Glossary

What exactly is a 'derived identity'? What does BYOD stand for? Or, what does 'privacy by design' mean?

Our glossary contains the most important terms in conjunction with digitisation, IT security and the world of ID. Click the first letter of the word you are interested in and scroll through the list.

A

A law governing the framework conditions for electronic signatures, in German briefly referred to as SigG, from 16 May 2001; defines rules for using electronic signatures.

An electronic signature which pursuant to section 2 of the Act on Digital Signature is exclusively assigned to the signature key holder and enables identification of the holder. This must be generated with means that are under the sole control of the signature key holder. Moreover, this signature is linked to the data to which it refers in such a manner that any later changes can be detected.

A symmetric, freely available encryption method, also referred to as Rijndael algorithm. The key has variable and fully independent lengths of 128, 160, 192, 224 or 256 bits. AES offers a very high level of security and is available license-free.

Programs that trace and eliminate malware on a PC. Installing so-called honeypots is a newer way to ward off attacks. These are traps that appear particularly attractive to attackers.

API literally means Application Programming Interface, or shorter still programming interface. APIs are used in computing to achieve uniform and structured data transfer between programs and program parts.

Abbreviation for application software and usually refers to mobile apps for tablets and smartphones; programs that benefit users. These include, for instance, calendars, carsharing, text processing, navigation, access to databases or computer games. Apps must usually be distinguished from the system software that is responsible for running the computer.

A field of informatics dealing with the development of computer systems that can independently carry out functions for which usually human intelligence is required, for example, logical thinking, solving problems, learning from experience or voice recognition.

A method that uses a public key to convert plain text to a secret text. A secret key can then be used to change the text back to plain text. The advantage of asymmetric methods: Since the public key is not secret, the channel does not have to be protected against eavesdropping. What's decisive here is that the public key can be assigned without doubt to the holder of the pertinent secret key. To ensure this, trusted certification authorities issue digital certificates that assign the public key to the private key.

Special driver software for the electronic ID card. It is needed to use the German ID card in the digital world and to enable communication between a smartcard reader and the ID card. The software can be downloaded free of charge from: https://www.ausweisapp.bund.de/ausweisapp2/.

A. Authentication confirms (verifies) the authenticity of a person, a document or a device.

B. Proof of one's own identity, for instance, through knowledge (e.g. input of a code), possession (presentation of an ID card) or biometric features.

D-TRUST is a provider of authorisation certificates. The Issuing Office for Authorisation Certificates (VfB) decides whether or not a service provider (e.g. online shop) is authorised to use the online ID function of the German ID card. Anyone wishing to receive such authorisation is required to submit a voluntary self-declaration regarding data protection and prove that the data which they wish to read from their customers' ID cards is truly needed for the service to be provided. The authorisation CA then issues the corresponding certificates for service providers at a technical level.

B

A Chinese Internet company, also called Google of China. Its search engine is one of the global websites that are most frequently visited. Baidu also offers a lot of other services such as an encyclopaedia and a map service.

Authentication method used between an inspection system and a machine-readable travel document. This method enables encrypted data exchange. Data can only be read from the passport if the reading party (for instance, the border control officer) has the matching access key. This ensures that data cannot be read or copied by unauthorised parties or without the passport holder's consent.

Big data is understood to be large amounts of mostly unstructured data. It is a term that refers to the rapid rise in data volume and the growing diversity of the data generated. There is vast number of different sources of big data. The biggest producers of big data are social networks, cloud computing and the mobile Internet. New technical systems are now needed in order to process and analyse these ever-larger quantities of data. Private business is particularly keen to analyse these data volumes in order to gain information and identify patterns. The idea here is to collect information in order to be able to forecast future results, ideally in realtime.

The electronic ID card contains biometric data of the card holder. This includes a digital photo and, if requested, two digital fingerprints. The biometric data is stored on the chip of the ID card and access to this data is granted exclusively to authorised, official authorities. These authorities include ID card issuing offices, passport and citizens' registration offices, customs administration, law enforcement authorities, as well as tax authorities in the federal states of Germany. Thanks to the biometric data and computer matching, these official authorities can confirm your identity in a fast and reliable manner.

A measurable physical feature (such as a fingerprint, the face and the arrangement of the nose and mouth, for instance, or a person's iris) or a personal character trait (such as a personal signature or the sound of a person's voice) which is used to confirm the identity of a registered person or to verify an identity.

This term comes from the Greek words 'bios', which means life, and 'métron', which means measure. Biometrics measures people's features, such as the face, finger or iris. Combined with mathematical methods, biometrics is used to identify and verify individuals on the basis of their personal characteristics.

Bitcoins are an electronic currency or cryptocurrency and can be used around the globe for online payments. They are generated on the Internet, digitally signed and managed on the net in a distributed way.

Bitcoins are based on the blockchain technology. All transactions in a blockchain are saved in a distributed database that is managed by all participants. Money transfers are made in a peer-to-peer application where no central organisation such as a conventional bank is required. Thanks to cryptography it is ensured that only the respective owner can carry out transactions and that the money cannot be spent several times.

 

A blockchain is a kind of forgery-proof, virtual ledger where each digital transaction is kept and cannot be altered. This ledger is not stored at a central site, but distributed and fed by servers all over the globe. New transactions are added in a block-wise manner. The transactions must be confirmed by all parties involved before they can be concluded and added to the chain. If a transaction is not confirmed because one of the parties feels betrayed, it will be cancelled.

From a technical point of view, a blockchain is a database. Each new record (block) that is added will get a checksum. This hash value will be stored in the block that is generated next, thus forming a chain. This makes all the transactions traceable. Each participant has basically the same access rights and can see which transactions have been made, but they cannot see who made the transaction.

