     <name>governikus::StepChooseCardGui</name>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="36"/>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="35"/>
         <source>Information</source>
         <translation>Information</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="39"/>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="38"/>
         <source>Cancel</source>
         <translation>Abbrechen</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="40"/>
-        <source>Diagnosis</source>
-        <translation>Diagnose</translation>
-    </message>
-    <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="41"/>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="39"/>
         <source>Settings</source>
         <translation>Einstellungen</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="195"/>
-        <source>No card reader detected. Please make sure that a card reader is connected.</source>
-        <translation>Es wurde kein Kartenlesegerät erkannt. Bitte stellen Sie sicher, dass ein Kartenlesegerät angeschlossen ist.</translation>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="182"/>
+        <source>If you need help or have problems with your card reader, you can consult the %1online help%2 for futher information.</source>
+        <translation>Wenn Sie Hilfe benötigen oder Probleme mit Ihrem Kartenlesegerät haben, können Sie für weitere Informationen die %1Online-Hilfe%2 öffnen.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="196"/>
-        <source>If you would like to set up a local or remote card reader, click on the &quot;Settings&quot; button to open the reader settings.</source>
-        <translation>Wenn Sie ein lokales oder entferntes Kartenlesegerät einrichten wollen, klicken Sie auf die Schaltfläche &quot;Einstellungen&quot;, um die Einstellungen für das Kartenlesegerät zu öffnen.</translation>
-    </message>
-    <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="198"/>
-        <source>If you need help or have problems with your card reader click on the &quot;Diagnosis&quot; button for further information.</source>
-        <translation>Wenn Sie Hilfe benötigen oder Probleme mit Ihrem Kartenlesegerät haben, klicken Sie auf die Schaltfläche &quot;Diagnose&quot; für weitere Informationen.</translation>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="210"/>
+        <source>Please make sure that only one card reader with an ID card on it is connected to your computer. If you have already placed an ID card on your card reader, you can consult the %1online help%2 for futher information.</source>
+        <translation>Bitte stellen Sie sicher, dass an Ihrem Computer nur ein Kartenlesegerät mit aufliegendem Ausweisdokument angeschlossen ist. Sollten Sie bereits ein Ausweisdokument aufgelegt haben, können Sie für weitere Informationen die %1Online-Hilfe%2 öffnen.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="210"/>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="218"/>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="221"/>
         <source>Extended Length is not supported.</source>
         <translation>Extended Length wird nicht überstützt.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="211"/>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="222"/>
         <source>Your remote reader does not meet the technical requirements (Extended Length not supported).</source>
         <translation>Ihr entferntes Kartenlesegerät erfüllt leider nicht die technischen Voraussetzungen (Extended Length wird nicht unterstützt).</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="219"/>
-        <source>At least one of your card readers does not meet the technical requirements (Extended Length not supported). Please place the ID card on a different card reader.</source>
-        <translation>Mindestens eines Ihrer Kartenlesegeräte erfüllt leider nicht die technischen Voraussetzungen (Extended Length wird nicht unterstützt). Bitte platzieren Sie Ihren Ausweis auf einem anderen Kartenlesegerät.</translation>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="186"/>
+        <source>No card reader found. Please connect card reader first.</source>
+        <translation>Kein Kartenlesegerät erkannt. Bitte schließen Sie ein Kartenlesegerät an.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="229"/>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="187"/>
+        <source>Please choose &quot;Settings&quot; to install a card reader or configure your smartphone as a card reader.</source>
+        <translation>Falls Sie ein Kartenlesegerät einrichten oder Ihr Smartphone für die Nutzung als Kartenlesegerät konfigurieren möchten, klicken Sie bitte auf &quot;Einstellungen&quot;.</translation>
+    </message>
+    <message>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="198"/>
         <source>Connected to following remote readers: %1.</source>
         <translation>Verbunden mit den folgenden entfernten Lesegeräten: %1.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="231"/>
-        <source>Please place an ID card on the card reader.</source>
-        <translation>Bitte legen Sie ein Ausweisdokument auf.</translation>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="201"/>
+        <source>If you have already placed an ID card on your card reader, you can consult the %1online help%2 for futher information.</source>
+        <translation>Sollten Sie bereits Ihr Ausweisdokument aufgelegt haben, können Sie für weitere Informationen die %1Online-Hilfe%2 öffnen.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="232"/>
-        <source>If you have already placed an ID card on your card reader, click on &quot;Diagnosis&quot; for further information.</source>
-        <translation>Sollten Sie bereits Ihr Ausweisdokument aufgelegt haben, klicken Sie auf die Schaltfläche &quot;Diagnose&quot; für weitere Informationen.</translation>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="205"/>
+        <source>Please place an ID card on the card reader.</source>
+        <translation>Bitte legen Sie ein Ausweisdokument auf.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="240"/>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="215"/>
         <source>Please place only one ID card on the card reader.</source>
         <translation>Bitte legen Sie nur ein Ausweisdokument auf.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="241"/>
-        <source>Please make sure that only one card reader with an ID card on it is connected to your computer. If you have already placed an ID card on your card reader, click on &quot;Diagnosis&quot; for further information.</source>
-        <translation>Bitte stellen Sie sicher, dass an Ihrem Computer nur ein Kartenlesegerät mit aufliegendem Ausweisdokument angeschlossen ist. Sollten Sie bereits ein Ausweisdokument aufgelegt haben, klicken Sie auf die Schaltfläche &quot;Diagnose&quot; für weitere Informationen.</translation>
-    </message>
-    <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="251"/>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="228"/>
         <source>Online identification function is disabled.</source>
         <translation>Die Online-Ausweisfunktion ist deaktiviert.</translation>
     </message>
     <message>
-        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="252"/>
+        <location filename="../../src/widget/step/StepChooseCardGui.cpp" line="229"/>
         <source>This action cannot be performed. The online identification function of your ID card is deactivated. Please contact the authority responsible for issuing your identification document to activate the online identification function.</source>
         <translation>Diese Aktion kann leider nicht durchgeführt werden. Die Online-Ausweisfunktion Ihres Ausweisdokuments ist nicht aktiviert. Bitte wenden Sie sich an die Behörde, die Ihr Ausweisdokument ausgegeben hat, um die Online-Ausweisfunktion zu aktivieren.</translation>
     </message>
diff --git a/resources/updatable-files/supported-providers.json b/resources/updatable-files/supported-providers.json
index d6cfaf7f5..3579c5965 100644
--- a/resources/updatable-files/supported-providers.json
+++ b/resources/updatable-files/supported-providers.json
@@ -155,18 +155,6 @@
 			"tcTokenUrlInfo" : "",
 			"subjectUrls": []
 		},
-		{
-			"exclude": ["ios"],
-			"shortName": {"" : "Ausweis Auskunft des Bundes"},
-			"address": "https://www.buergerserviceportal.de/bund/ausweisapp/bspx_selbstauskunft",
-			"homepage": "https://www.buergerserviceportal.de/",
-			"phone": "+49 180-1-33 33 33",
-			"email": "eID_buergerservice@bmi.bund.de",
-			"postalAddress": "Bundesministerium des Innern, für Bau und Heimat<br/>Alt-Moabit 101 D<br/>10559 Berlin",
-			"category": "citizen",
-			"tcTokenUrl" : "https://www.buergerserviceportal.de:443/bund/ausweisapp/bspx_selbstauskunft/SamlAuthnRequestProvider",
-			"subjectUrls": ["https://www.buergerserviceportal.de"]
-		},
 		{
 			"exclude": ["ios"],
 			"shortName": {"" : "BAföG Berlin"},
@@ -667,7 +655,7 @@
 		},
 		{
 			"exclude": ["ios"],
-			"shortName": {"" : "Identitätsprüfungen nach dem Signaturgesetz und dem Geldwäschegesetz"},
+			"shortName": {"" : "Identitätsprüfungen nach der eIDAS und dem Geldwäschegesetz"},
 			"longDescription": {"": "Die identity Trust Management AG bietet Unternehmen die Möglichkeit, ihre Kunden schnell und sicher mit der Online-Ausweisfunktion zu identifizieren. <br/>Kunden der Kooperationspartner der identity Trust Management AG können die Identitätsprüfung nach dem Signaturgesetz und dem Geldwäschegesetz auch direkt über die Internetseite der identity Trust Management AG vornehmen."},
 			"address": "https://www.identity.tm",
 			"homepage": "https://www.identity.tm",
@@ -718,13 +706,17 @@
 		},
 		{
 			"exclude": ["ios"],
-			"shortName": {"" : "Kraftfahrt-Bundesamt - Registerauskunft"},
-			"longDescription": {"": "Mit der Online-Ausweisfunktion können Sie beim Kraftfahrt-Bundesamt einfach und schnell eine Auskunft über Ihren Punktestand und die zu Ihrer Person gespeicherten Eintragungen im Fahreignungsregister (FAER) beantragen. Die erforderlichen Daten werden dann von Ihrem Personalausweis ausgelesen. Die Auskunft erhalten Sie innerhalb weniger Tage per Post."},
+			"shortName": {"" : "Online-Registerauskunft"},
+			"longName": {"" : "Auskunft aus den Zentralen Registern des Kraftfahrt-Bundesamtes"},
+			"shortDescription": {"": "Mit der Anwendung können Privatpersonen eine Auskunft aus dem Fahreignungsregister -(Punkteauskunft) und aus dem Zentralen Fahrzeugregister (Fahrzeugzulassungen) des Kraftfahrt-Bundesamtes erhalten. Diese umfasst ausgewählte Daten, die zu der jeweiligen Person gespeichert sind."},
+			"longDescription": {"": "Die Online-Auskunft aus dem Zentralen Fahrzeugregister umfasst Informationen zur Fahrzeugbeschreibung, den Halterdaten, der Haftpflichtversicherung, der Fahrzeughistorie und den zulassungsrechtlich relevanten Ereignissen. Daten von vormaligen Haltern und interne Verwaltungsdaten sind von der Auskunft ausgenommen.<br/>Die Online-Auskunft aus dem Fahreignungsregister umfasst Informationen zu den eingetragenen Verkehrsverstößen, deren Punktbewertung und  Löschungsdatum."},
 			"address": "https://www.kba-online.de/registerauskunft/app/registeranfrage.html",
-			"homepage": "https://www.kba.de/",
-			"phone": "+49 461 316-0",
-			"email": "poststelle@kba.de",
-			"postalAddress": "Kraftfahrt-Bundesamt <br/>Fördestraße 16<br/>24944 Flensburg",
+			"homepage": "https://www.kba.de",
+			"phone": "+49 461 316-1717",
+			"email": "Anwenderbetreuung@kba.de",
+			"postalAddress": "Kraftfahrt-Bundesamt<br/>24932 Flensburg",
+			"image": "KraftfahrtBundesamt_image.png",
+			"icon": "KraftfahrtBundesamt_icon.png",
 			"category": "citizen",
 			"tcTokenUrl" : "https://www.kba-online.de:443/registerauskunft/app/eidstart.html;jsessionid=HZFFDC4E848A794D83A1D3032252F3F905?ref=HZFFDC4E848A794D83A1D3032252F3F905",
 			"tcTokenUrlInfo" : "TcToken URL contains dynamic request id but is accepted anyway.",
@@ -784,22 +776,9 @@
 			"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id.",
 			"subjectUrls": ["https://www.fp-demail.de"]
 		},
-		{
-			"exclude": ["ios", "android"],
-			"shortName": {"" : "Schufa – Auskunftsportal „Meine SCHUFA“"},
-			"longDescription": {"": "Wenn Sie Ihre Bonität gegenüber Dritten z. B. für einen Mietvertrag, belegen müssen, benötigen Sie dazu in der Regel eine SCHUFA-Auskunft. Mit der Online-Ausweisfunktion können Sie sich einfach und sicher am Kundenportal „MeineSCHUFA“ registrieren. Ohne weitere Verzögerungen haben Sie nach Anmeldung am Portal die Möglichkeit Ihre Schufa-Auskunft direkt online abzurufen oder auf dem Postweg Ihren Geschäftspartnern zukommen zu lassen. Der Personalausweis erspart Ihnen hierbei unnötige Wartezeit und gewährleistet dennoch eine verlässliche Identifizierung."},
-			"address": "https://www.meineschufa.de/index.php?site=30_2_1_pa#tabNPA",
-			"homepage": "https://www.meineschufa.de",
-			"phone": "+49 611 – 92780",
-			"email": "meineSCHUFA@SCHUFA.de",
-			"postalAddress": "SCHUFA Holding AG<br/>Postfach 10 25 66<br/>44725 Bochum",
-			"category": "citizen",
-			"tcTokenUrl" : "https://www.meineschufa.de/eID-Service-Connector-V2/createSamlRequest/Reg",
-			"subjectUrls": ["https://www.meineschufa.de"]
-		},
 		{
 			"shortName": {"" : "Selbstauskunft - „Meine Daten einsehen“"},
-			"longDescription": {"": "Die AusweisApp2 verfügt über die Funktion \"Meine Daten einsehen\". Mit dieser Funktion können die auf dem Personalausweis bzw. dem elektronischen Aufenthaltstitel gespeicherten Daten ausgelesen und angezeigt werden.<br/>Sobald Sie die AusweisApp2 gestartet und ein geeignetes Kartenlesegerät angeschlossen haben, können Sie diese Funktion unter dem Menüpunkt \"Ausweisen\" aufrufen. Über voreingestellte Checkboxen können Sie steuern, ob Sie alle gespeicherten Daten oder nur spezielle Daten auslesen möchten.<br/>Nach Ihrer PIN-Eingabe und erfolgreicher Datenübertragung werden die von Ihnen festgelegten Daten in der AusweisApp2 dargestellt.<br/>Bitte beachten Sie, dass Sie für diesen Vorgang eine Internetverbindung benötigen. Dies hat folgenden Hintergrund: Für jedes Auslesen der Daten aus dem Personalausweis oder dem elektronischen Aufenthaltstitel muss gesetzlich der Zweck des Auslesevorgangs angegeben werden. Dieser Zweck wird Ihnen auf einem speziellen Zertifikat angezeigt (Berechtigungszertifikat). Diese Zertifikate werden individuell durch die Vergabestelle für Berechtigungszertifikate beim Bundesverwaltungsamt genehmigt. Damit Sie also jederzeit genau wissen, wer zu welchem Zweck einen Auslesevorgang startet, wird eine Internetverbindung zu einem vertrauenswürdigen Authentisierungsserver aufgebaut. Die Berechtigungszertifikate dienen Ihrem Schutz!"},
+			"longDescription": {"": "Die AusweisApp2 verfügt über die Funktion \"Meine Daten einsehen\". Mit dieser Funktion können die auf dem Personalausweis bzw. dem elektronischen Aufenthaltstitel gespeicherten Daten ausgelesen und angezeigt werden. Hierbei sprechen wir auch von einer sogenannten Selbstauskunft.<br/><br/>Sobald Sie die AusweisApp2 gestartet und ein geeignetes Kartenlesegerät installiert bzw. ein Android-Smartphone verbunden haben, können Sie diese Funktion unter dem Menüpunkt \"Ausweisen\" aufrufen. (Auf Mobilgeräten finden Sie die Ausweis-Auskunft übrigens auch direkt auf der Startseite sowie im Menüeintrag „Ausweisen“.)<br/><br/>Nach Ihrer PIN-Eingabe und erfolgreicher Datenübertragung werden die Daten in der AusweisApp2 dargestellt.<br/><br/>Bei der Selbstauskunft handelt es sich um einen reinen Demonstrationsdienst. Die ausgelesenen Daten werden lediglich zur Anzeige gebracht und nicht weitergegeben.<br/><br/>Bitte beachten Sie, dass Sie auch für diesen Vorgang eine Internetverbindung benötigen. Dies hat folgenden Hintergrund: Der Zugriff auf die Daten des Personalausweises bzw. des elektronischen Aufenthaltstitels ist nur möglich, wenn derjenige, der auf die Daten zugreifen möchte sich selbst zunächst eindeutig identifiziert. Dies geschieht über das sog. Berechtigungszertifikat. Es wird Ihnen immer angezeigt, wer auf Ihre Daten zugreifen möchte. Die Erlaubnis, ein Berechtigungszertifikat zu erhalten, wird einen Diensteanbieter auf Antrag und nach Prüfung bei der Vergabestelle für Berechtigungszertifikate beim Bundesverwaltungsamt erteilt. Um das technische Berechtigungszertifikat anzuzeigen und darüber hinaus eine Gültigkeitsprüfung des Ausweisdokuments durchführen zu können, ist eine Internetverbindung zwingend erforderlich. Aus diesem Grund spricht man auch von der Online-Ausweisfunktion."},
 			"address": "https://www.ausweisapp.bund.de/ausweisapp2/ausprobieren-meine-daten-einsehen/",
 			"homepage": "https://www.ausweisapp.bund.de/",
 			"phone": "+49 1805 - 348743",
@@ -866,18 +845,6 @@
 			"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id.",
 			"subjectUrls": ["https://tbk.ego-mv.de/BuergerKontoWeb"]
 		},
-		{
-			"shortName": {"" : "Techniker Krankenkasse"},
-			"longDescription": {"": "Die Online-Ausweisfunktion des Personalausweises ermöglicht Ihnen die schnelle und sichere Registrierung am Kundenportal \"Meine TK\". Damit können Sie online verbindlich Anträge stellen und Ihre Unterlagen anfordern (z. B. eine neue Versichertenkarte). Außerdem lassen sich persönliche Daten wie Kontoverbindung oder Adresse selbstständig ändern und verwalten. Wenn Sie \"Meine TK\" mit der Online-Ausweisfunktion nutzen, sparen Sie Zeit und Aufwand."},
-			"address": "https://www.tk.de/tk/118032",
-			"homepage": "https://www.tk.de/",
-			"phone": "+49 800 - 285 85 85",
-			"email": "service@tk.de",
-			"postalAddress": "Techniker Krankenkasse<br/>Bramfelder Straße 140<br/>22305 Hamburg",
-			"category": "insurance",
-			"tcTokenUrlInfo" : "Registration required",
-			"subjectUrls": ["https://www.tk.de"]
-		},
 		{
 			"exclude": ["ios"],
 			"shortName": {"" : "Telekom DeMail"},
diff --git a/resources/updatable-files/supported-readers.json b/resources/updatable-files/supported-readers.json
index 97fc4210c..ea3ac75bd 100644
--- a/resources/updatable-files/supported-readers.json
+++ b/resources/updatable-files/supported-readers.json
@@ -207,7 +207,7 @@
 			[
 				{
 					"Platforms": [{"os": "win", "min": "6.1", "max": "6.1"}],
-					"DE": "Weder der Windows Driver noch der Installer werden dem Kartenlesegerät zugeordnet. Erst eine manuelle Installation über den Gerätemanager, bei der der Hinweis ignoriert wird, dass es sich um den falschen Treiber handelt, führt zu einem Erfolg.",
+					"DE": "Weder der Windows Treiber noch der Installer werden dem Kartenlesegerät zugeordnet. Erst eine manuelle Installation über den Gerätemanager, bei der der Hinweis, dass es sich um einen falschen Treiber handelt, zu ignorieren ist, führt zu einem Erfolg.",
 					"EN": "Neither the Windows driver nor the installer are assigned to the card reader. Only a manual installation via the device manager, ignoring the note that it is the wrong driver, leads to a success."
 				}
 			]
@@ -520,8 +520,8 @@
 				},
 				{
 					"Platforms": [{"os": "mac", "max": "10.10"}],
-					"DE": "Der Treiber vom Hersteller wird nicht unterstützt. Für die Funktion des Kartenlesegeräts muss der Treiber von macOS 10.12 installiert werden.",
-					"EN": "The driver from the manufacturer is not supported. For the function of the card reader the driver for macOS 10.12 must be installed."
+					"DE": "Der vom Hersteller angebotene Treiber für OS X 10.10 führt nicht zum Erfolg. Bitte verwenden Sie alternativ den ebenfalls vom Hersteller angebotenen Treiber für macOS 10.12.",
+					"EN": "The driver from the manufacturer is not supported on OS X 10.10. For the function of the card reader the driver for macOS 10.12 must be installed."
 				},
 				{
 					"Platforms": [{"os": "mac", "min": "10.11"}],
@@ -562,8 +562,8 @@
 				},
 				{
 					"Platforms": [{"os": "mac", "max": "10.10"}],
-					"DE": "Der Treiber vom Hersteller wird nicht unterstützt. Für die Funktion des Kartenlesegeräts muss der Treiber von macOS 10.12 installiert werden.",
-					"EN": "The driver from the manufacturer is not supported. For the function of the card reader the driver for macOS 10.12 must be installed."
+					"DE": "Der vom Hersteller angebotene Treiber für OS X 10.10 führt nicht zum Erfolg. Bitte verwenden Sie alternativ den ebenfalls vom Hersteller angebotenen Treiber für macOS 10.12.",
+					"EN": "The driver from the manufacturer is not supported on OS X 10.10. For the function of the card reader the driver for macOS 10.12 must be installed."
 				},
 				{
 					"Platforms": [{"os": "mac", "min": "10.11"}],
diff --git a/src/activation/customscheme/CustomSchemeActivationContext.h b/src/activation/customscheme/CustomSchemeActivationContext.h
index fa98f1f30..a370b6aca 100644
--- a/src/activation/customscheme/CustomSchemeActivationContext.h
+++ b/src/activation/customscheme/CustomSchemeActivationContext.h
@@ -20,7 +20,7 @@ class CustomSchemeActivationContext
 
