Innovative IT-Solutionsin Business and Government

presented at the

See you in the exposition – booth 1332!

2

Imprint

IT-Security Made in Germany

Innovative IT-Security Solutions in Business and Government

Special Edition on the occasion of RSA® Conference 2008

Publisher

TELETRUST Deutschland e.V.

Chausseestraße 17

10115 Berlin, Germany

Supported by

German Federal Ministry of the Interior

German Federal Ministry of Economics and Technology

Concept and realisation

Kesberg Consulting

53173 Bonn, Germany

Photos

German Federal Press Office, Bundesdruckerei GmbH,

DB AG/Heiner Müller-Elsner, Deutsche Telekom AG, European

Commission, German Federal Ministry of the Interior, German

Federal Ministry of Economics and Technology, IABG GmbH,

OK FIFA WM 2006, Photocase.com, PixelQuelle.de, SAP AG,

secunet Security Networks AG, T-Mobile Deutschland GmbH,

Utimaco Safeware AG, Verband Deutscher Verkehrsunternehmen

The logos and names used herein are the registered trademarks

of the respective firms and institutions that own them.

3

Dr. Wolfgang Schäuble, MP

Michael Glos, MP

Cryptography is the key technology for IT security.

Ever since the parliamentary resolution on key

cryptographic applications in 1999, the govern-

ment has supported the broad use of encryption

technologies. The continuing development,

evaluation and spread of trustworthy and

dependable cryptographic systems is the result

of consistent liberal policies on cryptography.

Such policy is also required for sensitive company

and government information – as well as private

information – to remain well protected into the

future.

German manufacturers have assumed a leading

role internationally in developing standards and

in creating high-quality encryption products. The

most recent example of successfully applied

chip technologies containing cryptographic

mechanisms is the introduction of the new

German passport that supports biometric feature

data. It will remain a main aim of the German

government’s ICT policy to strengthen the

international competitiveness in this sector.

It is impossible to imagine business, public

administration and the private lives of citizens

without modern information technologies and

online applications. New forms of communication

are being developed at an ever faster pace;

extensive information is accessible almost

instantly and from nearly everywhere. More

than ever, business, government and society

rely on information infrastructures that are both

stable and dependable. Yet at the same time,

the risks also continue to grow: The number of

malicious software programmes has doubled

each year in recent times. The trend here is

towards unobtrusive software that aims to steal

information and pursue other criminal activities.

The German government has formulated the poli-

tical tasks in the field of IT security in its “National

Plan for Information Infrastructure Protection”. The

aim of the plan is to provide information infra-

structure in Germany with appropriate protection,

to respond to IT security defects effectively and

to improve German expertise in IT security while

helping to set international standards. At the

same time, effective innovation and e-government

strategies will help exploit the enormous potential

of the German ICT industry.

Dr. Wolfgang Schäuble, MP Federal Minister of the Interior

Michael Glos, MPFederal Minister of Economics and Technology

4

IT-Security Made in Germany

Innovative IT-Security Solutionsin Business and Government

5

ContentsForeword 3

IT-Security Made in Germany 6

Innovative IT-Security Solutions

Critical Infrastructures 10

High Security 12

E-Government 14

Mobile Security 16

Mobile Ad Hoc Networks 18

ID and Ticket Systems 20

Electronic Personal Identification Documents 22

International Standards 24

Improving Security Together 26

RSA® Conference 2008

IT-Security Solutions at the RSA® Conference 27 - 35

Innovative IT-Security Solutionsin Business and Government

6

IT-Security Made in Germany – Solutions Meeting the Highest Demands

Business, transportation, utilities,

banks and public administration are

increasingly reliant on networked

information systems. The success of

e-government and e-business strategies

requires solutions that enjoy broad

public trust. Reliable IT infrastructures

and security solutions for protecting data

and communication media effectively are

a must.