The most popular example of a blockchain is the digital currency Bitcoin . This method, however, could also be used for other transaction for which intermediaries or guarantors such as notaries are still required today.

Hierarchically structured networks made up of several computers in which so-called bots (short for robots) operate via remote control. Bots are programs that run independently, for instance, they search websites for new content. Activating botnets is considered to be a cybercrime. Criminals use them for DoS attacks and to spread trojans, spam and other malware.

This describes the current trend where employees use their own private devices (smartphones, tablets or laptops) for work and to access company networks. BYOD guidelines determine how IT resources may be used and the preconditions that apply to employee-owned devices in order to ensure security for the company's data. Choose Your Own Device and Corporate Owned, Personally Enabled are other alternative concepts.

C

This refers to direct communication between motor vehicles. They provide traffic participants with information about the traffic situation. Obstacles or dangers in traffic are identified at an early point in time.

This refers to connecting the vehicle to its environment so that it communicates with other vehicles, with traffic infrastructure services and with the Driver.

This term refers to a concept in which many people jointly use vehicles. The carsharing users first sign up with a provider and then receive an individual smartcard that allows them to unlock the car of their choice. Using an app, users can find available vehicles in their vicinity. The fleet is not based at a central Location.

Electronic certificates which were issued and signed by a certification authority and which assign certain information to the holder of the certificate. The most widely used certificate format is X.509.

Contains information as to which certificates were revoked by the certificate holder or other authorised parties.

A Certification Authority (CA) is a trusted organisation that is responsible for creating, issuing, managing and revoking digital certificates. The certification authority acts as a trusted third party within a public key infrastructure (PKI).

Also referred to as: Certification Authority (CA); a service provider registered with the Federal Network Agency according to the  Act on Digital Signature, in the version dated 17 July 2009, and entitled to issue qualified certificates or qualified time stamps.

An authentication method that is based on the knowledge of a participant. One participant sets a challenge which the other participant must respond to in order to prove possession of certain Information.

A changeable image that is laser-engraved into plastic cards. The images are engraved at different angles through an array of cylindrical lenses. The images then appear depending on the angle of Vision.

A combination of chip, chip module and antenna which is integrated into the passport cover or into one of the inside pages of the passport booklet.

This term refers to an IT concept where the employee can choose a mobile device with which they access a company's IT infrastructure. The company provides a limited product list and the employees can usually also use the devices for private purposes too. CYOD is an alternative to BYOD and COPE.

In the world of IT, the cloud is a virtual room in which users store, process and exchange files and programs. Cloud providers make Internet-based services and resources available in the cloud. Private clouds are reserved exclusively for a defined user group, public clouds are open to everyone and hybrid clouds are a mixed form that cover various requirements.

Enables the user to virtually access and to use the resources of the cloud at any time and from any place. The following types must be distinguished: private clouds, public clouds and hybrid clouds.

Cloud provider refers to providers of services – in this case, clouds. 

This term refers to different services and service models that can be used by cloud users. These services include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).

This term refers to the possibility to store data, files and entire programs in a cloud instead of a physical storage medium.

The term refers to the entirety of measures and processes taken by a company or an institution in order to ensure compliance not just with laws and regulations but also with voluntary codes. Compliance management should help to ensure that rules are not violated.

Contact cards must be slid through a card reader or placed on a reading device. The chip module in this smartcard is visible on the card. The data is transferred via the contact surface.

Contactless cards, also called transponder cards, are fitted with an antenna and RFID technology (Radio Frequency IDentification) and can be read from a certain distance without direct contact to the reader. Examples of contactless cards include credit cards, access cards or season tickets for public transport, which only need to be held near to the respective reader.

Cookies are text files that websites store on an Internet user's computer. They usually contain the name of the website where they originated and register the user's behaviour, for instance, automatic personal user data, passwords and the websites visited.

This term describes an IT concept where a company provides its staff with mobile devices that are integrated in the company's own network. The devices remain the employer's property, however, they can be used privately in line with the respective guidelines. COPE allows companies to stay in control of the devices that access their IT resources. COPE is an alternative to BYOD and CYOD..

A certificate issued by the Country Signing Certification Authority (CSCA) that is used to certify the chip in sovereign documents of this country. The CSC is part of a public key infrastructure (PKI).

Methods to convert readable text to encrypted text and vice versa.

This refers to all forms of attack in cyberspace, i.e. within the data level of connected IT systems.  Under the German Criminal Code, cyberattacks are a crime and are subject to prosecution. These include data manipulation (section 303a), data espionage and interception (section 202a and b) as well as preparations for such attacks (section 202c).

This term refers to all crimes that are 'committed using or against information and communication technology'. As understood by the Federal Criminal Police Office, cybercrime refers to specific phenomena and manifestations where elements of electronic data processing are primarily used to commit the crime.

D

Comes from the Greek words 'daktulos' for finger and 'scopy' (look); a recognised method for identifying people on the basis of their fingerprints. A fingerprint is considered to be a permanent and unique feature of a person.

A method to protect sensitive electronic data which is used when data is saved on computers or transmitted. Encrypted data cannot be tapped and hence cannot be misused.

Widely used symmetric encryption algorithm. In 1977, the US government confirmed DES as the official standard and is now widely used around the globe. It has a key length of 56 bits which can be increased by applying it several times. (See also: Asymmetric encryption)

 

This refers to the correct and unchanged status of protected files. Data integrity specifically means that data is not damaged during saving, transmission and process, that it remains intact and functional. Together with data security and data protection, data integrity is part of secure information processing.

This term covers any form of electronic data misuse. It frequently refers to the disclosure or use of personal data. Users can protect themselves against data misuse by securing their hardware and software with the latest security technology against cyberattacks and by disclosing as little personal information as possible.