 	public:
 		CustomSchemeActivationContext(const QUrl& pActivationUrl);
-		virtual ~CustomSchemeActivationContext();
+		virtual ~CustomSchemeActivationContext() override;
 
 		QUrl getActivationURL() const override;
 
diff --git a/src/activation/customscheme/CustomSchemeActivationHandler.h b/src/activation/customscheme/CustomSchemeActivationHandler.h
index 8a84f54fb..390bb80f6 100644
--- a/src/activation/customscheme/CustomSchemeActivationHandler.h
+++ b/src/activation/customscheme/CustomSchemeActivationHandler.h
@@ -26,7 +26,7 @@ class CustomSchemeActivationHandler
 
 	public:
 		CustomSchemeActivationHandler();
-		virtual ~CustomSchemeActivationHandler();
+		virtual ~CustomSchemeActivationHandler() override;
 
 		virtual bool start() override;
 		virtual void stop() override;
diff --git a/src/card/base/ReaderInfo.h b/src/card/base/ReaderInfo.h
index d2959a1ab..e55a75ccc 100644
--- a/src/card/base/ReaderInfo.h
+++ b/src/card/base/ReaderInfo.h
@@ -142,6 +142,10 @@ class ReaderInfo
 
 		bool sufficientApduLength() const
 		{
+			if (!hasCard())
+			{
+				return true;
+			}
 			return mMaxApduLength == 0 || mMaxApduLength >= 500;
 		}
 
diff --git a/src/card/base/asn1/CertificateDescription.cpp b/src/card/base/asn1/CertificateDescription.cpp
index 64eddbcf0..1bf797cd6 100644
--- a/src/card/base/asn1/CertificateDescription.cpp
+++ b/src/card/base/asn1/CertificateDescription.cpp
@@ -7,6 +7,7 @@
 
 #include <QCoreApplication>
 #include <QDebug>
+#include <QRegularExpression>
 
 
 using namespace governikus;
@@ -37,14 +38,20 @@ QStringList takeWhileNonEmpty(const QStringList& lines)
 QString getField(const QString& pData, const QStringList& pSearchItems)
 {
 	const QLatin1Char NEW_LINE('\n');
+	const QRegularExpression REGEX_EMPTY_SECTION(QStringLiteral("^\\R{2,}"));
 
 	for (const auto& item : pSearchItems)
 	{
 		const int pos = pData.indexOf(item);
 		if (pos != -1)
 		{
-			const QString rest = pData.mid(pos + item.length()).trimmed();
-			const QStringList lines = takeWhileNonEmpty(rest.split(NEW_LINE));
+			const QString rest = pData.mid(pos + item.length());
+			if (REGEX_EMPTY_SECTION.match(rest).hasMatch())
+			{
+				continue;
+			}
+
+			const QStringList lines = takeWhileNonEmpty(rest.trimmed().split(NEW_LINE));
 			if (lines.isEmpty())
 			{
 				continue;
diff --git a/src/card/nfc/NfcReader.cpp b/src/card/nfc/NfcReader.cpp
index 6f1d8093f..3a75c8eab 100644
--- a/src/card/nfc/NfcReader.cpp
+++ b/src/card/nfc/NfcReader.cpp
@@ -43,7 +43,6 @@ void NfcReader::targetDetected(QNearFieldTarget* pTarget)
 	{
 		Q_EMIT fireReaderPropertiesUpdated(getName());
 		qCDebug(card_nfc) << "ExtendedLengthApduSupport missing. MaxTransceiveLength:" << length;
-		return;
 	}
 
 	mCard.reset(new NfcCard(pTarget));
diff --git a/src/card/remote/RemoteReader.cpp b/src/card/remote/RemoteReader.cpp
index 66c46d23e..35fd67086 100644
--- a/src/card/remote/RemoteReader.cpp
+++ b/src/card/remote/RemoteReader.cpp
@@ -53,10 +53,6 @@ void RemoteReader::update(const IfdStatus& pIfdStatus)
 		if (!mReaderInfo.sufficientApduLength())
 		{
 			qCDebug(card_remote) << "ExtendedLengthApduSupport missing. maxAPDULength:" << mReaderInfo.getMaxApduLength();
-			if (!mCard)
-			{
-				return;
-			}
 		}
 	}
 
diff --git a/src/core/context/AuthContext.cpp b/src/core/context/AuthContext.cpp
index b543be408..c214da4e6 100644
--- a/src/core/context/AuthContext.cpp
+++ b/src/core/context/AuthContext.cpp
@@ -210,6 +210,12 @@ bool AuthContext::setEffectiveAccessRights(const QSet<AccessRight>& pAccessRight
 void AuthContext::setTerminalCvc(const QSharedPointer<const CVCertificate>& pTerminalCvc)
 {
 	mTerminalCvc = pTerminalCvc;
+
+	const CHAT& terminalChat = mTerminalCvc->getBody().getCHAT();
+	bool canAllowed = terminalChat.getAccessRights().contains(AccessRight::CAN_ALLOWED);
+	setCanAllowedMode(canAllowed);
+	qDebug() << "CAN allowed mode:" << canAllowed;
+
 	initializeChat();
 }
 