7

(NPSI), an overarching IT security strategy

to protect IT infrastructures. The Federal

Office for Information Security (BSI) – the

central IT security service provider for the

German government – is making an essential

contribution to transparency in security quality

in co-operation with expert partners from the

business community.

All government programmes for promoting

the development of the information society

place a high value on the requisite security.

Security research continues to remain an

important focus also in the 7th EU Framework

Programme. As already in the 6th Programme,

various national and international projects,

such as the protection of critical information

structures, are to be conducted. The German

government is to support the security research

by developing in 2006 the “National Strategy

Electronic business processes can only be

applied successfully if they are shielded

against the misuse and loss of data or against

attacks. The intense co-operation among the

German federal government, industry and

the scientific community is thus aimed at

developing and using trustworthy applications

based on reliable security solutions.

Business and government in dialogue

In close contact with powerful partners in

the business community, policymakers have

applied basic standards, thereby creating a

climate where the existing know-how could be

bundled as a prerequisite for developing and

applying highly secure crypto solutions. The

German government has made an important

contribution here with its liberal policies on

cryptography. Because the government has not

imposed legal restrictions on the development

and use of cryptographic processes, solutions

are available in Germany that achieve the

highest security standards.

On this basis, the level of IT security in

Germany should meet the growing require-

ments in the future. To do this, the German

government has implemented the „National

Plan for Information Infrastructure Protection“

8

TELETRUST has established for devising specifi-

cations for components and interfaces.

TELETRUST is active at the international level as

well, for instance in dialogue with the European

Commission and the European Network

and Information Security Agency (ENISA).

TELETRUST, in co-operation with BSI, is

responsible for the programme of the German

workshop at the annual Information Security

Solutions Europe (ISSE). In the form of the

European Bridge-CA, TELETRUST has access

to a platform and manufacturer-independent

institution for secure and authentic electronic

communications and transactions among

the participating partners from business and

government.

Certificates, norms, standards –

accepted world-wide

The German Federal Office for Information

Security (BSI) plays an important role for

public awareness of IT objectives set in public

policy, like for instance in the context of the

national security plan. BSI provides the needed

groundwork in the fields of IT security and

consulting public bodies, manufacturers, sellers

and users of information technology.

Providing the latest information on the risks

and hazards for the citizens, administrations

for Security Research” with the participation of

governmental agencies like the Federal Office

for Information Security (BSI), research institu-

tions, and the business community.

Interfaces between government

and industry

One interface between policymakers,

manufacturers of secure technologies and

application solutions as well as providers of

reliable services and users is the “TELETRUST”

association. Independent politically and eco-

nomically, this group promotes the develop-

ment and use of trustworthy information and

communication technology.

Interoperability of components and processes,

security guarantees and consideration of

their global compatibility are the criteria that

9

and the economy when using IT is just as

much a part of BSI‘s work as is testing

and certifying the security of IT systems. In

addition, BSI is actively involved in helping to

set international standards, norms and security

criteria such as the “Common Criteria” (CC).

BSI made an essential contribution to the

international compatibility of IDs through its

efforts at conformity when it introduced the

ePassport – the new electronic passport con-

forming to EU directives.

BSI provides very practical support with its

manual on basic IT security, which gives

users effective standard security measures

for typical IT systems along with tips on how

to apply them. Users who have successfully

implemented these measures can then obtain

BSI certification.

Innovative IT security solutions –

made in Germany

The German encryption business offers not

only high-tech components, but also specialised

general solutions that are used principally in

areas where application-oriented security is

needed. With its extensive knowledge of the

security industry, it supports the business com-

munity and public bodies in securing digital

business processes. This brochure introduces

several examples of practical applications from

this portfolio of solutions.

Whether in the fields of critical infrastructures

and high security, e-government or mobile

security, mobile ad hoc networks, ID and card

systems or electronic personal documents,

security solutions “Made in Germany” always

provide reliable communications and secure

business processes. In co-operation with

local partners, German IT security providers

offer business and government bodies global

on-site service ranging from advice, the

implementation of tailored solutions all the way

to support.