This term refers to protecting the personal data of a person or institution against misuse by third parties. Data protection is based on the idea that each individual can decide for themselves on whether their personal data is to be used or disclosed. Laws and regulations at both national and international level are in place to prevent data protection violations. In Germany, the Federal Data Protection Act determines the right to handle personal data.

Determines the handling of personal data. The Federal Data Protection Act and the data protection regulations of the federal states apply in Germany. The aim is to "protect individuals against any infringement of their rights as an individual due to the handling of their personal data". Compared to the rest of the world, Germany has a modern data protection policy. At European level, the EU''s Directive on Privacy defines uniform minimum standards for data protection.

Refers to the protection of data with a view to the respective security requirement. Sensitive data should be protected during processing against forgery, destruction and unauthorised disclosure.

Refers to the type of data to be processed (sensitivity). Sensitive data is data that particularly needs to be protected.

Crime; anyone who gains or provides unauthorised "access to data, which is not determined for them or which is particularly secured against unauthorised access, by overcoming access security" commits a crime pursuant to section 202a of the German Criminal Code. Identity theft is a particular form of data theft.

Data thriftiness refers to a person's caution when it comes to disclosing data that is not needed for a business, communication or other processes, especially on the Internet. In addition to the personal attitude of each individual, data thriftiness and data avoidance are a statutory requirement for data processing systems as laid down in section 3a of the Federal Data Protection Act. This means that in Germany the principle applies that the collection, processing and use of personal data and the choice and design of data processing systems must be geared to the aim of collecting, processing and using as little personal data as possible.

This term refers to a trend where many aspects of life and everyday information are being transformed into digital data, evaluated and stored. So-called self-quantifiers, for instance, measure everything about themselves (for example, movement intensities, blood pressure, weight, etc.) and then use this to generate valuable data. Various different technical devices are used to collect and store the data. In this way, the health and lifestyle of individuals can be extensively datafied with precision. Datafication describes the impact of big data.

This means that a service is not available and this is usually caused by an overload. There can be various reasons for this, for instance, too many requests, a weak infrastructure or an attack by a third party. In the case of DoS attacks, hackers send such a high number of requests to a service that it causes the service to collapse. This is used, for instance, to bring down websites so that they can no longer be reached online.

Means secure transmission of individual identity attributes of a German ID card with the online ID function to a mobile device. This allows users to identify themselves online. The derived identity is currently in planning in Germany.

Sometimes referred to as electronic identities, less frequently as virtual identities. This term refers to all procedures in which people, objects or processes use certain attributes to authenticate themselves online. A digital identity can be clearly allocated to the person, object or process. There are many different kinds of digital identities. The simplest way to authenticate yourself in an online account is to login using a username and password. Companies, on the other hand, often use employee ID cards to grant their staff access to the company premises or to special information. A higher level of security is achieved with so-called two-factor authentication that uses a smartcard and PIN. The terms digital and electronic identity (eID) are synonyms.

This term describes the possibility to access information irrespective of location, for instance, via the Internet using a mobile device. This refers to both private and work purposes. More and more companies are developing guidelines to cover the use of smartphones, laptops and tables both inside and outside a company's IT. BYOD, COPE and CYOD are known concepts.

A form of Denial of Service. In this case, the non-availability of a service is caused by an overload of a higher number of other systems. Unlike DoS attacks, the DDoS attack is carried out from any distributed computers to bring the service down.

A device that recognises whether or not a machine-readable ID document is genuine. It scans the document and reads its optical and electronic security features. The system reliably detects forged passports, ID cards, residence permits, visas and EU driving licences.

This term refers to a download that takes place unknown to the user and unintended by them. Software is then downloaded onto the computer in the background. This is usually malware that makes use of security gaps in the browser. The latest browser and virus scanner versions offer protection against drive-by downloads.

Drive-by hacking refers to hacking or data espionage using (unsecured) wireless networks, WLAN, Bluetooth, etc.

The European driving licence card has been mandatory in the EU since 2013. This move improved the security standards of the more than 110 different driving licences throughout Europe and introduced uniform driving categories. Since 1999, Bundesdruckerei has been producing the German driving licence in credit-card format on behalf of the Federal Ministry for Transport and Digital Infrastructure.

E

The act on secure digital communication and applications in the health care system. It shall enable the establishment of a secure digital infrastructure for the health care system and making use of the potential offered by the electronic health Card.

 

Also referred to as tapping; refers to eavesdropping data and telephone connections.

eGovernment or electronic administration refers to administrative services irrespective of time or place. This is specifically geared to simplify processes and communications between citizens and public authorities and between the authorities themselves. This includes the electronic data exchange, online communications and the use of the online ID functions, for instance, of the German ID card or the electronic residence permit. In Germany, the Act to Promote Electronic Government which was passed in 2013 forms the legal basis for eGovernment. It requires of the administration that they install electronic processes, for instance, with qualified electronic signatures (QES).

Abbreviation for 'electronic identity'. Also referred to as 'digital identity' and means the digital representative of a person, object or process. The electronic identity, which can be derived from the (analogue) ID card, can be used to prove a person's identity during online transactions, for instance, in login processes or for online banking.

A hardware and software infrastructure that enables communication between ID card holders and service providers on the basis of the online ID function of the German ID Card.

eIDAS is the abbreviation for the "Regulation on electronic identification and trust services for electronic transactions in the internal market". Since 17 September 2014, this regulation has been in effect in all EU Member States and can be adapted by Iceland, Lichtenstein and Norway. eIDAS provides a uniform legal framework that is valid throughout Europe for electronic proof of identity and for trust services, i.e. for electronic signatures, seals and time stamps. When it comes to electronic identification, the regulation relies on mutual recognition of different national eID systems. EU-wide interoperability of electronic identification, harmonisation and standardisation of signatures and the establishment of new trust services enable secure and trusted electronic business processes between companies, public authorities and citizens. 1 July 2016 was an important day: Since this day, it has been possible to offer new trust services.