@@ -233,7 +239,14 @@ QByteArray AuthContext::encodeEffectiveChat()
 	CHAT effectiveChat(mTerminalCvc->getBody().getCHAT());
 	effectiveChat.removeAllAccessRights();
 	effectiveChat.setAccessRights(mEffectiveAccessRights);
-	qDebug() << "Using effective chat:" << effectiveChat.encode().toHex();
+
+	if (isCanAllowedMode())
+	{
+		qDebug() << "Enabling \"CAN allowed\" in effective CHAT.";
+		effectiveChat.setAccessRight(AccessRight::CAN_ALLOWED);
+	}
+
+	qDebug() << "Using effective CHAT:" << effectiveChat.encode().toHex();
 	return effectiveChat.encode();
 }
 
diff --git a/src/core/context/WorkflowContext.cpp b/src/core/context/WorkflowContext.cpp
index c4d8299f6..30809b209 100644
--- a/src/core/context/WorkflowContext.cpp
+++ b/src/core/context/WorkflowContext.cpp
@@ -25,6 +25,7 @@ WorkflowContext::WorkflowContext()
 	, mStatus(GlobalStatus::Code::No_Error)
 	, mErrorReportedToUser(true)
 	, mWorkflowFinished(false)
+	, mCanAllowedMode(false)
 {
 }
 
@@ -243,3 +244,16 @@ void WorkflowContext::setWorkflowFinished(bool pWorkflowFinished)
 {
 	mWorkflowFinished = pWorkflowFinished;
 }
+
+
+bool WorkflowContext::isCanAllowedMode() const
+{
+	return mCanAllowedMode;
+}
+
+
+void WorkflowContext::setCanAllowedMode(bool pCanAllowedMode)
+{
+	mCanAllowedMode = pCanAllowedMode;
+	Q_EMIT fireCanAllowedModeChanged();
+}
diff --git a/src/core/context/WorkflowContext.h b/src/core/context/WorkflowContext.h
index 09433eb6a..de2324705 100644
--- a/src/core/context/WorkflowContext.h
+++ b/src/core/context/WorkflowContext.h
@@ -36,6 +36,7 @@ class WorkflowContext
 		GlobalStatus mStatus;
 		bool mErrorReportedToUser;
 		bool mWorkflowFinished;
+		bool mCanAllowedMode;
 
 	protected:
 		void resetLastPaceResultAndRetryCounter();
@@ -51,6 +52,7 @@ class WorkflowContext
 		void firePukChanged();
 		void fireLastPaceResultChanged();
 		void fireResultChanged();
+		void fireCanAllowedModeChanged();
 
 		void fireCancelWorkflow();
 		void fireAbortCardSelection();
@@ -98,6 +100,9 @@ class WorkflowContext
 
 		bool isWorkflowFinished() const;
 		void setWorkflowFinished(bool pWorkflowFinished);
+
+		bool isCanAllowedMode() const;
+		void setCanAllowedMode(bool pCanAllowedMode);
 };
 
 } /* namespace governikus */
diff --git a/src/core/controller/AuthController.cpp b/src/core/controller/AuthController.cpp
index f1b72cdb3..e9cbebaf4 100644
--- a/src/core/controller/AuthController.cpp
+++ b/src/core/controller/AuthController.cpp
@@ -25,6 +25,7 @@
 #include "states/StateProcessCertificatesFromEac2.h"
 #include "states/StateProcessing.h"
 #include "states/StateRedirectBrowser.h"
+#include "states/StateSelectPasswordId.h"
 #include "states/StateStartPaos.h"
 #include "states/StateStartPaosResponse.h"
 #include "states/StateTransmit.h"
@@ -55,11 +56,13 @@ AuthController::AuthController(QSharedPointer<AuthContext> pContext)
 	mStateMachine.addState(sProcessCvcsAndSetRights);
 	auto sSelectCard = new CompositeStateSelectCard(pContext);
 	mStateMachine.addState(sSelectCard);
+	auto sSelectPasswordId = addState<StateSelectPasswordId>();
 	auto sUpdateRetryCounter = addState<StateUpdateRetryCounter>();
 	auto sHandleRetryCounter = addState<StateHandleRetryCounter>();
 	auto sEstablishPaceCan = addState<StateEstablishPaceCan>();
 	auto sEstablishPacePin = addState<StateEstablishPacePin>();
 	auto sEstablishPacePuk = addState<StateEstablishPacePuk>();
+	auto sEstablishPaceCanCanMode = addState<StateEstablishPaceCan>();
 	auto sDidAuthenticateEac1 = addState<StateDidAuthenticateEac1>();
 	auto sSendDidAuthenticateResponseEac1 = addState<StateSendDIDAuthenticateResponseEAC1>();
 	auto sEacAdditionalInputType = addState<StateEACAdditionalInputType>();
@@ -115,9 +118,13 @@ AuthController::AuthController(QSharedPointer<AuthContext> pContext)
 	sProcessCvcsAndSetRights->addTransition(sProcessCvcsAndSetRights, &CompositeStateProcessCvcsAndSetRights::fireContinue, sSelectCard);
 	sProcessCvcsAndSetRights->addTransition(sProcessCvcsAndSetRights, &CompositeStateProcessCvcsAndSetRights::fireAbort, sSendDidAuthenticateResponseEac1);
 
-	sSelectCard->addTransition(sSelectCard, &CompositeStateSelectCard::fireContinue, sUpdateRetryCounter);
+	sSelectCard->addTransition(sSelectCard, &CompositeStateSelectCard::fireContinue, sSelectPasswordId);
 	sSelectCard->addTransition(sSelectCard, &CompositeStateSelectCard::fireAbort, sSendDidAuthenticateResponseEac1);
 
+	sSelectPasswordId->addTransition(sSelectPasswordId, &AbstractState::fireContinue, sUpdateRetryCounter);
+	sSelectPasswordId->addTransition(sSelectPasswordId, &StateSelectPasswordId::firePasswordIdCAN, sEstablishPaceCanCanMode);
+	sSelectPasswordId->addTransition(sSelectPasswordId, &AbstractState::fireAbort, sSendDidAuthenticateResponseEac1);
+
 	sUpdateRetryCounter->addTransition(sUpdateRetryCounter, &AbstractState::fireContinue, sHandleRetryCounter);
 	sUpdateRetryCounter->addTransition(sUpdateRetryCounter, &AbstractState::fireAbort, sSendDidAuthenticateResponseEac1);
 
@@ -139,6 +146,10 @@ AuthController::AuthController(QSharedPointer<AuthContext> pContext)
 	sEstablishPacePin->addTransition(sEstablishPacePin, &StateEstablishPacePin::fireInvalidPin, sUpdateRetryCounter);
 	sEstablishPacePin->addTransition(sEstablishPacePin, &AbstractState::fireAbort, sSendDidAuthenticateResponseEac1);
 
+	sEstablishPaceCanCanMode->addTransition(sEstablishPaceCanCanMode, &AbstractState::fireContinue, sDidAuthenticateEac1);
+	sEstablishPaceCanCanMode->addTransition(sEstablishPaceCanCanMode, &StateEstablishPaceCan::fireInvalidCan, sEstablishPaceCanCanMode);
+	sEstablishPaceCanCanMode->addTransition(sEstablishPaceCanCanMode, &AbstractState::fireAbort, sSendDidAuthenticateResponseEac1);
+
 	sDidAuthenticateEac1->addTransition(sDidAuthenticateEac1, &AbstractState::fireContinue, sSendDidAuthenticateResponseEac1);
 	sDidAuthenticateEac1->addTransition(sDidAuthenticateEac1, &AbstractState::fireAbort, sSendDidAuthenticateResponseEac1);
 
diff --git a/src/core/controller/SelfAuthController.cpp b/src/core/controller/SelfAuthController.cpp
index 863640eb4..75cc9046d 100644
--- a/src/core/controller/SelfAuthController.cpp
+++ b/src/core/controller/SelfAuthController.cpp
@@ -25,6 +25,7 @@
 #include "states/StateInitializeFramework.h"
 #include "states/StateLoadTcTokenUrl.h"
 #include "states/StateProcessCertificatesFromEac2.h"
+#include "states/StateSelectPasswordId.h"
 #include "states/StateStartPaos.h"
 #include "states/StateStartPaosResponse.h"
 #include "states/StateTransmit.h"
@@ -55,11 +56,13 @@ SelfAuthController::SelfAuthController(QSharedPointer<SelfAuthContext> pContext)
 	mStateMachine.addState(sProcessCvcsAndSetRights);
 	auto sSelectCard = new CompositeStateSelectCard(pContext);
 	mStateMachine.addState(sSelectCard);
+	auto sSelectPasswordId = addState<StateSelectPasswordId>();
 	auto sUpdateRetryCounter = addState<StateUpdateRetryCounter>();
 	auto sHandleRetryCounter = addState<StateHandleRetryCounter>();
 	auto sEstablishPaceCan = addState<StateEstablishPaceCan>();
 	auto sEstablishPacePin = addState<StateEstablishPacePin>();
 	auto sEstablishPacePuk = addState<StateEstablishPacePuk>();
+	auto sEstablishPaceCanCanMode = addState<StateEstablishPaceCan>();
 	auto sDidAuthenticateEac1 = addState<StateDidAuthenticateEac1>();
 	auto sSendDidAuthenticateResponseEac1 = addState<StateSendDIDAuthenticateResponseEAC1>();
 	auto sEacAdditionalInputType = addState<StateEACAdditionalInputType>();
@@ -113,9 +116,13 @@ SelfAuthController::SelfAuthController(QSharedPointer<SelfAuthContext> pContext)
 	sProcessCvcsAndSetRights->addTransition(sProcessCvcsAndSetRights, &CompositeStateProcessCvcsAndSetRights::fireContinue, sSelectCard);
 	sProcessCvcsAndSetRights->addTransition(sProcessCvcsAndSetRights, &CompositeStateProcessCvcsAndSetRights::fireAbort, sSendDidAuthenticateResponseEac1);
 
-	sSelectCard->addTransition(sSelectCard, &CompositeStateSelectCard::fireContinue, sUpdateRetryCounter);
+	sSelectCard->addTransition(sSelectCard, &CompositeStateSelectCard::fireContinue, sSelectPasswordId);
 	sSelectCard->addTransition(sSelectCard, &CompositeStateSelectCard::fireAbort, sSendDidAuthenticateResponseEac1);
 
+	sSelectPasswordId->addTransition(sSelectPasswordId, &AbstractState::fireContinue, sUpdateRetryCounter);
+	sSelectPasswordId->addTransition(sSelectPasswordId, &StateSelectPasswordId::firePasswordIdCAN, sEstablishPaceCanCanMode);
+	sSelectPasswordId->addTransition(sSelectPasswordId, &AbstractState::fireAbort, sSendDidAuthenticateResponseEac1);
+
 	sUpdateRetryCounter->addTransition(sUpdateRetryCounter, &AbstractState::fireContinue, sHandleRetryCounter);
 	sUpdateRetryCounter->addTransition(sUpdateRetryCounter, &AbstractState::fireAbort, sSendDidAuthenticateResponseEac1);
 
@@ -136,6 +143,10 @@ SelfAuthController::SelfAuthController(QSharedPointer<SelfAuthContext> pContext)
 	sEstablishPacePin->addTransition(sEstablishPacePin, &StateEstablishPacePin::fireInvalidPin, sUpdateRetryCounter);
 	sEstablishPacePin->addTransition(sEstablishPacePin, &AbstractState::fireAbort, sSendDidAuthenticateResponseEac1);
 
+	sEstablishPaceCanCanMode->addTransition(sEstablishPaceCanCanMode, &AbstractState::fireContinue, sDidAuthenticateEac1);
+	sEstablishPaceCanCanMode->addTransition(sEstablishPaceCanCanMode, &StateEstablishPaceCan::fireInvalidCan, sEstablishPaceCanCanMode);
+	sEstablishPaceCanCanMode->addTransition(sEstablishPaceCanCanMode, &AbstractState::fireAbort, sSendDidAuthenticateResponseEac1);
+
 	sDidAuthenticateEac1->addTransition(sDidAuthenticateEac1, &AbstractState::fireContinue, sSendDidAuthenticateResponseEac1);
 	sDidAuthenticateEac1->addTransition(sDidAuthenticateEac1, &AbstractState::fireAbort, sSendDidAuthenticateResponseEac1);
 
diff --git a/src/core/states/StateConnectCard.cpp b/src/core/states/StateConnectCard.cpp
index dac917842..902fd2854 100644
--- a/src/core/states/StateConnectCard.cpp
+++ b/src/core/states/StateConnectCard.cpp
@@ -35,7 +35,7 @@ void StateConnectCard::onCardInserted()
 	ReaderInfo readerInfo = ReaderManager::getInstance().getReaderInfo(getContext()->getReaderName());
 	if (readerInfo.hasEidCard())
 	{
-		if (!readerInfo.isPinDeactivated())
+		if (readerInfo.sufficientApduLength() && (!readerInfo.isPinDeactivated() || getContext()->isCanAllowedMode()))
 		{
 			qCDebug(statemachine) << "Card has been inserted, trying to connect";
 			mConnections += ReaderManager::getInstance().callCreateCardConnectionCommand(readerInfo.getName(), this, &StateConnectCard::onCommandDone);
diff --git a/src/core/states/StateEstablishPaceCan.cpp b/src/core/states/StateEstablishPaceCan.cpp
index bec24ee59..e4c9ac938 100644
--- a/src/core/states/StateEstablishPaceCan.cpp
+++ b/src/core/states/StateEstablishPaceCan.cpp
@@ -5,6 +5,8 @@
 