10 11

Data transmission pathways are now part of

this critical infrastructure. This infrastructure

can come under attack and suffer manipulation

in many ways.

Transportation and traffic systems are particu-

larly at risk. The Bahn AG, the German national

railway corporation, is a case in point. The rail

network of about 35,000 km has to handle

around 30,000 train trips daily for passenger

service alone – an enormous logistical feat

requiring the most modern traffic manage-

ment technology to assure effectiveness and

reliability. For that purpose, the Bahn AG has

set up seven main long-haul train operation

centres that handle most rail traffic in Germany

through a number of subsidiary centres.

The highest security standards

To prevent targeted manipulation of train

dispatch data on the data network between

the main and subsidiary centres, the Bahn

AG relies on hardware encryption devices

developed by Rohde & Schwarz SIT GmbH.

The nervous systems of modern industrial

countries are computer driven – a high-

risk scenario. Effective protection of

these critical infrastructures against IT

attacks is thus an urgent necessity.

Public utilities, such as electricity, water and

public transportation, have enjoyed extra

protection from early on. Yet with the global

interconnectedness of the information society,

classic risk scenarios are no longer relevant.

Effective Protection for Critical Infrastructures

Critical Infrastructures

10 11

be designed more efficiently with the related

reduction in operating costs, the future-proof

professional protection of train guidance data

has also been guaranteed.

The demand for secure communication media

in business and government continues to

assure that the encryption solutions of

Rohde & Schwarz SIT are found in countless

other mobile and stationary applications

in the fields of voice, data, fax and video

communication.

These devices encrypt all data between the

main and subsidiary centres. The keys to these

devices can be changed at any time while

the system is in operation. All security-related

operating actions are recorded and stored in a

system that prohibits unauthorised alteration.

Access to the encryption devices is only pos-

sible through the security management system.

Mutual authentication of the security adminis-

trators and the devices occurs using modern

asymmetric processes based on SmartCard

technology. This technology protects commu-

nication against falsification, manipulation and

external interception through the use of signa-

tures and encryption.

The use of modern cryptographic processes

for encrypting and authenticating – in

conjunction with a device concept with the

highest security standards – assures that

train guidance data is transmitted without any

manipulation or interception.

Universal and efficient protection for

business and government

The encryption devices are key components of

modern state-of-the-art railway traffic control

solutions. The Bahn AG thus profits in two

ways at once: not only can the work processes

12

The task was challenging: over 200 widely

geographically dispersed German embassies

had to be connected to a network that would

not fall prey to eavesdropping. The highly

secure VPN solution SINA from the Essen-

based company secunet made the task pos-

sible by developing its product according to

the requirements of the German Federal Office

for Information Security (BSI). SINA is the only

system approved for IP-based communication

up to security levels “top secret“ or “NATO secret”.

Acid test in the Foreign Service

Due to the nature of its business, the diplo-

matic service works with highly sensitive data.

Highly secure solutions like SINA are thus

essential. The system makes it possible to

secure even the most complex data processing

infrastructures without restraint on perform-

ance. Thanks to its use of proven standard

components such as a minimised operating

system hardened by additional protective

features, SINA’s solution is more cost effective

and flexible than classic cryptographic devices.

German Missions Abroad Secure on the Internet

High Security

IT security is a major issue wherever

data is transmitted across public net-

works. Top secret information from

government offices in particular cannot

be allowed to fall into the wrong hands.

Intelligent security architecture helps

to master this challenge – even while

saving costs.

13

High security for mobile applications

The SINA virtual workstation enables mobile

security because the solution is not restricted

to a networked workplace. The protected data

is simply processed and saved offline; the

local data keeping is protected by a crypto

file system also using SINA encryption. This

mobile solution can, of course, be connected

to a fixed, SINA-protected network without

any difficulty. The modular SINA architecture

is already in use protecting mobile ad hoc

networks (IABG), PDAs and crypto-based

telephony.