Using electronic office ID cards, companies and public authorities can make processes and workflows much smoother, more efficient and secure. Time recording, electronic signatures, access authorisation and payment functions are applications that can be integrated into this ID card. On behalf of the German Federal Ministry of the Interior (BMI), Bundesdruckerei develops and produces employee ID cards for the employees of all federal authorities. The partners in this project are the Federal Office for Information Security and the Federal Criminal Police Office.

The electronic passport is a machine-readable travel document (MRTD) with an integrated passive RFID chip. The chip stores the same information as that contained on the data page of the passport along with a digital photo of the passport holder. In Germany, fingerprints have also been stored on the chip since 2007. The electronic passport complies with the recommendations of the International Civil Aviation Organization (ICAO).

In 2011, the electronic residence permit in credit-card format was introduced to replace the conventional residence permit. The permit comes with a contactless chip inside the card where the biometric features, such as the photo and two fingerprints, additional provisions and the personal data are stored. Under Council Regulations 1030/2002 and 380/2008, all EU Member States are required to introduce an electronic residence permit.

The electronic signature, also called 'digital signature', guarantees the authenticity and integrity of digital information and ensures that the sender is in fact who they claim to be. It warrants that the information, for instance an e-mail or an electronic document, was not manipulated on its way from the sender to the recipient.

This is understood to be methods to conceal information so that it cannot be read without special knowledge (keys). Encryption can be used to ensure that secrecy is maintained.

This term refers to encryption along all stages of a transmission. The data is encrypted by the sender and is not decrypted until it arrives at the recipient. PGP and S/MIME are examples of end-to-end encryption.

This term refers to electronic services that allow security and data protection to be maintained during business processes in the digital world. High-security technologies are helping to ensure that users can be reliably authenticated and that only authorised parties can access digitally stored data. eServices include, for instance, secure business communications with digital signatures and electronic invoicing, TSP solutions and implementation of public-key-infrastructure products, the provision and management of certificates or the eID service and authorisation certificates in conjunction with the German ID card.

The EAC protocol was developed by the European Union to protect sensitive data in biometric travel documents, especially the document holders' fingerprints. EAC is made up of two different steps, i.e. 'chip authentication' and 'terminal authentication'. During the chip authentication process, secure communication is established between the chip and the reader. During this process, an implied security check is also carried out on the information stored. This method enables the authentication of elements that were allocated during personalisation. Since only a 'genuine' chip is capable of establishing communication with the reader unit which is protected via both keys, chip authentication also ensures automatic copy protection of the stored contents at the same time. During terminal authentication, only authorised readers with precisely defined access rights can obtain access to the information stored in the chip. Every time the chip and reader are about to communicate, the authorisation certificate of the reader is automatically checked.

F

A biometric method in which the face of the person being checked is compared with one or more stored photos. This technology is used, for instance, at electronic gates (eGates) at airports. A live photo of the traveller is taken and then compared to the image saved on the chip of the traveller's electronic passport. This photo must comply with the standard of the International Civil Aviation Organization (ICAO). More advanced facial recognition technologies are currently being developed, such as three-dimensional facial recognition, in order make recognition even more reliable.

Fake news is misinformation or hoaxes that are spread quickly, especially on the Internet. It serves different purposes: On the one hand, fake news is spread because the author has a financial interest. If it is often clicked, the website operators earn money with the ads published there. On the other hand, fake news is used by people to misinform and split society. The German Act to Improve Enforcement of the Law in Social Networks (NetzDG) is designed to combat this: Big networks on the Internet, for instance, now have to block or delete illegal content within one day after receiving a complaint.

The FIDO (Fast IDentity Online) initiative, which was founded by Google and PayPal, aims to replace customary Internet login procedures with improved security concepts. The goal is to establish a new standard that will not only significantly raise the security level of customary user-name/password methods, but which will be just as simple and easy to use.

A person's fingerprint is made up of papillary lines (ridges) and minutiae (branches) and is unique for each person. During fingerprint recognition, the fingerprint scanner first takes a picture of the fingerprint. Either an image or a template of the fingerprint is then stored. By storing the fingerprint of both index fingers in the electronic passport, the identity of the holder can now be verified with even greater certainty than with just the facial Image.

A security system that protects computers or entire computer networks against unauthorised access. All data communications are monitored in this case.

When something is forge-proof, this means that it cannot be manipulated and is hence an original. This is important when it comes to ID cards, which are used prove a person's identity, or products which must be original products if the manufacturer is to provide a warranty.

A reading device that scans the entire data page of a document and displays the data on the screen. This device is used to read ePassports.

G

This serves as a point of connection between different networks that work together using different protocols and addresses.

The European General Data Protection Regulation (GDPR) contains rules for  companies and public authorities on how personal data is to be protected. At the same time, it also ensures the free exchange if data within the European internal market. The Regulation came into effect on 24 May 2016 and must be applied from 25 May 2018 at the latest. It is part of the EU’s reform of data protection rules. The Regulation establishes the legal basis for data protection activities and defines the rights of data subjects and the obligations of companies. One new element is the ‘right to be forgotten’. The GDPR is also binding upon companies based outside the EU but used by EU citizens.

H

From the word 'to hack', this term refers to people who access IT systems and infrastructures without authorisation and for different reasons. They do this by tracking down security gaps. Hackers use malware, for instance, to bypass security equipment. So-called hacks may be aimed to change system settings, to steal data and digital identities or to draw public attention to security loopholes.

Hexadecimal comes from Greek and Latin. 'Hexa' is Greek and means six and 'decem' is Latin and means ten. A hexadecimal system is a numbering system containing 16 sequential numbers as base units. The hexadecimal system is frequently used in data processing. In the world of computers, data words are usually made up of octets which can be presented as just two-digit hexadecimals rather than eight-digit binary numbers.