 #include "StateEstablishPaceCan.h"
 
+#include "context/AuthContext.h"
+
 using namespace governikus;
 
 StateEstablishPaceCan::StateEstablishPaceCan(const QSharedPointer<WorkflowContext>& pContext)
@@ -16,10 +18,31 @@ StateEstablishPaceCan::StateEstablishPaceCan(const QSharedPointer<WorkflowContex
 void StateEstablishPaceCan::run()
 {
 	auto cardConnection = getContext()->getCardConnection();
-
 	Q_ASSERT(cardConnection);
+
+	QByteArray certificateDescription, effectiveChat;
+	const auto& authContext = getContext().objectCast<AuthContext>();
+	if (getContext()->isCanAllowedMode() && authContext)
+	{
+		// if PACE is performed for authentication purposes,
+		// the chat and certificate description need to be send
+		//
+		// in other scenarios, e.g. for changing the PIN, the data
+		// is not needed
+		Q_ASSERT(authContext->getDidAuthenticateEac1());
+		Q_ASSERT(!authContext->encodeEffectiveChat().isEmpty());
+		certificateDescription = authContext->getDidAuthenticateEac1()->getCertificateDescriptionAsBinary();
+		effectiveChat = authContext->encodeEffectiveChat();
+	}
+
 	qDebug() << "Establish Pace connection with CAN";
-	mConnections += cardConnection->callEstablishPaceChannelCommand(this, &StateEstablishPaceCan::onEstablishConnectionDone, PACE_PASSWORD_ID::PACE_CAN, getContext()->getCan());
+	mConnections += cardConnection->callEstablishPaceChannelCommand(
+			this,
+			&StateEstablishPaceCan::onEstablishConnectionDone,
+			PACE_PASSWORD_ID::PACE_CAN,
+			getContext()->getCan(),
+			effectiveChat,
+			certificateDescription);
 	getContext()->setCan(QString());
 }
 
@@ -34,6 +57,12 @@ void StateEstablishPaceCan::onUserCancelled()
 void StateEstablishPaceCan::onEstablishConnectionDone(QSharedPointer<BaseCardCommand> pCommand)
 {
 	const CardReturnCode returnCode = pCommand->getReturnCode();
+	if (getContext()->isCanAllowedMode())
+	{
+		auto paceCommand = pCommand.staticCast<EstablishPaceChannelCommand>();
+		getContext()->setPaceOutputData(paceCommand->getPaceOutput());
+	}
+
 	switch (returnCode)
 	{
 		case CardReturnCode::OK:
diff --git a/src/core/states/StateSelectPasswordId.cpp b/src/core/states/StateSelectPasswordId.cpp
new file mode 100644
index 000000000..9560a5056
--- /dev/null
+++ b/src/core/states/StateSelectPasswordId.cpp
@@ -0,0 +1,28 @@
+/*!
+ * \copyright Copyright (c) 2018 Governikus GmbH & Co. KG, Germany
+ */
+
+#include "StateSelectPasswordId.h"
+
+
+using namespace governikus;
+
+
+StateSelectPasswordId::StateSelectPasswordId(const QSharedPointer<WorkflowContext>& pContext)
+	: AbstractGenericState(pContext)
+{
+}
+
+
+void StateSelectPasswordId::run()
+{
+	const bool canAllowed = getContext()->isCanAllowedMode();
+	qDebug() << "CAN allowed:" << canAllowed;
+	if (canAllowed)
+	{
+		Q_EMIT firePasswordIdCAN();
+		return;
+	}
+
+	Q_EMIT fireContinue();
+}
diff --git a/src/core/states/StateSelectPasswordId.h b/src/core/states/StateSelectPasswordId.h
new file mode 100644
index 000000000..275d1ec40
--- /dev/null
+++ b/src/core/states/StateSelectPasswordId.h
@@ -0,0 +1,27 @@
+/*!
+ * \copyright Copyright (c) 2018 Governikus GmbH & Co. KG, Germany
+ */
+
+#pragma once
+
+#include "AbstractGenericState.h"
+
+#include "context/WorkflowContext.h"
+
+namespace governikus
+{
+
+class StateSelectPasswordId
+	: public AbstractGenericState<WorkflowContext>
+{
+	Q_OBJECT
+	friend class StateBuilder;
+
+	StateSelectPasswordId(const QSharedPointer<WorkflowContext>& pContext);
+	virtual void run() override;
+
+	Q_SIGNALS:
+		void firePasswordIdCAN();
+};
+
+} /* namespace governikus */
diff --git a/src/core/states/StateSelectReader.cpp b/src/core/states/StateSelectReader.cpp
index 363c9985e..999789bb0 100644
--- a/src/core/states/StateSelectReader.cpp
+++ b/src/core/states/StateSelectReader.cpp
@@ -68,7 +68,8 @@ void StateSelectReader::onReaderInfoChanged()
 	const ReaderInfo& readerInfo = selectableReaders.first();
 	const QString readerName = readerInfo.getName();
 	context->setReaderName(readerName);
-	qCDebug(statemachine) << "Select first found reader" << readerName << "of type" << readerInfo.getPlugInType();
+	qCDebug(statemachine) << "Select first found reader:" << readerName;
+	qCDebug(statemachine) << "Type:" << readerInfo.getPlugInType() << "BasicReader:" << readerInfo.isBasicReader();
 
 	Q_EMIT fireContinue();
 }
diff --git a/src/global/Env.h b/src/global/Env.h
index 9e73036b9..94257cf13 100644
--- a/src/global/Env.h
+++ b/src/global/Env.h
@@ -150,8 +150,14 @@ class Env
 		template<typename T>
 		inline T* fetchSingleton()
 		{
+			#if (QT_VERSION >= QT_VERSION_CHECK(5, 11, 0))
+			static_assert(QtPrivate::IsGadgetHelper<T>::IsRealGadget || QtPrivate::IsPointerToTypeDerivedFromQObject<T*>::Value,
+					"Singletons needs to be a Q_GADGET or an QObject/Q_OBJECT");
+			#else
 			static_assert(QtPrivate::IsGadgetHelper<T>::Value || QtPrivate::IsPointerToTypeDerivedFromQObject<T*>::Value,
 					"Singletons needs to be a Q_GADGET or an QObject/Q_OBJECT");
+			#endif
+
 			Identifier id = T::staticMetaObject.className();
 			void* obj = fetchStoredSingleton(id);
 
@@ -236,8 +242,13 @@ class Env
 		template<typename T>
 		static QSharedPointer<T> getShared()
 		{
+			#if (QT_VERSION >= QT_VERSION_CHECK(5, 11, 0))
+			static_assert(QtPrivate::IsGadgetHelper<T>::IsRealGadget || QtPrivate::IsPointerToTypeDerivedFromQObject<T*>::Value,
+					"Shared class needs to be a Q_GADGET or an QObject/Q_OBJECT");
+			#else
 			static_assert(QtPrivate::IsGadgetHelper<T>::Value || QtPrivate::IsPointerToTypeDerivedFromQObject<T*>::Value,
 					"Shared class needs to be a Q_GADGET or an QObject/Q_OBJECT");
+			#endif
 
 			auto& holder = getInstance().mSharedInstances;
 			const auto* className = T::staticMetaObject.className();
diff --git a/src/qml/NumberModel.cpp b/src/qml/NumberModel.cpp
index 6bd54cbe8..e943f5355 100644
--- a/src/qml/NumberModel.cpp
+++ b/src/qml/NumberModel.cpp
@@ -36,6 +36,7 @@ void NumberModel::resetContext(const QSharedPointer<WorkflowContext>& pContext)
 	{
 		connect(mContext.data(), &WorkflowContext::fireCanChanged, this, &NumberModel::fireCanChanged);
 		connect(mContext.data(), &WorkflowContext::firePinChanged, this, &NumberModel::firePinChanged);
+		connect(mContext.data(), &WorkflowContext::fireCanAllowedModeChanged, this, &NumberModel::fireCanAllowedModeChanged);
 
 		const auto changePinContext = mContext.objectCast<ChangePinContext>();
 		if (changePinContext)
@@ -55,6 +56,7 @@ void NumberModel::resetContext(const QSharedPointer<WorkflowContext>& pContext)
 	Q_EMIT firePukChanged();
 	Q_EMIT fireInputErrorChanged();
 	Q_EMIT fireReaderInfoChanged();
+	Q_EMIT fireCanAllowedModeChanged();
 }
 
 
@@ -138,6 +140,12 @@ void NumberModel::setPuk(const QString& pPuk)
 }
 
 
+bool NumberModel::hasError()
+{
+	return !getInputError().isEmpty() || isExtendedLengthApdusUnsupported() || isPinDeactivated();
+}
+
+
 QString NumberModel::getInputError() const
 {
 	if (mContext.isNull()
@@ -237,6 +245,16 @@ bool NumberModel::isCardConnected() const
 }
 
 
+bool NumberModel::isCanAllowedMode()
+{
+	if (mContext)
+	{
+		return mContext->isCanAllowedMode();
+	}
+	return false;
+}
+
+
 void NumberModel::onReaderInfoChanged(const QString& pReaderName)
 {
 	if (mContext && pReaderName == mContext->getReaderName())
diff --git a/src/qml/NumberModel.h b/src/qml/NumberModel.h
index 8cb9d7836..890a01604 100644
--- a/src/qml/NumberModel.h
+++ b/src/qml/NumberModel.h
@@ -23,11 +23,13 @@ class NumberModel
 	Q_PROPERTY(QString pin READ getPin WRITE setPin NOTIFY firePinChanged)
 	Q_PROPERTY(QString newPin READ getNewPin WRITE setNewPin NOTIFY fireNewPinChanged)
 	Q_PROPERTY(QString puk READ getPuk WRITE setPuk NOTIFY firePukChanged)
+	Q_PROPERTY(bool hasError READ hasError NOTIFY fireReaderInfoChanged)
 	Q_PROPERTY(QString inputError READ getInputError NOTIFY fireInputErrorChanged)
 	Q_PROPERTY(int retryCounter READ getRetryCounter NOTIFY fireReaderInfoChanged)
 	Q_PROPERTY(bool extendedLengthApdusUnsupported READ isExtendedLengthApdusUnsupported NOTIFY fireReaderInfoChanged)
 	Q_PROPERTY(bool pinDeactivated READ isPinDeactivated NOTIFY fireReaderInfoChanged)
 	Q_PROPERTY(bool cardConnected READ isCardConnected NOTIFY fireReaderInfoChanged)
+	Q_PROPERTY(bool isCanAllowedMode READ isCanAllowedMode NOTIFY fireCanAllowedModeChanged)
 
 	QSharedPointer<WorkflowContext> mContext;
 
@@ -53,6 +55,8 @@ class NumberModel
 		QString getPuk() const;
 		void setPuk(const QString& pPuk);
 
+		bool hasError();
+
 		QString getInputError() const;
 
 		int getRetryCounter() const;
@@ -63,6 +67,8 @@ class NumberModel
 
 		bool isCardConnected() const;
 
+		bool isCanAllowedMode();
+
 	private Q_SLOTS:
 		void onReaderInfoChanged(const QString& pReaderName);
 
@@ -73,6 +79,7 @@ class NumberModel
 		void firePukChanged();
 		void fireInputErrorChanged();
 		void fireReaderInfoChanged();
+		void fireCanAllowedModeChanged();
 };
 
 
diff --git a/src/remote_device/RemoteDeviceModel.cpp b/src/remote_device/RemoteDeviceModel.cpp
index 73b807b2b..10ad935aa 100644
--- a/src/remote_device/RemoteDeviceModel.cpp
+++ b/src/remote_device/RemoteDeviceModel.cpp
@@ -215,13 +215,13 @@ QVariant RemoteDeviceModel::data(const QModelIndex& pIndex, int pRole) const
 	switch (pRole)
 	{
 		case Qt::DisplayRole:
-			switch (pIndex.column())
+			if (pIndex.column() == ColumnId::ReaderStatus)
 			{
-				case ColumnId::ReaderName:
-					return reader.getDeviceName();
-
-				case ColumnId::ReaderStatus:
-					return getStatus(reader);
+				return getStatus(reader);
+			}
+			else
+			{
+				return reader.getDeviceName();
 			}
 
 		case REMOTE_DEVICE_NAME:
diff --git a/src/widget/PinSettingsWidget.cpp b/src/widget/PinSettingsWidget.cpp
index 6a03d0849..9e8929782 100644
--- a/src/widget/PinSettingsWidget.cpp
+++ b/src/widget/PinSettingsWidget.cpp
@@ -179,15 +179,6 @@ void PinSettingsWidget::updateReadersWithoutNPA(const QVector<ReaderInfo>& pRead
 	mMode = Mode::Normal;
 	mUi->headerStackedWidget->setCurrentWidget(mUi->errorNoNpaHeaderPage);
 