The diplomats at the German Federal Foreign

Office can now securely exchange their top

secret files over a local area network (LAN)

equipped with a SINA Box. A smartcard-

backed PKI protects the connection and

access to files. The SINA Thin Client – a

smartcard-secured workplace – enables data

to be exchanged securely with other servers

online even beyond the LAN. The SINA

Thin Client does not have a hard disk, but is

booted from CD-ROM or Flash ROM, and it

only processes the respective screen output

using a terminal server protocol so that no

sensitive data is saved locally. In addition, this

architecture permits parallel access to security

areas with different security levels.

SINA technology is not only successfully in

use at the German Federal Foreign Office. The

German Federal Office of Administration, the

German Federal Bank, the German Federal

Armed Forces and the European air naviga-

tion centre EUROCONTOL rely on this high

security solution. At EUROCONTROL, users

in the management system for emergency air

traffic situations are connected via SINA tech-

nology. The German Federal Armed Forces use

SINA to protect their global command informa-

tion system and its internal SAP applications.

14 15

government. Modern administration is thus

becoming an efficient result-oriented service

marked by greater responsiveness to citizens‘

needs. The consistent application of advanced

information and communication technologies

(ICT) is clearing the way to this lean administra-

tive culture. Aside from the digitisation of pre-

viously paper-based processes, this also pro-

vides an opportunity to review ingrained work

processes within and amongst public bodies

– and to modernise them.

This vision is already a reality in many parts of

German public administration. A good number

of the 6,000 autonomous town halls and coun-

ty halls are linked together in one of the most

advanced local government data networks into

a state-wide Virtual Private Network (VPN).

A broad range of responsive administrative

processes can now be handled in this data

network with direct communication among the

individual authorities. And this communication

network meanwhile extends well beyond

national frontiers. Thanks to efficient

Secure e-government has long been the

established reality in German local and

state government. Local government

data networks with drastically shortened

official channels ease the strain on

public budgets – to the benefit of all

citizens.

Increasing efficiency, quality and transparen-

cy are the guiding principles behind modern

administrative processes in state and local

Responsive Administration Thanks to Secure E-Government

E-Government

14 15

The three-stage model thus offers the highest

degree of availability, integrity and transparency

for transmitted data. Since it was first released

to users, T-Systems has controlled and

monitored the e-government platform from

a service and network management centre

around the clock. When it comes to security,

readiness for implementation and border-

crossing potential, this communication solution

has become a model for future European

e-government applications.

technical interfaces with the TESTA European

administrative network, German authorities now

enjoy a time and expense-saving direct link to

Europe, making them part of the modern public

administration infrastructure.

Model solutions

Thanks to direct data exchange, the new

network infrastructure enables faster job

processing among authorities because it is

free of media breaks. Citizens profit from

these improvements just as much as do public

bodies. For instance, instead of three weeks,

it now takes just four or five days to issue a

personal identity card.

Telekom's T-Systems subsidiary handles three

important aspects of security:

The VPN structure, which functions as a

secure tunnel through the internet and works

using the BSI-certified IPSec standard.

Data encryption and authentication with

digital signatures for applications guarantee

the trustworthiness of electronic communi-

cations, such as when sending e-mails and

documents.

A central directory service in the framework

of public key infrastructure (PKI) for keys

and certificates.

16 17

the efficiency of notebooks and PDAs, their

mobile use also makes them the Achilles’ heel

of company networks.

Mobile and hand-held computers no longer

only access relatively uncritical calendar

functions and contact information. Increasingly,

these devices also contain recent and sensitive

business data, as well as access authorization

details for the company network. Mobile

computers can be easily mislaid or even

stolen, making them into a security loophole

of unknown magnitude.