I

Abbreviation for Information and Communication Technology. This term refers to technology related to information and communications, such as hardware and software, or telecommunications.

The ID card in credit-card format for citizens in the Federal Republic of Germany; equipped with a security chip and available since November 2010. The card not only serves as photo ID but can also be used as electronic ID on the Internet.

A document issued by an official authority containing information that enables verification. This document proves the identity of the holder.

An ID system secures the entire identity value chain. This includes collecting and registering identity data, processing and sending the data in a secure manner, producing and issuing identity documents, as well as their reliable verification. Bundesdruckerei is one of the world's leading suppliers of ID systems.

Methods used for identification, to capture, collect or transmit data. These include, for instance, smartcards, RFID (radio frequency identification) or biometrics.

International format for identity documents. ID1 measures 85.60 × 53.98mm and is used, for instance, for the German ID card, the EU driving licence and also for bank and credit cards. ID2 measures 105 × 74mm and corresponds to DIN A7 format. This was the format used for the 'old' German ID card (produced up to 2010). ID3 measures 125 × 88mm and corresponds to DIN B7 format. This is the format used the world over for passports.

Finding a dataset, for instance, the biometric identifier of a person, from a large parent population (1:n).

The identity of a person or object describes the entirety of all of their specific features that distinguish them from all others.

This term refers to the deliberate and targeted handling of identities. In the digital world, identity management primarily means managing user data and can help companies, for instance, to define access and use rights.

Identity theft refers to the misuse of the personal data (identity) of a person by a third party. Identity fraud or identity misuse are also frequently used in this context.

This term refers to a crime where a person, a company or another entity uncovers a company's operational processes and information which the targeted company keeps secret for economic reasons. Industrial espionage focuses on processes that are not apparent and are only known to a select group of people.

Also referred to as the Fourth Industrial Revolution, Industry 4.0 describes the development towards a smart factory. In these smart factories, individual components are connected to each other and can exchange data. This allows them to respond to changes in the process and to autonomously organise and optimise workflows in production. The Internet of Things forms the foundation for Industry 4.0.

This collaboration by industrial associations BITKOM, VDMA and ZVEI aims to shape the Fourth Industrial Revolution and to promote the smart connection of production-relevant components. The focus of this collaboration is on exchange across different industries.

A part of cloud computing where the cloud provider makes hardware services available to users. These services are generally IT resources, such as processing power, servers, memory capacity or other systems on which the user can use his own programs. The provider provides the secure and current environment and takes care of maintenance and operation of the infrastructure. Using encryption or two-factor authentication, the users protect their digital identity in the cloud. Platform as a Service and Software as a Service are other cloud services.

Also called intermodal mobility, this is a transport management concept that refers to transport that combines several means of transport. With a view to passenger transport, for instance, this can be a combination of carsharing, local public transport and long-distance transport, air transport and bike rentals. Smartphones inform users about the latest disruptions, congestion and travel times and combines this data to find the best means of transport to the destination. Intermodal travel offers greater flexibility, especially in cities, and enables smart transport management.

Symmetric encryption algorithm; is a block cipher with a 128-bit key.

This term refers to a network in which objects usually have their own digital identities and are connected to the Internet so that they can exchange information online. This means that they can sometimes operate autonomously. The Internet of Things is, for instance, the basis for industry 4.0, smart mobility, smart factory, smart grid and smart home.

In short IP; is a connection-free protocol and its task is to transport data packages from one sender to a different recipient via several Networks.

The ability of different (IT) systems or components to work together, in particular, to exchange data.

The iris is the cover of the eye that is coloured by pigments and which regulates the amount of light to enter the eye. The iris pattern is unique for each individual. Iris recognition is a biometric identification method where a live photo is taken of the iris of the person to be checked and then compared with the reference image previously stored. No laser beam is used in this method.

Abbreviation for Information Security Management System. This system is used to manage and demonstrate IT security standards. It contains methods and rules that help to define, steer, control and optimise IT security.

International Standards Organization.

An act introduced to boost the security of IT systems; part of the Federal Government's Digital Agenda. The draft by the Federal Ministry of the Interior from December 2014 includes a requirement for service providers and operators of critical infrastructures, such as utilities, to protect their plants against unauthorised access and to report IT security incidents to the Federal Office for Information Security (BSI). This act aims to improve exchange between government, private business and academia in order to boost cybersecurity.

There is no specific definition for these terms. The term IT security essentially means functional security, i.e. that a system behaves in line with its expected functionality. Information security essentially describes protection for the technical processing of information. Its goal is to ensure the protection goals of confidentiality, availability and integrity.

L

An application protocol that enables the requesting and modification of information stored in a repository.

M

A machine-readable zone on ID documents that can be read by way of optical character recognition. This zone can contain personal or document-related data, depending on the type of ID document.

Is an abbreviated form of the term 'malicious software'. Just like worms and trojans, malware is specifically developed for criminal purposes or for sabotage. Anti-virus software can sometimes detect malware and prevent it from accessing the computer and networks.

This is when an unauthorised party secretly intervenes in communication between two parties who trust one another. The man in the middle leads both parties to believe that they are in fact communicating with each other. The aim of this attack is to control the communication channel and hence data traffic in order to gain access to sensitive data.

Using the maturity level analysis, the actual state of a technical system or process, for instance, the digitalization process of a company, can be checked in a standardised way. Basis for the check is the evaluation of the individual requirements of all parties involved. Previous actions and measures along with the methods applied and existing deficiencies are all analysed. The requirements are defined, risks classified and the sequence of further steps determined. This allows to clearly define if and how a system or process can be optimised.