-	bool readerWithInsufficientApduLength = false;
-	for (const auto& readerInfo : pReaderInfos)
-	{
-		if (!readerInfo.sufficientApduLength())
-		{
-			readerWithInsufficientApduLength = true;
-		}
-	}
-
 	bool basicReaderPage = false;
 	if (pReaderInfos.size() == 1)
 	{
@@ -202,21 +193,11 @@ void PinSettingsWidget::updateReadersWithoutNPA(const QVector<ReaderInfo>& pRead
 			QPixmap pixmap(readerInfo.getReaderConfigurationInfo().getIcon()->lookupPath());
 			mUi->noNpaLabel->setPixmap(pixmap.scaledToWidth(SCALEWIDTH, Qt::SmoothTransformation));
 		}
-
-		if (readerWithInsufficientApduLength)
-		{
-			mUi->headerStackedWidget->setCurrentWidget(mUi->errorInsufficientApduLengthSingle);
-		}
 	}
 	else
 	{
 		QPixmap pixmap(ReaderConfiguration::getMultipleReaderIconPath());
 		mUi->noNpaLabel->setPixmap(pixmap.scaledToWidth(250, Qt::SmoothTransformation));
-
-		if (readerWithInsufficientApduLength)
-		{
-			mUi->headerStackedWidget->setCurrentWidget(mUi->errorInsufficientApduLengthMulti);
-		}
 	}
 
 	mUi->stackedWidget->setCurrentWidget(basicReaderPage ? mUi->changePinBasicPage : mUi->errorNoNpaPage);
@@ -257,17 +238,39 @@ bool PinSettingsWidget::updateReadersForOneNPA(const ReaderInfo& pReaderInfo)
 		setupPinSuccessfullyChangedPage(pReaderInfo);
 		mUi->headerStackedWidget->setCurrentWidget(mUi->pinSuccessHeaderPage);
 		mUi->stackedWidget->setCurrentWidget(mUi->pinSuccessPage);
+		mUi->canEdit->clear();
+		mUi->oldPinEdit->clear();
+		mUi->newPinEdit->clear();
+		mUi->repeatNewPinEdit->clear();
+		mUi->pukEdit->clear();
 		return true;
 	}
 
-	if (mPinDeactivated)
+	if (pReaderInfo.isBasicReader())
+	{
+		setupPinBasicPage(pReaderInfo);
+		mUi->stackedWidget->setCurrentWidget(mUi->changePinBasicPage);
+	}
+	else
 	{
-		if (pReaderInfo.isBasicReader())
+		setupPinComfortPage(pReaderInfo);
+		mUi->stackedWidget->setCurrentWidget(mUi->changePinComfortPage);
+	}
+
+	if (!pReaderInfo.sufficientApduLength())
+	{
+		if (!pReaderInfo.isBasicReader())
 		{
-			setupPinBasicPage(pReaderInfo);
-			mUi->stackedWidget->setCurrentWidget(mUi->changePinBasicPage);
+			mUi->stackedWidget->setCurrentWidget(mUi->errorNoNpaPage);
 		}
-		else
+
+		mUi->headerStackedWidget->setCurrentWidget(mUi->errorInsufficientApduLength);
+		return false;
+	}
+
+	if (mPinDeactivated)
+	{
+		if (!pReaderInfo.isBasicReader())
 		{
 			QPixmap pixmap(pReaderInfo.getReaderConfigurationInfo().getIconWithNPA()->lookupPath());
 			mUi->deactivatedReaderImageLabel->setPixmap(pixmap.scaledToWidth(SCALEWIDTH, Qt::SmoothTransformation));
@@ -278,17 +281,6 @@ bool PinSettingsWidget::updateReadersForOneNPA(const ReaderInfo& pReaderInfo)
 		return false;
 	}
 
-	if (pReaderInfo.isBasicReader())
-	{
-		setupPinBasicPage(pReaderInfo);
-		mUi->stackedWidget->setCurrentWidget(mUi->changePinBasicPage);
-	}
-	else
-	{
-		setupPinComfortPage(pReaderInfo);
-		mUi->stackedWidget->setCurrentWidget(mUi->changePinComfortPage);
-	}
-
 	return !pReaderInfo.isBasicReader();
 }
 
diff --git a/src/widget/PinSettingsWidget.ui b/src/widget/PinSettingsWidget.ui
index a7fc94ea6..ce8c490e9 100644
--- a/src/widget/PinSettingsWidget.ui
+++ b/src/widget/PinSettingsWidget.ui
@@ -370,7 +370,7 @@ However, you can change your PIN on your smartphone directly as long as the remo
        </item>
       </layout>
      </widget>
-	 <widget class="QWidget" name="errorInsufficientApduLengthSingle">
+	 <widget class="QWidget" name="errorInsufficientApduLength">
 	  <layout class="QVBoxLayout" name="verticalLayout_29">
 	   <property name="spacing">
 	    <number>0</number>
@@ -396,44 +396,6 @@ However, you can change your PIN on your smartphone directly as long as the remo
 		  <string>&lt;html&gt;
 &lt;h4&gt;Extended Length is not supported.&lt;/h4&gt;
 &lt;p&gt;Your remote reader does not meet the technical requirements (Extended Length not supported).&lt;/p&gt;
-&lt;/html&gt;</string>
-         </property>
-		 <property name="alignment">
-		  <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set>
-		 </property>
-		 <property name="wordWrap">
-		  <bool>true</bool>
-		 </property>
-		</widget>
-		</item>
-	  </layout>
-	 </widget>
-	 <widget class="QWidget" name="errorInsufficientApduLengthMulti">
-	  <layout class="QVBoxLayout" name="verticalLayout_30">
-	   <property name="spacing">
-	    <number>0</number>
-		</property>
-	   <property name="leftMargin">
-	    <number>0</number>
-		</property>
-	   <property name="topMargin">
-	    <number>0</number>
-		</property>
-	   <property name="rightMargin">
-	    <number>0</number>
-		</property>
-	   <property name="bottomMargin">
-	    <number>0</number>
-		</property>
-	   <item>
-	    <widget class="QLabel" name="label_30">
-		 <property name="focusPolicy">
-		  <enum>Qt::TabFocus</enum>
-		 </property>
-		 <property name="text">
-		  <string>&lt;html&gt;
-&lt;h4&gt;Extended Length is not supported.&lt;/h4&gt;
-&lt;p&gt;At least one of your card readers does not meet the technical requirements (Extended Length not supported). Please place the ID card on a different card reader.&lt;/p&gt;
 &lt;/html&gt;</string>
          </property>
 		 <property name="alignment">
diff --git a/src/widget/ReaderDeviceWidget.cpp b/src/widget/ReaderDeviceWidget.cpp
index 6d5168d89..2a7332119 100644
--- a/src/widget/ReaderDeviceWidget.cpp
+++ b/src/widget/ReaderDeviceWidget.cpp
@@ -172,7 +172,7 @@ void ReaderDeviceWidget::updateInfoText()
 	{
 		if (mLocalReaderDataModel.rowCount() == 0)
 		{
-			infoText = tr("No card reader detected");
+			infoText = tr("Please connect suitable card reader");
 		}
 		else
 		{
@@ -294,7 +294,7 @@ void ReaderDeviceWidget::onConnectClicked()
 		setEnabled(false);
 
 		QMessageBox pairingInfoBox(this);
-		pairingInfoBox.setText(tr("Start the pairing mode on the other device if it is not already started."));
+		pairingInfoBox.setText(tr("Please start pairing mode first."));
 		pairingInfoBox.setWindowModality(Qt::WindowModal);
 		pairingInfoBox.setWindowFlags(pairingInfoBox.windowFlags() & ~Qt::WindowContextHelpButtonHint);
 		pairingInfoBox.setStandardButtons(QMessageBox::Ok | QMessageBox::Cancel);
diff --git a/src/widget/ReaderDriverModel.cpp b/src/widget/ReaderDriverModel.cpp
index b7ee9f016..c09fea1ca 100644
--- a/src/widget/ReaderDriverModel.cpp
+++ b/src/widget/ReaderDriverModel.cpp
@@ -72,10 +72,10 @@ QString ReaderDriverModel::getStatus(const ReaderConfigurationInfo& pReaderConfi
 
 	if (mKnownDrivers.contains(pReaderConfigurationInfo))
 	{
-		return tr("Connected w/ driver");
+		return tr("Driver installed");
 	}
 
-	return tr("Connected w/o driver");
+	return tr("No driver installed");
 }
 
 
@@ -155,10 +155,10 @@ QString ReaderDriverModel::getHTMLDescription(const QModelIndex& pIndex) const
 
 	if (mKnownDrivers.contains(mConnectedReaders.at(pIndex.row())))
 	{
-		return tr("Device is installed correctly.");
+		return tr("Card reader ready for use.");
 	}
 
-	return tr("Device is not configured, please download and install the driver you can find at url: %1").
+	return tr("Please download and install the driver you can find at: %1").
 		   arg(QStringLiteral("<a href=\"%1\">%1</a>").arg(mConnectedReaders.at(pIndex.row()).getUrl()));
 }
 
diff --git a/src/widget/SetupAssistantWizard.cpp b/src/widget/SetupAssistantWizard.cpp
index abc640d47..5cb086124 100644
--- a/src/widget/SetupAssistantWizard.cpp
+++ b/src/widget/SetupAssistantWizard.cpp
@@ -101,7 +101,7 @@ QWizardPage* SetupAssistantWizard::createWizardInitialPinPage()
 
 	const auto& welcome = tr("Welcome to the AusweisApp2 setup assistant."
 							 " This assistant will guide you through the setup process in %1 steps."
-							 " The setup assistant can be cancelled at any time and can be started again later from the Help menu.").arg(mPageCount);
+							 " You can cancel the setup assistant at any time. To restart it, go to the tab \"Help\" and select \"Setup assistant\".").arg(mPageCount);
 	QLabel* label = new QLabel(welcome);
 	label->setWordWrap(true);
 	label->setFocusPolicy(Qt::TabFocus);
@@ -111,8 +111,7 @@ QWizardPage* SetupAssistantWizard::createWizardInitialPinPage()
 	initialPinPageLayout->addWidget(label);
 
 	const auto& historyTitle = tr("History");
-	const auto& historySummary = tr("AusweisApp2 offers saving the course of your authentications in a history."
-									" Subsequently you can activate this option.");
+	const auto& historySummary = tr("Do you want to save the history of your authentications?");
 	QLabel* historyDescLabel = new QLabel(createDescription(historyTitle, historySummary));
 	historyDescLabel->setWordWrap(true);
 	historyDescLabel->setFocusPolicy(Qt::TabFocus);
@@ -171,9 +170,8 @@ QWizardPage* SetupAssistantWizard::createConclusionPage()
 
 
 	const auto& title = tr("Personal 6 - digit PIN");
-	const auto& desc = tr("Prior to the first use of the online identification function you have to replace the transport PIN by an individual 6-digit PIN."
-						  " The AusweisApp's PIN management offers this function."
-						  " For replacing the transport PIN you need the letter sent to you by your competent authority.");
+	const auto& desc = tr("Prior to the first use of the online identification function, you have to replace the transport PIN by an individual 6-digit PIN. "
+						  "The transport PIN was sent to you by postal mail.");
 	QLabel* transportPinLabel = new QLabel(createDescription(title, desc));
 	transportPinLabel->setWordWrap(true);
 	transportPinLabel->setFocusPolicy(Qt::TabFocus);
@@ -182,7 +180,7 @@ QWizardPage* SetupAssistantWizard::createConclusionPage()
 	conclusionPageVLayout->addWidget(transportPinLabel);
 
 	mChangeTransportPinButton = new QPushButton(conclusionPage);
-	mChangeTransportPinButton->setText(tr("Change PIN"));
+	mChangeTransportPinButton->setText(tr("Set individual PIN"));
 	connect(mChangeTransportPinButton.data(), &QAbstractButton::clicked, this, &SetupAssistantWizard::onChangeTransportPinButtonPressed);
 
 	QSizePolicy transportPinSizePolicy(QSizePolicy::Fixed, QSizePolicy::Fixed);
@@ -193,16 +191,16 @@ QWizardPage* SetupAssistantWizard::createConclusionPage()
 
 	conclusionPageVLayout->addWidget(mChangeTransportPinButton);
 
-
-	const auto conclusionDesc = tr("AusweisApp2 is now ready for use."
-								   " You can further configure AusweisApp2 via the \"Settings\" dialog from the navigation section."
-								   " AusweisApp2 uses the proxy settings configured in your system."
-								   " This setup assistant can be started at any time from the \"Help\" menu."
-								   " The \"Finish\" button closes the setup assistant.");
+	const QString onlineHelpUrl = HelpAction::getOnlineUrl(QStringLiteral("setupAssistantSetupCompleted"));
+	const auto conclusionDesc =
+			tr("AusweisApp2 is now ready for use."
+			   " For more information on the software or the online identification function, visit the %1online help%2.")
+			.arg(QStringLiteral("<a href=\"%1\">").arg(onlineHelpUrl), QStringLiteral("</a>"));
 	QLabel* conclusionDescLabel = new QLabel(QStringLiteral("<br>") + conclusionDesc);
 	conclusionDescLabel->setWordWrap(true);
 	conclusionDescLabel->setFocusPolicy(Qt::TabFocus);
 	conclusionDescLabel->setAccessibleName(createAccessibleName(almostDone, conclusionDesc));
+	conclusionDescLabel->setOpenExternalLinks(true);
 
 	conclusionPageVLayout->addWidget(conclusionDescLabel);
 
diff --git a/src/widget/generic/GuiUtils.cpp b/src/widget/generic/GuiUtils.cpp
index 6f62c5d49..7b8269e04 100644
--- a/src/widget/generic/GuiUtils.cpp
+++ b/src/widget/generic/GuiUtils.cpp
@@ -13,7 +13,7 @@
 using namespace governikus;
 