A security solution for mobile employees

In many industry sectors, employees who work

in business areas that involve high mobility,

such as sales, consulting, field work and

management, are equipped with PDAs and

notebooks, and have long made the “mobile

office” reality. By using different interfaces

and transmission paths, users can synchronize

their portable devices with centrally-held data,

including current CRM files, and can transfer

Secure Mobile Business

Mobile Security

Notebooks, PDAs and other devices are

making company data mobile, but also

creating new risks. But, with the right

security solutions, it is possible to combine

higher productivity and data security.

Information is one of the most valuable assets

a company has. Many companies first realize

this when they start storing their data on

mobile devices: although this helps increase

16 17

by practicality, user acceptance, management

efficiency and seamless integration into the

existing IT environment. Data encryption is

automatic and invisible to users, and there is

no way for operator errors to occur. A model

solution for mobile security: Microsoft Germany,

for example, protects its mobile devices by

using Utimaco’s security solutions, which fully

comply with Microsofts‘ internal data protection

standards. Numerous organisations world-

wide put their trust in these secure mobile

computing solutions.

newly gathered information into the company

network. The advantages of creating such a

“mobile office” are obvious: customers are

served faster and better, important information

is available anywhere and anytime, and

employee productivity increases significantly.

The security requirements of companies are of

crucial importance in mobile working, to enable

them to benefit from all advantages without

taking risks. Utimaco secure mobile computing

solutions guarantee that security concepts can

be made reality.

Tailor-made mobile security

To best meet a company’s security

requirements, a modular solution for mobile

devices is based on a concept with four

cornerstones:

Secure authentication

Encryption of all data

Central administration and configuration

No need for the user to install or uninstall

the security software

These cornerstones provide secure and

controllable mobile working environments

for both users and companies. Established

mobile security solutions are characterized

18 19

In order to respond to evolving emergencies

or threats quickly and appropriately, communi-

cations are expected to meet all the demands

for bandwidth, speed, dependability, robust-

ness and security – demands that are perfect-

ly met by mobile ad hoc networks (MANET).

Unlike existing wireless communication

networks such as mobile wireless networks,

mobile ad hoc networks require no base sta-

tions. Each system involved simultaneously

acts as a router, thus enabling highly mobile

end-to-end communications with no media

interruptions.

HiMoNN® (Highly Mobile Network Node) is

a solution for a MANET developed by IABG

GmbH. Thanks to its capabilities, HiMoNN®

always offers the greatest advantages

wherever a local concentration of various

response forces requires secure, stable

broadband communications. Such occasions

can arise anytime there are major events such

as football matches, mass disasters or even

security threats calling for an emergency

response such as a hostage situation.

Mobile Ad Hoc Networks – Deployed for Safety and Security

Mobile Ad Hoc Networks

Whether it’s a major sporting event,

flooding disaster or multi-vehicle accident

on the motorway – the authorities and

organisations in charge are expected

to respond as quickly as possible,

demonstrate extreme flexibility and offer

seamless co-ordination. New solutions in

mobile communications provide substan-

tial assistance without the need for fixed,

extensive communication infrastructures.

18 19

The solution proved its effectiveness and

impressive utility during various matches of the

German football league. Police equipped with

the devices had uninterrupted access to the

POLAS police information system over secure

broadband connections, thereby improving

security significantly for these matches.

Dependable, robust and capable

HiMoNN® provides its participants with voice,

data and video services. Access to online sensor

data and databases is also assured for each end

system device. The system performs automatic

self-optimisation in terms of local wireless con-

ditions, is easy to operate and can be deployed

on short notice. The modulation process it

uses permits a data transfer rate comparable

to that of DSL, and this in turn enables parallel

transmission of voice, video and mass amounts

of data in the shortest conceivable time. The

integration of a comprehensive QoS concept

enables support for realtime applications.

Using MANET with the greatest

possible security

These solutions are marked by more than just

their impressive mobility and flexibility. A major

Mobile Ad Hoc Networks

priority was also given to achieving the greatest

possible security. In co-operation with the

German Federal Office for Information Security

(BSI), IABG and the firm secunet Security

Networks AG implemented particularly secure

encryption and authentication technologies.