 

Data that provides information about features of other data, but not the data itself. This information includes information about the structure, size, format or storage location.

A person's identity which is securely derived from an ID card and can be used when on the move. The identity is linked to a reliable 'security element', such as a SIM card or a provider-independent smartphone microSD card, and used via an app. The German ID card with the online ID function activated is inserted into a connected reader and the app is started using the ID card PIN. The user then releases their smartphone microSD card using the card PIN and the ID card data is securely connected to the card and hence to the smartphone. The online ID function of the German ID card could be installed on a security element, for instance, using a specially authorised third party ('trusted service manager') and released for use.

This term refers to electronic payment processes where at least the payer uses mobile technology. The data is transmitted without contact. There are several providers of mobile payment services in Germany. With mobile payments, smartphones or tablets become so-called mobile wallets.

Information, communication, transaction and all other kinds of services which are offered by companies via mobile networks (GSM, GPRS, UMTS) as well as supporting transmission technologies (wifi, Bluetooth and infrared) and tracking technologies (GPS, cell tracking) and which consumers with a mobile device can use no matter where via SMS, MMS, WAP and the mobile Internet.

O

Serves authentication. Each one-time password is valid just once and cannot be used again. A new one-time password is needed for each new authentication.

This protocol makes it possible to query the status of a certificate with a server or a so-called OCSP responder; is usually operated by the certificate issuer.

Part of the German ID card that makes it possible for the first time to prove one's identity without a trace of doubt on the Internet. Using the integrated online ID function and together with a PIN, the German ID card can be used to login to and register for online services. This proof of identity allows users to clearly identify themselves on the Internet or at vending machines. This electronic identity ensures secure use, for instance, of online services provided by private companies (e.g. online shops, banks, e-mail providers, social networks) and the administration (German Pension Insurance Association, motor vehicle registration offices). Identification using the online ID function is offered as a secure and user-friendly alternative to current login and registration methods that use username/password methods.

P

A document that allows travellers entering a different country to prove their identity during border control checks. This document is issued by the state and is produced in Germany by Bundesdruckerei. The passport also entitles its holder to return to their own territory. The passport serves as identification and legitimisation before government authorities. The data page contains a photo of the holder as well as their personal data, such as name, nationality or date of birth. The German passport, which is 125 x 88mm in size (ID3 format), also features a security chip in the passport cover where two fingerprints are additionally stored. The passport also comes with empty pages that are provided for additional official observations by the issuing country, for entry and exit stamps or for visas. German passports are valid for a ten-year period.

A security protocol that protects the contactless security chip in the German ID card against unauthorised Access.

A program that is used to manage passwords. It generates secure, strong passwords for various accounts and stores these, usually in encrypted form. This database is protected by a central master password. This means that users of password safes and managers only need to remember one strong password in order to manage all online accounts protected by passwords.

Details that refer to a specific person. According to the Data Protection Act, the term includes information, such as name, address, e-mail address and account number, as well as previous convictions, customer, patient and personnel data.

A personal identification number which a person uses in order to identify themselves to a machine.

Used to unblock a signature card or the German ID card; the number is sent to the holder together with the PIN letter. It is used to unblock the card or the online ID function if the wrong PIN is accidentally entered three times in succession.

Comes from 'password fishing' and refers to a method where attackers obtain personal access data. They do this by sending e-mails which often appear to be from a trusted party, such as a bank, requesting that the recipient submit their user data. Phishing e-mails use attachments that install malware or contain links that lead the recipient to fake websites. In this way, they steal the user's digital identity. Spear phishing is one form of sending.

 A part of cloud computing that is primarily designed for system architects and application developers. It allows users to access a development environment with standardised interfaces, the latest software and suitable computing power in the cloud. Users use PaaS, for instance, to develop apps. With encryption or two-factor authentication, the users protect their digital identity in the cloud. Infrastructure as a Service and Software as a Service are other cloud services.

An asymmetric encryption method where the authenticity of the public key is confirmed by the PGP user rather than by a central certification authority.

Also referred to as 'embedded privacy', is a concept developed by Ann Cavoukian in the 1990s that describes integrated privacy for IT systems. It is based on 7 foundational principles: Privacy is 1. proactive not reactive; 2. a default setting; 3. embedded into design; 4. remains part of the overall positive result even in the event of necessary trade-offs between functionality and privacy; 5. warranted throughout the entire lifecycle; 6. visible and transparent; 7. individual and user-centric.

The counterpart to the public key; is used to generate electronic signatures and must be kept secret; usually protected by a password or PIN.

This term is derived from the words 'producer' and 'consumer' and refers to a person who both produces and uses. It describes a new consumer role that has been strongly formed by social media, blogs and rating portals where users are both producers and consumers. The aspect of producing also includes the process of disclosing personal data and preferences for marketing purposes. The term 'prosumer' is also used in the context of distributed energy supply in the smart grid and refers, for instance, to individuals who generate power with their own small systems, feed this power into the public grid and then buy power from the same grid.

An alias that anonymises users. In the Internet, they are often used as so-called nicknames, for instance, in chats or social networks, where they protect the user's identity.

The counterpart to the private key. Is made available publicly, for example, on a public key server. Is used to verify signed messages from the owner of the public key.

The PKI refers to an IT system that issues, distributes and verifies digital certificates. The certificates issued within a PKI guarantee that the certificate holder has been authorised by a trusted service provider and that the information contained in the message was not manipulated during transmission.

Q

Stands for 'Quick Response' and describes a method that is used to make information machine-readable. With this internationally recognised square code, information can be scanned, for instance, using a smartphone. The QR code is primarily used in industry, in production systems and stock-taking, but is also being increasingly used in other more every-day areas (for instance, in advertising).