 
-void GuiUtils::showPinCanPukErrorDialog(CardReturnCode pReturnCode, int pRetryCounter, QWidget* pParent)
+void GuiUtils::showPinCanPukErrorDialog(CardReturnCode pReturnCode, int pRetryCounter, bool pCanAllowedMode, QWidget* pParent)
 {
 	QMessageBox messageBox(pParent);
 	QString title;
@@ -22,9 +22,16 @@ void GuiUtils::showPinCanPukErrorDialog(CardReturnCode pReturnCode, int pRetryCo
 	{
 		case CardReturnCode::INVALID_CAN:
 			title = tr("Wrong card access number (CAN)");
-			text = tr("The given card access number (CAN) is not correct. You have one more try to enter the correct PIN."
-					  " Please mind that you have to acknowledge this last try with your card access"
-					  " number (CAN).");
+			if (pCanAllowedMode)
+			{
+				text = tr("The given card access number (CAN) is not correct.");
+			}
+			else
+			{
+				text = tr("The given card access number (CAN) is not correct. You have one more try to enter the correct PIN."
+						  " Please mind that you have to acknowledge this last try with your card access"
+						  " number (CAN).");
+			}
 			break;
 
 		case CardReturnCode::INVALID_PUK:
diff --git a/src/widget/generic/GuiUtils.h b/src/widget/generic/GuiUtils.h
index 3cb5534e4..710b2a032 100644
--- a/src/widget/generic/GuiUtils.h
+++ b/src/widget/generic/GuiUtils.h
@@ -22,7 +22,7 @@ class GuiUtils
 	Q_OBJECT
 
 	public:
-		static void showPinCanPukErrorDialog(CardReturnCode pReturnCode, int pRetryCounter, QWidget* pParent);
+		static void showPinCanPukErrorDialog(CardReturnCode pReturnCode, int pRetryCounter, bool pCanAllowedMode, QWidget* pParent);
 		static bool showWrongPinBlockedDialog(QWidget* pParent);
 };
 
diff --git a/src/widget/generic/HelpAction.cpp b/src/widget/generic/HelpAction.cpp
index c77ddafed..a69aabc7f 100644
--- a/src/widget/generic/HelpAction.cpp
+++ b/src/widget/generic/HelpAction.cpp
@@ -26,12 +26,14 @@ Q_DECLARE_LOGGING_CATEGORY(gui)
 //Mapping object name to help file, \see AppQtMainWidget::onContentActionClicked()
 const QMap<QString, QString> HelpAction::mHelpMapping = {
 	{QStringLiteral("setupAssistant"), QStringLiteral("wizard-info.html")},
+	{QStringLiteral("setupAssistantSetupCompleted"), QString()},
 	{QStringLiteral("ausweisenPage"), QStringLiteral("identify.html")},
 	{QStringLiteral("providerPage"), QStringLiteral("provider.html")},
 	{QStringLiteral("historyPage"), QStringLiteral("history.html")},
 	{QStringLiteral("generalTab"), QStringLiteral("settings-general.html")},
 	{QStringLiteral("pinTab"), QStringLiteral("settings-pin-management.html")},
-	{QStringLiteral("readerDeviceTab"), QStringLiteral("settings-reader-detection.html")}
+	{QStringLiteral("readerDeviceTab"), QStringLiteral("settings-reader-detection.html")},
+	{QStringLiteral("stepChooseCardGui"), QStringLiteral("settings-reader-detection.html")}
 };
 
 
diff --git a/src/widget/step/StepAuthenticationEac1Gui.cpp b/src/widget/step/StepAuthenticationEac1Gui.cpp
index ccc6b477e..2911a2136 100644
--- a/src/widget/step/StepAuthenticationEac1Gui.cpp
+++ b/src/widget/step/StepAuthenticationEac1Gui.cpp
@@ -92,7 +92,7 @@ void StepAuthenticationEac1Gui::incorrectPinError()
 {
 	mWidget->updateButtonsAndPinWidget();
 
-	GuiUtils::showPinCanPukErrorDialog(mContext->getLastPaceResult(), mContext->getCardConnection()->getReaderInfo().getRetryCounter(), mStepsWidget->window());
+	GuiUtils::showPinCanPukErrorDialog(mContext->getLastPaceResult(), mContext->getCardConnection()->getReaderInfo().getRetryCounter(), mContext->isCanAllowedMode(), mStepsWidget->window());
 }
 
 
@@ -124,7 +124,14 @@ void StepAuthenticationEac1Gui::onShowPayAttentionToReader()
 
 void StepAuthenticationEac1Gui::onPinUpdated(const QString& pPin)
 {
-	mPin = pPin;
+	if (!mContext->isCanAllowedMode())
+	{
+		mPin = pPin;
+	}
+	else
+	{
+		mCan = pPin;
+	}
 }
 
 
diff --git a/src/widget/step/StepAuthenticationEac1Widget.cpp b/src/widget/step/StepAuthenticationEac1Widget.cpp
index 97eacb89a..9345d1cca 100644
--- a/src/widget/step/StepAuthenticationEac1Widget.cpp
+++ b/src/widget/step/StepAuthenticationEac1Widget.cpp
@@ -120,7 +120,11 @@ void StepAuthenticationEac1Widget::updateButtonsAndPinWidget()
 {
 	Q_EMIT setCancelButtonState(ButtonState::ENABLED);
 
-	if (mContext->getCardConnection()->getReaderInfo().getRetryCounter() == 1)
+	if (mContext->isCanAllowedMode())
+	{
+		mUi->pinGroupBox->setTitle(tr("Please enter the six-digit card access number (CAN) for identification."));
+	}
+	else if (mContext->getCardConnection()->getReaderInfo().getRetryCounter() == 1)
 	{
 		mUi->pinGroupBox->setTitle(tr("Please enter your six-digit card access number (CAN) and your PIN for identification."));
 	}
@@ -362,7 +366,7 @@ void StepAuthenticationEac1Widget::createBasicReaderWidget()
 
 	const auto& allowedDigitsMsg = tr("Only digits (0-9) are permitted.");
 	QRegularExpression onlyNumbersExpression(QStringLiteral("[0-9]*"));
-	if (mContext->getCardConnection()->getReaderInfo().getRetryCounter() == 1)
+	if (mContext->getCardConnection()->getReaderInfo().getRetryCounter() == 1 && !mContext->isCanAllowedMode())
 	{
 		mCANField = new PasswordEdit();
 		mCANField->setAccessibleName(tr("please enter your can"));
@@ -399,12 +403,13 @@ void StepAuthenticationEac1Widget::createBasicReaderWidget()
 	mPINField->configureValidation(onlyNumbersExpression, allowedDigitsMsg);
 	connect(mPINField, &PasswordEdit::textEdited, this, &StepAuthenticationEac1Widget::pinTextEdited);
 
-	if (mContext->getCardConnection()->getReaderInfo().getRetryCounter() == 1)
+	if (mContext->getCardConnection()->getReaderInfo().getRetryCounter() == 1 && !mContext->isCanAllowedMode())
 	{
 		mPINField->setEnabled(false);
 	}
 
-	QLabel* pinLabel = new QLabel(tr("PIN:"));
+	const QString labelLabel = mContext->isCanAllowedMode() == false ? tr("PIN:") : tr("CAN:");
+	QLabel* pinLabel = new QLabel(labelLabel);
 	pinLabel->setFocusPolicy(Qt::TabFocus);
 	basicReaderWidgetLayout->addWidget(pinLabel);
 	basicReaderWidgetLayout->addWidget(mPINField);
@@ -615,7 +620,7 @@ void StepAuthenticationEac1Widget::pinTextEdited(const QString& pText)
 
 void StepAuthenticationEac1Widget::focusWidget()
 {
-	if (mContext->getCardConnection()->getReaderInfo().getRetryCounter() == 1)
+	if (mContext->getCardConnection()->getReaderInfo().getRetryCounter() == 1 && !mContext->isCanAllowedMode())
 	{
 		mCANField->setFocus();
 		mCANField->setCursorPosition(0);
diff --git a/src/widget/step/StepChooseCardGui.cpp b/src/widget/step/StepChooseCardGui.cpp
index ddab8141f..bd885541e 100644
--- a/src/widget/step/StepChooseCardGui.cpp
+++ b/src/widget/step/StepChooseCardGui.cpp
@@ -5,6 +5,7 @@
 #include "StepChooseCardGui.h"
 
 #include "Env.h"
+#include "generic/HelpAction.h"
 #include "GuiProfile.h"
 #include "ReaderConfiguration.h"
 #include "step/AuthenticateStepsWidget.h"
@@ -26,22 +27,18 @@ StepChooseCardGui::StepChooseCardGui(const QSharedPointer<AuthContext>& pContext
 	, mContext(pContext)
 	, mWidget(pStepsWidget->getEac1Page())
 	, mInformationMessageBox(new QMessageBox(pStepsWidget))
-	, mDiagnosisGui(new DiagnosisGui(pStepsWidget))
 	, mReaderDeviceGui(new ReaderDeviceGui(pStepsWidget))
 	, mCancelButton(nullptr)
 	, mDeviceButton(nullptr)
-	, mDiagnosisButton(nullptr)
 	, mSubDialogOpen(false)
 {
 	mInformationMessageBox->setWindowTitle(QCoreApplication::applicationName() + QStringLiteral(" - ") + tr("Information"));
 	mInformationMessageBox->setWindowModality(Qt::WindowModal);
 	mInformationMessageBox->setWindowFlags(mInformationMessageBox->windowFlags() & ~Qt::WindowContextHelpButtonHint);
 	mCancelButton = mInformationMessageBox->addButton(tr("Cancel"), QMessageBox::NoRole);
-	mDiagnosisButton = mInformationMessageBox->addButton(tr("Diagnosis"), QMessageBox::YesRole);
 	mDeviceButton = mInformationMessageBox->addButton(tr("Settings"), QMessageBox::YesRole);
-	mDiagnosisButton->setFocus();
+	mDeviceButton->setFocus();
 
-	connect(mDiagnosisGui, &DiagnosisGui::fireFinished, this, &StepChooseCardGui::onSubDialogFinished);
 	connect(mReaderDeviceGui, &ReaderDeviceGui::fireFinished, this, &StepChooseCardGui::onSubDialogFinished);
 }
 
@@ -97,7 +94,6 @@ void StepChooseCardGui::updateErrorMessage(const QString& pTitle, const QString&
 {
 	if (closeErrorMessage || mContext->getStatus().isError())
 	{
-		mDiagnosisGui->deactivate();
 		mReaderDeviceGui->deactivate();
 		mInformationMessageBox->done(QMessageBox::InvalidRole);
 		return;
@@ -129,11 +125,7 @@ void StepChooseCardGui::updateErrorMessage(const QString& pTitle, const QString&
 		}
 
 		mSubDialogOpen = true;
-		if (mInformationMessageBox->clickedButton() == mDiagnosisButton)
-		{
-			mDiagnosisGui->activate();
-		}
-		else if (mInformationMessageBox->clickedButton() == mDeviceButton)
+		if (mInformationMessageBox->clickedButton() == mDeviceButton)
 		{
 			mReaderDeviceGui->activate();
 		}
@@ -168,18 +160,12 @@ void StepChooseCardGui::onReaderManagerSignal()
 {
 	const auto readers = ReaderManager::getInstance().getReaderInfos();
 
-	mDeviceButton->setEnabled(readers.isEmpty());
 	mReaderDeviceGui->reactToReaderCount(readers.size());
 