These technologies ensure communication that

cannot be penetrated by eavesdroppers, and

they also prevent any data manipulation during

transmission. Aside from its confidentiality and

integrity for the transmitted data, the security

architecture also ensures tight access controls

and authentication for network access.

IT security at the highest standards – it is the

means for exchanging even highly sensitive

data and information across ad hoc networks.

20 21

ID and Ticket Systems

Based on developments of the German IT security

industry and its co-operative effort to apply

international standards, the VDV (Association of

German Transportation Companies) has created

a system solution for Chip-Card-supported

tickets (eTickets). These eTickets are marked

by a high degree of flexibility and also are inter-

operable useable with various electronic payment

processes and storage media. When the elec-

tronic fare management system was introduced,

the main emphasis was placed on dynamically

integrating the IT security components with

user functions. The security architecture and

standardised components for applications

using touch-free interfaces were co-operatively

developed by T-Systems, Infineon and NXP,

among other firms, and then evaluated for

security quality by the German Federal Office for

Information Security (BSI).

Increased protection against counter-

feiting and more efficient controls

Electronic fare management benefits both

passengers and transport companies. The

International Standards for Ticket Systems: The Example of eTicketing

ID and ticket systems have to conform

to international standards while also

meeting high security standards. At the

same time, ticket users expect these

systems to be easy to use. One examp-

le is the “VDV core application” as a

system solution for “electronic fare

management” with “electronic tickets”

that can be read out securely through a

touch-free interface.

20 21

ID and Ticket Systems

former need not to keep exact pocket change

on hand to buy tickets, whereas the latter profit

from improved protection against counterfeiting

and more efficient controls. The technical and

organisational basis for this is provided by

the VDV core application. This models all the

necessary business processes for electronic

fare management in the form of a level model

while defining the interfaces among the

participants. In this, only the chip functioning as

storage media and the SAM security module

in the reading devices are specified in detail,

as are the customer-side interfaces – and

the providers remain free to choose their own

concrete technical designs.

Among the parts of IT security management

are also the providers who carry out the

certifications needed to operate a PKI and

who are responsible for administering the

organisational and module-specific keys

outside the PKI.

The level model enables transportation firms to

perform “soft” migration, as existing back-office

systems can still be used and phased out

when required by the transport operator.

In addition to cash-free payments and the

electronic ticket, the third stage calls for

“automated ticket pricing”. Passengers merely

swipe their personal chip cards across the

reading device and the data is read without

physical contact.

Ticket payments also via mobile phone

The nationwide rollout of this electronic fare

management system in Germany is to take

place in phases over the next few years. One

exciting development is the use of mobile tele-

phones as an alternative user media. By using

a mobile phone equipped with a contact-free

NFC interface (Near-Field Communication),

customers will have the option of buying their

tickets over the mobile phone network as well.

22 23

Electronic Personal Identification Documents

long time now. As one of the first countries

worldwide, Germany has achieved a new

milestone in the field of ID security by intro-

ducing new electronic passports that meet

EU requirements and ICAO standards. The

Bundesdruckerei GmbH (Privatised former

Federal Printing House) produces around

two million German passports each year and

equips some 5,700 passport offices throughout

Germany with the necessary infrastructure.

At first glance, the electronic passport hardly

appears to differ from its conventional

predecessor. It is only an internationally

standardised mark on the front cover that

indicates that the passport cover now

contains a chip.

Since November of 2005, the new ePassport

has contained a chip that stores an added

copy of the data on the passport holder

already printed on the document: a photo and

personal information such as name, gender

and place of birth. The next generation of the

newly issued ePassports will also contain two

images of the passport holder’s fingerprints

Always a Step Ahead of Forgers – the New German ePassport

Against the backdrop of increasing

globalisation, international co-operation in

all questions of security is indispensable.