An electronic signature which, pursuant to the Act on Digital Signature, is based on a qualified certificate that was valid at the time the signature was generated and is generated by a secure signature creation device. The QES is legally equivalent to the personal, hand-written signature.

R

An identification method that uses electromagnetic waves and does not require any direct contact. See also RFID chip.

Is a combination of 'ransom' and 'software'; this malware encrypts valuable data or the victim's entire hard disk. The user can only access their data again after paying a certain amount of Money.

Part of the basic equipment needed in order to read data from signature cards or ID cards. A class III reader with its own keypad is required for signature cards.

This function enables drivers to access their cars through mobile radio networks. Using an app, they can, for instance, open the doors or switch on the block heater. Even car-related data can be queried remotely.

Part of a public key infrastructure. It is used to publish certificates and their validity status in the form of certificate revocation lists and OCSP (Online Certificate Status Protocol) Responses.

A microprocessor chip that can be used to store or process data. They are divided into active and passive RFID chips. Active chips have their own source of energy (battery) while passive chips draw energy from the reader by way of induction. Simple chips are used for logistics only. Highly developed chips, on the other hand, contain a crypto-controller for processing data.

Software (rogue anti-virus program) that is designed to make users uncertain and to scare them. It is a form of social engineering. Malware pretend that the computer is infected with a virus and offer suitable anti-virus software to solve the problem. At best, the buyer will simply buy a completely useless program, but normally users end up downloading malware.

S

This stands for Secure/Multipurpose Internet Mail Extensions; a special protocol for encrypting and signing e-mails. The standard is based on a cryptographic method. Along with PGP, S/MIME is a widely used e-mail encryption method. It also works on mobile devices.

A secure identity means that the identity cannot be manipulated or forged, nor can it be misused. It guarantees that a person is in fact who they claim to be. The identities of objects or processes can also be secured.

A security feature protects, for instance, identity documents, such as ID cards or passports, against unauthorised manipulation. Security features in documents can include substrates, inks and in the printing itself. They can come as tactile and mechanical features or in the form of overlays and foils. They are integrated on all levels of multi-layer documents. They supplement each other and hence boost the security of ID cards even further. Thanks to an integrated chip, eID cards also include electronic security features. Chemical additives or semi-finished products, such as fluorescent fibres and security threads, are already integrated into the substrate of the ID card during production. Special inks, including iridescent, optically variable or fluorescent inks, are used to create characteristic effects and improve protection against forgery. Various printed motifs, such as guilloches, line patterns or microlettering, protect the document against unauthorised copying. Embossing and engraving create clear tactile features on the document. With a changeable or multiple laser image (CLI/MLI), a laser writes various pieces of information, e.g. photos and date of birth, into the card so that only one piece of information can be seen at any one time depending on the viewing angle. Foils and overlays, such as a holographic patch inside the card body, also protect the personal data stored on the ID card.

Defined scheme of data sequences for communication between a chip and a reader. Security protocols like EAC (Extended Access Control) or PACE (Password Authenticated Connection Establishment) ensure data protection, protection against forgery and the authenticity of the data on the ID card.

In the case of an Internet service provider, this term refers to the provider of online services and Access.

A signature card allows the user to electronically sign a digital transaction, such as the sending of an e-mail or the conclusion of a contract on the Internet. The so-called Qualified Electronic Signature replaces the hand-written signature from the analogue world and has the same legal standing. It clearly indicates to the recipient that the message is in fact from the person who sent it and has not been manipulated. The signature cards from Bundesdruckerei's subsidiary D-TRUST contain two different certificates. The first certificate is a qualified personal certificate for the legally binding electronic signature. Then there's an advanced certificate for authentication, encryption and advanced signing. Both certificates meet with all the requirements of the German Act on Digital Signature.

Pursuant to section 2 of the Act on Digital Signature, this is unique electronic data, such as private cryptographic keys, which is used to create an electronic signature.

Southern part of the metropolitan area around San Francisco and San José in California. In the 1950ies, the most important centre for IT and high-tech industry was created and companies like Apple, Google, Facebook or Intel have their headquarters there.

In the world of IT, simplicity refers to the trend towards making systems and applications more user-friendly and to reduce their complexity. A concept that combines both easy handling and sufficient privacy is Privacy by Design.

Short for 'secure intelligent mobility – Test field Germany“; a smart mobility project. simTD is researching and testing connected C2X communication for secure traffic scenarios with a view to its functionality and suitability under real conditions. The aim of this project is to outline and prepare the boundary conditions for technology. Leading car manufacturers and suppliers, communication companies as well as research institutes are involved in this project.

Single Sign-On (SSO) refers to a universal strategy for logging into networks. Users only need to authenticate themselves once in order to gain access to services, computers or programs in the respective network. The advantage of Single Sign-On is that users only have to remember one password and no longer have to manage passwords or remember various, sometimes weak passwords.

This term refers to individual data or a data package which belongs, for instance, to a person, a requested page or a GPS location and which unlike big data does not provide answers to a specific question.

In a smart factory all of the components and processes are connected – from production right through to logistics. Objects usually have digital identities, they can send and receive data and can respond to changes and delays. The smart factory is hence a complex system that independently organises and optimises both itself and the goods produced there. Smart factory is a sub-aspect of the Internet of Things.

This term refers to a smart electricity grid in which consumers or customers, generators, storage units as well as distribution and transmission networks are connected to each other and exchange information. Compared to conventional electricity grids, the smart grid additionally features communication, measuring and control elements and is equipped with IT components. It can record consumption and feed-in in realtime and optimise grid utilisation. Protecting sensitive personal data is extremely important in this context. Smart grid is a sub-aspect of the Internet of Things.

In the smart home, the building's systems and devices are connected to each other and to the Internet so that they can regulate and control themselves. The elements connected include, for instance, light components, heating equipment, sun protection and blinds, electricity supply, ventilation and individual household appliances. Smart home is a sub-aspect of the Internet of Things.