-	bool readerWithInsufficientApduLength = false;
 	QVector<ReaderInfo> readersWithNpa;
 	QVector<ReaderInfo> remoteReaders;
 	for (const auto& readerInfo : readers)
 	{
-		if (!readerInfo.sufficientApduLength())
-		{
-			readerWithInsufficientApduLength = true;
-		}
 		if (readerInfo.hasEidCard())
 		{
 			readersWithNpa << readerInfo;
@@ -192,61 +178,52 @@ void StepChooseCardGui::onReaderManagerSignal()
 
 	if (readers.size() == 0)
 	{
-		updateErrorMessage(tr("No card reader detected. Please make sure that a card reader is connected."),
-				tr("If you would like to set up a local or remote card reader, click on the \"Settings\" button"
-				   " to open the reader settings."),
-				tr("If you need help or have problems with your card reader click on the"
-				   " \"Diagnosis\" button for further information."),
+		const QString onlineHelpUrl = HelpAction::getOnlineUrl(QStringLiteral("stepChooseCardGui"));
+		const QString onlineHelpText = tr("If you need help or have problems with your card reader, you can consult the "
+										  "%1online help%2 for futher information.")
+				.arg(QStringLiteral("<a href=\"%1\">").arg(onlineHelpUrl), QStringLiteral("</a>"));
+
+		updateErrorMessage(tr("No card reader found. Please connect card reader first."),
+				tr("Please choose \"Settings\" to install a card reader or configure your smartphone as a card reader."),
+				onlineHelpText,
 				false);
 		return;
 	}
 
 	if (readersWithNpa.size() == 0)
 	{
-		if (readerWithInsufficientApduLength)
+		QString remoteReaderInfo;
+		if (remoteReaders.size() > 0)
 		{
-			if (readers.size() == 1)
-			{
-				updateErrorMessage(tr("Extended Length is not supported."),
-						tr("Your remote reader does not meet the technical requirements (Extended Length not supported)."),
-						QString(),
-						false);
-				return;
-			}
-			else
-			{
-				updateErrorMessage(tr("Extended Length is not supported."),
-						tr("At least one of your card readers does not meet the technical requirements (Extended Length not supported). Please place the ID card on a different card reader."),
-						QString(),
-						false);
-			}
-		}
-		else
-		{
-			QString remoteReaderInfo;
-			if (remoteReaders.size() > 0)
-			{
-				remoteReaderInfo = tr("Connected to following remote readers: %1.").arg(connectedRemoteReaderNames());
-			}
-			updateErrorMessage(tr("Please place an ID card on the card reader."),
-					tr("If you have already placed an ID card on your card reader, click on \"Diagnosis\""
-					   " for further information."),
-					remoteReaderInfo,
-					false);
+			remoteReaderInfo = tr("Connected to following remote readers: %1.").arg(connectedRemoteReaderNames());
 		}
+		const QString onlineHelpUrl = HelpAction::getOnlineUrl(QStringLiteral("stepChooseCardGui"));
+		const QString onlineHelpText = tr("If you have already placed an ID card on your card reader, "
+										  "you can consult the %1online help%2 for futher information.")
+				.arg(QStringLiteral("<a href=\"%1\">").arg(onlineHelpUrl), QStringLiteral("</a>"));
+
+		updateErrorMessage(tr("Please place an ID card on the card reader."), onlineHelpText, remoteReaderInfo, false);
 	}
 	else if (readersWithNpa.size() > 1)
 	{
-		updateErrorMessage(tr("Please place only one ID card on the card reader."),
-				tr("Please make sure that only one card reader with an ID card on it is connected to"
-				   " your computer. If you have already placed an ID card on your card reader, click"
-				   " on \"Diagnosis\" for further information."),
-				QString(),
-				false);
+		const QString onlineHelpUrl = HelpAction::getOnlineUrl(QStringLiteral("stepChooseCardGui"));
+		const QString onlineHelpText = tr("Please make sure that only one card reader with an ID card on it is connected to "
+										  "your computer. If you have already placed an ID card on your card reader, "
+										  "you can consult the %1online help%2 for futher information.")
+				.arg(QStringLiteral("<a href=\"%1\">").arg(onlineHelpUrl), QStringLiteral("</a>"));
+
+		updateErrorMessage(tr("Please place only one ID card on the card reader."), onlineHelpText, QString(), false);
 	}
 	else
 	{
-		if (readersWithNpa[0].isPinDeactivated())
+		if (!readersWithNpa[0].sufficientApduLength())
+		{
+			updateErrorMessage(tr("Extended Length is not supported."),
+					tr("Your remote reader does not meet the technical requirements (Extended Length not supported)."),
+					QString(),
+					false);
+		}
+		else if (readersWithNpa[0].isPinDeactivated() && !mContext->isCanAllowedMode())
 		{
 			updateErrorMessage(tr("Online identification function is disabled."),
 					tr("This action cannot be performed. The online identification function of your ID card is deactivated."
diff --git a/src/widget/step/StepChooseCardGui.h b/src/widget/step/StepChooseCardGui.h
index a855f091f..2f74c4604 100644
--- a/src/widget/step/StepChooseCardGui.h
+++ b/src/widget/step/StepChooseCardGui.h
@@ -31,9 +31,8 @@ class StepChooseCardGui
 		const QSharedPointer<AuthContext> mContext;
 		StepAuthenticationEac1Widget* const mWidget;
 		QPointer<QMessageBox> mInformationMessageBox;
-		QPointer<DiagnosisGui> mDiagnosisGui;
 		QPointer<ReaderDeviceGui> mReaderDeviceGui;
-		QPushButton* mCancelButton, * mDeviceButton, * mDiagnosisButton;
+		QPushButton* mCancelButton, * mDeviceButton;
 		bool mSubDialogOpen;
 
 		QString getCurrentReaderImage(const QVector<ReaderInfo>& pReaderInfos);
diff --git a/src/widget/workflow/WorkflowChangePinQtGui.cpp b/src/widget/workflow/WorkflowChangePinQtGui.cpp
index 4ce6e3000..de3418214 100644
--- a/src/widget/workflow/WorkflowChangePinQtGui.cpp
+++ b/src/widget/workflow/WorkflowChangePinQtGui.cpp
@@ -70,7 +70,7 @@ void WorkflowChangePinQtGui::onStateChanged(const QString& pNextState)
 		if (mContext->getLastPaceResult() != CardReturnCode::OK)
 		{
 			auto newRetryCounter = mContext->getCardConnection()->getReaderInfo().getRetryCounter();
-			GuiUtils::showPinCanPukErrorDialog(mContext->getLastPaceResult(), newRetryCounter, mPinSettingsWidget);
+			GuiUtils::showPinCanPukErrorDialog(mContext->getLastPaceResult(), newRetryCounter, mContext->isCanAllowedMode(), mPinSettingsWidget);
 
 			/*
 			 * In the desktop version we cancel the workflow after a wrong user input.
diff --git a/test/qt/configuration/test_ProviderConfigurationParser.cpp b/test/qt/configuration/test_ProviderConfigurationParser.cpp
index 13ca80f26..489496f2f 100644
--- a/test/qt/configuration/test_ProviderConfigurationParser.cpp
+++ b/test/qt/configuration/test_ProviderConfigurationParser.cpp
@@ -250,12 +250,12 @@ class test_ProviderConfigurationParser
 		{
 			QTest::addColumn<int>("count");
 
-			const int desktop = 64;
+			const int desktop = 61;
 			QTest::newRow("win") << desktop;
 			QTest::newRow("mac") << desktop;
 			QTest::newRow("linux") << desktop;
-			QTest::newRow("android") << desktop - 6;
-			QTest::newRow("ios") << 14;
+			QTest::newRow("android") << 56;
+			QTest::newRow("ios") << 13;
 		}
 
 
diff --git a/test/qt/core/states/test_TermsOfUsage.cpp b/test/qt/core/states/test_TermsOfUsage.cpp
index 8f697d9ad..37eb6d4e6 100644
--- a/test/qt/core/states/test_TermsOfUsage.cpp
+++ b/test/qt/core/states/test_TermsOfUsage.cpp
@@ -55,29 +55,37 @@ class test_TermsOfUsage
 		}
 
 
-		void testGetDescTestAutentServer()
+		void testPurpose_data()
 		{
-			QByteArray hexValue("3082022F060A04007F00070301030101A12D0C2B446575747363686520506F737420436F6D2C204765736368C3A466747366656C64205369676E7472757374A2191317687474703A2F2F7777772E7369676E74727573742E6465A3080C06626F73204B47A429132768747470733A2F2F6465762D64656D6F2E676F7665726E696B75732D6569642E64653A38343433A58201580C820154416E736368726966743A0D0A6272656D656E206F6E6C696E6520736572766963657320476D6248202620436F2E204B470D0A416D2046616C6C7475726D20390D0A3238333539204272656D656E0D0A0D0A452D4D61696C2D416472657373653A0D0A686240626F732D6272656D656E2E64650D0A0D0A5A7765636B20646573204175736C657365766F7267616E67733A0D0A44656D6F6E7374726174696F6E20646573206549442D536572766963650D0A0D0A5A757374C3A46E6469676520446174656E73636875747A61756673696368743A0D0A446965204C616E64657362656175667472616774652066C3BC7220446174656E73636875747A20756E6420496E666F726D6174696F6E736672656968656974206465722046726569656E2048616E73657374616474204272656D656E0D0A41726E647473747261C39F6520310D0A3237353730204272656D6572686176656EA74631440420761099A58BFD5334E93A7A78E4F18B760FFCF8F513A4730C8AE9B59BCC0FE8C90420CEABB7E427174BCFFFB3499BF925A5D4A7887AD4FCF7747867912DEBB58D684C");
-			QSharedPointer<const CertificateDescription> certDescr = CertificateDescription::fromHex(hexValue);
-			QVERIFY(certDescr);
-			QCOMPARE(certDescr->getPurpose(), QStringLiteral("Demonstration des eID-Service"));
-		}
+			QTest::addColumn<QByteArray>("hex");
+			QTest::addColumn<QString>("purpose");
 
+			QTest::newRow("DescTestAutentServer")
+				<< QByteArray("3082022F060A04007F00070301030101A12D0C2B446575747363686520506F737420436F6D2C204765736368C3A466747366656C64205369676E7472757374A2191317687474703A2F2F7777772E7369676E74727573742E6465A3080C06626F73204B47A429132768747470733A2F2F6465762D64656D6F2E676F7665726E696B75732D6569642E64653A38343433A58201580C820154416E736368726966743A0D0A6272656D656E206F6E6C696E6520736572766963657320476D6248202620436F2E204B470D0A416D2046616C6C7475726D20390D0A3238333539204272656D656E0D0A0D0A452D4D61696C2D416472657373653A0D0A686240626F732D6272656D656E2E64650D0A0D0A5A7765636B20646573204175736C657365766F7267616E67733A0D0A44656D6F6E7374726174696F6E20646573206549442D536572766963650D0A0D0A5A757374C3A46E6469676520446174656E73636875747A61756673696368743A0D0A446965204C616E64657362656175667472616774652066C3BC7220446174656E73636875747A20756E6420496E666F726D6174696F6E736672656968656974206465722046726569656E2048616E73657374616474204272656D656E0D0A41726E647473747261C39F6520310D0A3237353730204272656D6572686176656EA74631440420761099A58BFD5334E93A7A78E4F18B760FFCF8F513A4730C8AE9B59BCC0FE8C90420CEABB7E427174BCFFFB3499BF925A5D4A7887AD4FCF7747867912DEBB58D684C")
+				<< QStringLiteral("Demonstration des eID-Service");
 