Protecting identification documents

against forgery while allowing travellers

to be clearly identified are the central

requirements for protecting against crime.

German personal identity documents

– passports, personal ID cards and drivers’

licenses – have been considered to be

among the most secure in the world for a

22 23

Electronic Personal Identification Documents

on the chip. Both the chip hardware and the

software used on the chip were tested and

certified by the German Federal Office for

Information Security (BSI) according to the

internationally recognised “common criteria”

procedure.

High security combined with protection

of personal data

The digital data stored on the chip are

protected by various security features and

mechanisms. The data are given an electronic

signature ensuring the integrity and authen-

ticity of the data. To ensure that the data

cannot be surreptitiously read from the chip,

the “basic access control” procedure mandat-

ed for EU biometric passports is applied. An

additional cryptographic protocol (“extended

access control”) to access the data will be

used for the second phase.

Each of the communication steps here is encrypt-

ed and can only be initiated once the passport or

ID holders present their documents to a border

agent or other official who then lays it on the

terminal device. At each new reading procedure,

the serial number of the RF chip is automatically

changed, which prevents the data from being

traced. This security measure prevents third

parties from eavesdropping on the contact-free

communication between the passport and the

terminal.

As before, personal data are deleted at the

Bundesdruckerei printing house once the

passport is produced and inspected. This ful-

fils all the requirements for data protection,

and the procedure is regularly inspected by

the German Federal Commissioner for Data

Protection.

The issuance of biometrically-supported ID

documents is a major component in fighting

organised crime and international terrorism.

The aim here is to build on the high standards

already in existence and to increase document

security altogether.

24 25

International Standards

The introduction of electronic passports

(“ePassport”) has elevated the security of

identity documents to an as yet unimagined

level. For one, having an electronic copy of

the passport photo and – starting in 2007

– of the holder’s fingerprints directly in the

document permits a clear and undeniable

connection between the document and its

holder. On the other hand, the integration of

cryptographic security features has markedly

increased the document’s resistance to

forgery.

Yet these measures are only fully effec-

tive in reigning in document misuse if all

countries around the world are also capable

of reading the passports correctly. To guaran-

tee global interoperability, uniform standards

for electronic passports and the associated

reading devices are an absolute necessity.

Common Standards Create Security

The introduction of electronic passports

in Germany has made it one of the first

countries to complete the transition to

personal, biometry-based ID documents

that are protected against forgery. In

addition, the German IT industry and the

corresponding German federal authorities

– thanks to their extensive know-how and

the breadth of their experience in the field

– have played a key role in advancing the

development of internationally uniform

standards for biometrically-equipped

passports and the associated reading

devices.

24 25

International Standards

Industry and government join forces to

develop uniform standards

Because there are no internationally harmonised

testing specifications for the interface between

passports and reading devices as yet, the

German Federal Office for Information Security

(BSI) has launched the “ePassport Conformity

Testing” project.

The initiative, supported by BSI and the German

Federal Office of Criminal Investigation (BKA),

aims to produce detailed testing specifications

for electronic passports and reading devices so

as to guarantee interoperability worldwide and

to be able to test their conformity. Correct per-

formance on the respective tests for passports

or readers can be confirmed with a conformity

certificate from BSI.

The modular structure of testing specifications

also allows the testing specifications meant

for the “air” interface – the RF interface of the

passports – to be applied to additional systems

based on identical standards.

Specifications for the conformity test were

created with a key contribution of the semi-

conductor producers NXP and Infineon in the

framework of a demanding project; these speci-

fications were taken into consideration as the

German ePassport solution was developed. The

testing specifications were submitted through the

German Institute for Standardisation (Deutsches

Institut für Normung e.V. – DIN) and its inter-

national counterpart (International Organization

for Standardization/International Electrotechnical

Commission – ISO/IEC) to integrate them into

applicable international standards.

The success of German efforts at creating

conformity was illustrated at the largest inter-

national test of interoperability for the ePassports

in Berlin in the middle of 2006. There, the

functional capabilities of 400 electronic passports

from various countries were tested in combination

with 50 readers from diverse manufacturers.