Smart meters are usually used for energy consumption. In addition to recording consumption, they also record the energy fed into the grid. They are hence are precondition for the smart grid. The advantage for users is that they have a clear overview of the energy consumption that allows them to identify any potential for savings. Smart meter is a sub-aspect of the Internet of Things.

Smart mobility refers to state-of-the-art mobility strategies that use data and digital access to connect road transport users with each other and to optimise the offer of services. Carsharing and intermodal travel, as well as the data-based communication systems C2C and C2X, are part of smart mobility. Smart mobility is a sub-aspect of the Internet of Things.

Smart objects can collect and store data and exchange this with third parties. They are embedded in an IT infrastructure and are part of the Internet of Things. Smart objects are, for instance, individual household appliances in the smart home, technical components in the smart grid, communication elements for C2C technology and smart meters.

A microprocessor card that can securely save information. Smartcards are plastic cards in ID1 format. They are used for various applications, for instance, for telephone calls, for authentication at banks, payment processes or to send personal data.

Describes a method in which criminals manipulate or influence people to disclose confidential information or convince them to take other actions. A distinction is made between human-based and computer-based social engineering. In the case of human-based social engineering, the criminal contacts the victim directly, for instance, by phone. In the case of computer-based social engineering, the information is obtained using computers. Phishing attacks are often used in this scenario.

Short for software token. These are components within a security and authentication system. Softtokens are files that contain account data, passwords or other clear identifiers which are needed by a system to identify the user.

Part of cloud computing. Programs or files that a cloud provider makes available online. The user accesses the software via their web browser and pays the fees charged for this service. The provider is responsible for updating the software and securing the data. SaaS is an alternative to conventional license models. With encryption or two-factor authentication, users protect their digital identity in the cloud. Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) are other cloud Services.

Also called spam mail or junk mail. This term refers to unsolicited e-mails which are of no interest to the recipient. These bulk e-mails are similar to advertising circulars sent by post. Spammers obtain addresses from databases, from special dealers and using search programs. Effective spam filters in e-mail programs detect spam and filter it out.

A special type of phishing that specifically targets one person. Spear phishing is based on information, for instance, from social networks or websites, about potential victims in order to address them in a credible manner. Spear phishing is usually used when hackers want to obtain certain information from a company.

This term refers to cyberattacks in which the sender uses a false or forged identity. Both IP and URL addresses as well as e-mail addresses may be forged in cases like these. In both cases, the sender uses trusted addresses in order to gain access to the recipient's digital identity, for instance, by requesting passwords. Spoofing belongs to man-in-the-middle attacks.

An SSL certificate shows that a website operator has proven its identity to a recognised certification service provider like D-TRUST. The SSL certificate serves as a kind of electronic company ID card. The certificate also contains the Common Name (CN) which, in the case of SSL certificates, corresponds to the name of the web address or web server, for instance www.bundesdruckerei.de. For Internet users, this establishes a binding connection between the website operator and the contents shown on the website.

Secure Sockets Layer or Transport Layer Security; this enables secure data transmission on the Internet. SSL/TLS certificates secure communication between service providers and users of their Websites.

A document reader that can only read the machine-readable zone. This means that the machine-readable zone of the ID document must be slid through the reading unit of the device.

In contrast to asymmetric encryption, uses only a single key for encryption and decryption.

T

Abbreviation for transaction number; a security method that is widely used in online banking. A TAN is a one-time password that authenticates the user. In the case of online banking, the account holder uses a TAN to authorise the transaction after accessing the account using their username and password.

Electronic data that can be used to prove the existence or receipt of certain data at a particular point in time.

In this case: a cryptographic pattern where information is stored, for instance, for encryption or smartcards. A token with a password is also widely used as a means of authentication.

Officially a Trojan horse; malware that hides other applications behind its real function which it does not document. Trojans use the useful functions of the host program to attract victims. They are often concealed in e-mail attachments. Once executed, they change or delete programs, for instance, system settings, they steal and transmit passwords.

Trust service providers act as a trust anchor within the digital world. They reliably confirm the identity of people who do not know each other and are in a position to securely manage the related data. They guarantee security in the complex interaction that takes place between certificates, electronic keys, signatures and biometric security features.

An authentication method that is based on two independent components. With this method, a holder of a digital identity usually uses a combination of knowledge and possession to authenticate themselves. A typical example of this is authentication at a cash machine where a bank card (possession) is combined with the individual PIN (knowledge).

U

This term refers to the fact that information and offers are available at all times and no matter where thanks to the Internet. In this context, ubiquitous computing refers to the omnipresence of computers and hence a central feature of the Internet of Things.

V

Verifying whether or not a person is in fact who they claim to be.

A network within a public infrastructure such as the Internet that can connect several communication partners at different locations and computers. Only the communication partners who belong to the private network can communicate with each other. The network participants authenticate themselves using their digital identity in order to access data and to transmit this securely. Communication is protected in a so-called VPN tunnel.

Programs that can be used to develop individual malware. They use a host of different distribution channels in order to infect computers. They are easy to use and no special technical skills are required.

Permission to cross the border of a country. A visa is required usually to enter and rarely to exit a country – like in China. It is issued by a consulate of the country of entry and permits the holder to stay in a country or a group of countries for a limited period of time.

W

A web certificate, also referred to as a digital certificate, is a digital data record that confirms certain properties of an individual or object. Its authenticity and integrity can be checked using cryptographic methods. Public-key certificates according to the X.509 standard are widely used. Cryptographic checksums on online tickets are another example of digital certificates.

Phishing attacks that target top executives ('big fish').

Malware that spreads itself via the Internet and in e-mail attachments in order to damage computer Systems.