-		void testGetDescRlpDirektServer()
-		{
-			QByteArray hexValue("30820312060A04007F00070301030101A10E0C0C442D547275737420476D6248A2181316687474703A2F2F7777772E642D74727573742E6E6574A33E0C3C4B6F6D6D5769732D476573656C6C73636861667420662E204B6F6D6D756E696B6174696F6E20752E2057697373656E737472616E73666572206D6248A416131468747470733A2F2F74626B2E65776F69732E6465A58201F20C8201EEEFBBBF4E616D652C20416E7363687269667420756E6420452D4D61696C2D4164726573736520646573204469656E7374616E626965746572733A0D0A4B6F6D6D5769732D476573656C6C73636861667420662E204B6F6D6D756E696B6174696F6E20752E2057697373656E737472616E73666572206D62480D0A48696E64656E62757267706C61747A20330D0A3535313138204D61696E7A0D0A737570706F7274406B6F6D6D7769732E64650D0A0D0A4765736368C3A46674737A7765636B3A0D0A41627769636B6C756E6720766F6E2056657277616C74756E67736C65697374756E67656E206D6974204964656E746966696B6174696F6E73626564617266206F686E652052656769737472696572756E6720696D2053696E6E65206465722047656D4F20526865696E6C616E642D5066616C7A0D0A0D0A5A757374C3A46E6469676520446174656E73636875747A626568C3B67264653A0D0A4175667369636874732D20756E64204469656E73746C65697374756E6773646972656B74696F6E2028414444290D0A54726965720D0A57696C6C792D4272616E64742D506C61747A20330D0A35343239302054726965720D0A303635312F393439342D300D0A706F73747374656C6C65406164642E726C702E64650D0A7777772E646174656E73636875747A2E726C702E6465A7818B31818804205B100843E6D2569F2FB5108A2D327D1929ED7EC814531D014B84C2B76B67FE6904209D8EB0BDF36B19C4AF3147E57401FD792845F0413102A7BD784DF9418098BEBE0420DB37C8E02D6D715EFBFB819D9620C0D411BB6D5F8000200148FFCFA3467F71580420EBD2A9610AA53AE1C159B2C7B238451E2C6AF06F7034723BD4B9743196E6A720");
-			QSharedPointer<const CertificateDescription> certDescr = CertificateDescription::fromHex(hexValue);
-			QCOMPARE(certDescr->getPurpose(), QStringLiteral("Abwicklung von Verwaltungsleistungen mit Identifikationsbedarf ohne Registrierung im Sinne der GemO Rheinland-Pfalz"));
+			QTest::newRow("DescRlpDirektServer")
+				<< QByteArray("30820312060A04007F00070301030101A10E0C0C442D547275737420476D6248A2181316687474703A2F2F7777772E642D74727573742E6E6574A33E0C3C4B6F6D6D5769732D476573656C6C73636861667420662E204B6F6D6D756E696B6174696F6E20752E2057697373656E737472616E73666572206D6248A416131468747470733A2F2F74626B2E65776F69732E6465A58201F20C8201EEEFBBBF4E616D652C20416E7363687269667420756E6420452D4D61696C2D4164726573736520646573204469656E7374616E626965746572733A0D0A4B6F6D6D5769732D476573656C6C73636861667420662E204B6F6D6D756E696B6174696F6E20752E2057697373656E737472616E73666572206D62480D0A48696E64656E62757267706C61747A20330D0A3535313138204D61696E7A0D0A737570706F7274406B6F6D6D7769732E64650D0A0D0A4765736368C3A46674737A7765636B3A0D0A41627769636B6C756E6720766F6E2056657277616C74756E67736C65697374756E67656E206D6974204964656E746966696B6174696F6E73626564617266206F686E652052656769737472696572756E6720696D2053696E6E65206465722047656D4F20526865696E6C616E642D5066616C7A0D0A0D0A5A757374C3A46E6469676520446174656E73636875747A626568C3B67264653A0D0A4175667369636874732D20756E64204469656E73746C65697374756E6773646972656B74696F6E2028414444290D0A54726965720D0A57696C6C792D4272616E64742D506C61747A20330D0A35343239302054726965720D0A303635312F393439342D300D0A706F73747374656C6C65406164642E726C702E64650D0A7777772E646174656E73636875747A2E726C702E6465A7818B31818804205B100843E6D2569F2FB5108A2D327D1929ED7EC814531D014B84C2B76B67FE6904209D8EB0BDF36B19C4AF3147E57401FD792845F0413102A7BD784DF9418098BEBE0420DB37C8E02D6D715EFBFB819D9620C0D411BB6D5F8000200148FFCFA3467F71580420EBD2A9610AA53AE1C159B2C7B238451E2C6AF06F7034723BD4B9743196E6A720")
+				<< QStringLiteral("Abwicklung von Verwaltungsleistungen mit Identifikationsbedarf ohne Registrierung im Sinne der GemO Rheinland-Pfalz");
+
+			QTest::newRow("DescAgetoServer")
+				<< QByteArray("3082029E060A04007F00070301030101A1140C12414745544F205365727669636520476D6248A2161314687474703A2F2F7777772E616765746F2E6E6574A3170C15414745544F20496E6E6F766174696F6E20476D6248A421131F68747470733A2F2F6569642E73657276696365732E616765746F2E6E65742FA58201DC0C8201D84E616D652C20416E7363687269667420756E6420452D4D61696C2D4164726573736520646573204469656E7374616E626965746572733A0A414745544F20496E6E6F766174696F6E20476D62480A57696E7A65726C616572205374722E20320A3037373435204A656E610A6E706140616765746F2E6E65740A0A5A7765636B2064657220446174656EC3BC6265726D6974746C756E673A0A4964656E746966697A696572756E6720756E642052656769737472696572756E67207A756D2070657273C3B66E6C696368656E204B756E64656E6B6F6E746F0A0A5A757374C3A46E6469676520446174656E73636875747A626568C3B67264653A0A5468C3BC72696E676572204C616E64657376657277616C74756E6773616D740A5265666572617420486F6865697473616E67656C6567656E68656974656E2C20476566616872656E6162776568720A5765696D6172706C61747A20340A3939343233205765696D61720A0A54656C3A20283033203631292033372037332037322035380A4661783A20283033203631292033372037332037332034360A706F73747374656C6C6540746C7677612E7468756572696E67656E2E64650A416E737072656368706172746E65723A204672617520416E6B65204E65756D616E6EA746314404202E78EBFA001EE9D9F02CCE6B5D93535FC8492FA634BE5BDD679EF430C73864000420D9D682F644CDC3685747104A7CA7C1B3302D81D2A17A88607143F664BF23FF90")
+				<< QStringLiteral("Identifizierung und Registrierung zum pers\u00F6nlichen Kundenkonto");
+
+			QTest::newRow("Empty Purpose")
+				<< QByteArray("30820322060a04007f00070301030101a10e0c0c442d547275737420476d6248a2181316687474703a2f2f7777772e642d74727573742e6e6574a3460c444d696e697374657269756d2066c3bc7220576972747363686166742c20496e6e6f766174696f6e2c204469676974616c6973696572756e6720756e6420456e6572676965a41a131868747470733a2f2f736572766963656b6f6e746f2e6e7277a582021a0c8202164e616d652c20416e7363687269667420756e6420452d4d61696c2d4164726573736520646573204469656e737465616e626965746572733a0d0a4d696e697374657269756d2066c3bc7220576972747363686166742c20496e6e6f766174696f6e2c204469676974616c6973696572756e6720756e6420456e65726769650d0a46726965647269636873747261c39f652036322d38300d0a34303231372044c3bc7373656c646f72660d0a706f73747374656c6c65406d776964652e6e72772e64650d0a0d0a4765736368c3a46674737a7765636b3a0d0a0d0a48696e7765697320617566206469652066c3bc722064656e204469656e737465616e626965746572207a757374c3a46e646967656e205374656c6c656e2c20646965206469652045696e68616c74756e672064657220566f7273636872696674656e207a756d20446174656e73636875747a206b6f6e74726f6c6c696572656e3a0d0a4c616e64657362656175667472616774652066c3bc7220446174656e73636875747a20756e6420496e666f726d6174696f6e736672656968656974204e6f7264726865696e2d0d0a5765737466616c656e0d0a4b6176616c6c6572696573747261c39f6520322d340d0a34303231332044c3bc7373656c646f72660d0a30322031312f3338342032342d300d0a706f73747374656c6c65406c64692e6e72772e64650d0a687474703a2f2f7777772e6c64692e6e72772e6465a768316604204ae5b7dada1346040ebf351b00399f4c0228a771aa128ba74c8b1c23273247e60420883bc461526a4e08e99603f8d41c60ad7cf4711fe1662975e797e816885770650420dadadde7a189cbb7c5f78a77ae5e22f61e646e5d3ce9005d0cbf4b581cdacd4e")
+				<< QString();
 		}
 
 
-		void testGetDescAgetoServer()
+		void testPurpose()
 		{
-			QByteArray hexValue("3082029E060A04007F00070301030101A1140C12414745544F205365727669636520476D6248A2161314687474703A2F2F7777772E616765746F2E6E6574A3170C15414745544F20496E6E6F766174696F6E20476D6248A421131F68747470733A2F2F6569642E73657276696365732E616765746F2E6E65742FA58201DC0C8201D84E616D652C20416E7363687269667420756E6420452D4D61696C2D4164726573736520646573204469656E7374616E626965746572733A0A414745544F20496E6E6F766174696F6E20476D62480A57696E7A65726C616572205374722E20320A3037373435204A656E610A6E706140616765746F2E6E65740A0A5A7765636B2064657220446174656EC3BC6265726D6974746C756E673A0A4964656E746966697A696572756E6720756E642052656769737472696572756E67207A756D2070657273C3B66E6C696368656E204B756E64656E6B6F6E746F0A0A5A757374C3A46E6469676520446174656E73636875747A626568C3B67264653A0A5468C3BC72696E676572204C616E64657376657277616C74756E6773616D740A5265666572617420486F6865697473616E67656C6567656E68656974656E2C20476566616872656E6162776568720A5765696D6172706C61747A20340A3939343233205765696D61720A0A54656C3A20283033203631292033372037332037322035380A4661783A20283033203631292033372037332037332034360A706F73747374656C6C6540746C7677612E7468756572696E67656E2E64650A416E737072656368706172746E65723A204672617520416E6B65204E65756D616E6EA746314404202E78EBFA001EE9D9F02CCE6B5D93535FC8492FA634BE5BDD679EF430C73864000420D9D682F644CDC3685747104A7CA7C1B3302D81D2A17A88607143F664BF23FF90");
-			QSharedPointer<const CertificateDescription> certDescr = CertificateDescription::fromHex(hexValue);
+			QFETCH(QByteArray, hex);
+			QFETCH(QString, purpose);
+
+			QSharedPointer<const CertificateDescription> certDescr = CertificateDescription::fromHex(hex);
 			QVERIFY(certDescr);
-			QCOMPARE(certDescr->getPurpose(), QStringLiteral("Identifizierung und Registrierung zum pers\u00F6nlichen Kundenkonto"));
+			QCOMPARE(certDescr->getPurpose(), purpose);
 		}
 
 
diff --git a/test/qt/network/test_TlsChecker.cpp b/test/qt/network/test_TlsChecker.cpp
index df5153e3a..017b66715 100644
--- a/test/qt/network/test_TlsChecker.cpp
+++ b/test/qt/network/test_TlsChecker.cpp
@@ -93,7 +93,7 @@ class test_TlsChecker
 		void checkCertificateHash()
 		{
 			QVERIFY(!TlsChecker::checkCertificate(certs.at(0), QCryptographicHash::Algorithm::Sha256, QSet<QString>() << "dummy" << "bla bla"));
-			const QString hash = "D06F1E6E5968653E67B4DBE93895C70E9B74B0E28BA5DBCFC3B4540B77F7B88E";
+			const QString hash = QStringLiteral("25:1C:0F:A5:FA:C2:25:39:A5:DF:32:BB:1C:F8:3E:DD:82:E8:5E:A3:85:2E:67:FF:A9:63:E7:20:77:BE:0C:9D").remove(QLatin1Char(':'));
 			QVERIFY(TlsChecker::checkCertificate(certs.at(0), QCryptographicHash::Algorithm::Sha256, QSet<QString>() << "dummy" << hash << "bla bla"));
 		}
 
diff --git a/test/qt/securestorage/test_SecureStorage.cpp b/test/qt/securestorage/test_SecureStorage.cpp
index 6a699c14a..b7ab656be 100644
--- a/test/qt/securestorage/test_SecureStorage.cpp
+++ b/test/qt/securestorage/test_SecureStorage.cpp
@@ -163,16 +163,15 @@ class test_SecureStorage
 			QTest::addColumn<QString>("issuerInfo");
 			QTest::addColumn<QString>("expiryDate");
 
-			QTest::newRow("production") << 0 << "appl.governikus-asp.de" << "TeleSec ServerPass CA 2" << "2018-05-25T23:59:59Z";
+			QTest::newRow("production") << 0 << "appl.governikus-asp.de" << "TeleSec ServerPass Class 2 CA" << "2020-12-06T23:59:59Z";
 			QTest::newRow("ci") << 1 << "*.tf.bos-test.de" << "govkgrootca" << "2018-12-29T09:59:02Z";
-			QTest::newRow("production_2020") << 2 << "appl.governikus-asp.de" << "TeleSec ServerPass Class 2 CA" << "2020-12-06T23:59:59Z";
 		}
 
 
 		void testGetUpdateCertificate()
 		{
 			const auto& certificates = mSecureStorage.getUpdateCertificates();
-			QCOMPARE(certificates.count(), 3);
+			QCOMPARE(certificates.count(), 2);
 
 			QFETCH(int, index);
 			QFETCH(QString, subjectInfo);
diff --git a/test/qt/widget/test_ReaderDriverModel.cpp b/test/qt/widget/test_ReaderDriverModel.cpp
index 86cf55e11..5e02e4ac3 100644
--- a/test/qt/widget/test_ReaderDriverModel.cpp
+++ b/test/qt/widget/test_ReaderDriverModel.cpp
@@ -121,7 +121,7 @@ class test_ReaderDriverModel
 			ReaderDriverModel readerDriverModel;
 			QCOMPARE(readerDriverModel.rowCount(), 1);
 			const auto& index = readerDriverModel.index(0, ReaderDriverModel::ColumnId::ReaderStatus, QModelIndex());
-			QCOMPARE(readerDriverModel.data(index).toString(), tr("Connected w/o driver"));
+			QCOMPARE(readerDriverModel.data(index).toString(), tr("No driver installed"));
 		}
 
 
@@ -145,7 +145,7 @@ class test_ReaderDriverModel
 			ReaderDriverModel readerDriverModel;
 			QCOMPARE(readerDriverModel.rowCount(), 1);
 			const auto& index = readerDriverModel.index(0, ReaderDriverModel::ColumnId::ReaderStatus, QModelIndex());
-			QCOMPARE(readerDriverModel.data(index).toString(), tr("Connected w/ driver"));
+			QCOMPARE(readerDriverModel.data(index).toString(), tr("Driver installed"));
 		}
 
 
@@ -162,9 +162,9 @@ class test_ReaderDriverModel
 			ReaderDriverModel readerDriverModel;
 			QCOMPARE(readerDriverModel.rowCount(), 2);
 			index = readerDriverModel.index(0, ReaderDriverModel::ColumnId::ReaderStatus, QModelIndex());
-			QCOMPARE(readerDriverModel.data(index).toString(), tr("Connected w/ driver"));
+			QCOMPARE(readerDriverModel.data(index).toString(), tr("Driver installed"));
 			index = readerDriverModel.index(1, ReaderDriverModel::ColumnId::ReaderStatus, QModelIndex());
-			QCOMPARE(readerDriverModel.data(index).toString(), tr("Connected w/o driver"));
+			QCOMPARE(readerDriverModel.data(index).toString(), tr("No driver installed"));
 		}