The intense interest in the technology among

international experts and government representa-

tives was evident in the many inquiries they

made about BSI’s experiences when the German

ePassport was introduced.

2626

by the German IT security industry covers the

following fields as well as others:

Network security, data security,

encryption, transaction security

SmartCard solutions, passport and ID

card systems, card systems for industry

branches and companies

Security modules, crypto micro-

controllers, trusted computing

modules, operation systems

PKI and identity management, trusted

services, access, authentication,

authorisation, signatures

Biometric systems and components in

accordance with ICAO 9303

Security and conformity certifications

in accordance with ISO and ICAO

System integration and consulting

services, security concepts and applica-

tion solutions for complex systems

Exemplifying the total range of providers are

the following companies and their association,

TELETRUST:

The examples of IT security solutions presented

in this brochure are only a sample of the wide-

ranging solutions offered by German encryption

technology firms. Their full product and service

portfolio extends much further. The companies

are in intensive discussion with one another and

are jointly creating application-oriented security

solutions that enable electronic business

processes and security-critical information to

be protected. The portfolio of solutions offered

Improving Security Together – Solutions from German Encryption Firms

27

Federal Ministry of Economics and Technology

www.bmwi.de

AUMA – Association of the German Trade Fair Industry

www.auma-fairs.com

TeleTrusT Deutschland e.V.

www.teletrust.de

Federal Office for Information Security

www.bsi.bund.de

IFWexpo Heidelberg GmbH

www.ifw-expo.de

The official presentation of the Federal Republic of Germanyas well as this brochure are sponsored by

Improving Security Together – Solutions from German Encryption Firms

in cooperation with

supported by

Worldwide leading vendor of solution

for capture, manage and verification of

handwritten signatures and related data.

25 years in business. A unique technology is

used to extract and evaluate both the static

and dynamic (biometric) characteristics of

handwritten signatures. SOFTPRO is offering

solutions for e-signing as well as a holistic pro-

duct suite for fraud detection and prevention in

payment processing (FraudOne).

SOFTPRO demonstrates the hardware

and software combination of

SignPad and SignDoc:

– brand new

LCD signature

tablet capturing static and dynamic (biometric)

characteristics of signatures in real time in

unparalleled high resolution, sharp, accurate

and trustworthy.

– the reliable

software solution

secures electronic documents with the

characteristics of the handwritten signature,

compliant to e-signing laws throughout the

world.

secrypt Ltd.

Certified to ISO 9001, secrypt Ltd. specializes

in solutions for optimizing digital business

processes with legally compliant electronic

signatures, time stamps and encryption,

and, with its digiSeal product family, ensures

authenticity, protection from manipulation and

confidentiality for sensitive data. Examples:

eBilling

Health care: Signature lifecycle for the

digital archive

Administration and judiciary: Electronic

signing and certification of documents

USP: 2D barcode signature

www.secrypt.de

mail@secrypt.de

SOFTPRO

www.signature-verification.com

info@signplus.com

28

secunet is one of Europe‘s leading suppliers

of products and services in the area of highly

complex IT security solutions. The company

comprises four business units: High Security

(SINA products), Government, Business

Security and Automotive. Our reference

list includes international enterprises from

industrial sectors (e.g. BMW, HOCHTIEF)

as well as public authorities in Germany and

abroad (e.g. Federal German Ministry of

the Interior, UK Home Office). With the

Federal Government of Germany we further-

more have developed a long lasting security

partnership.

At the RSA® Conference we demonstrate our

VPN communication gateway SINA:

Our Secure Inter Network-Architecture is the

only IP-based technology that is approved by

the German Federal Office for Information

Security (BSI) for the transmission of classi-

fied information up to the national level TOP

SECRET.

Security is an integral component of all

T-Systems solutions. We classify our

dedicated Security Services into three

subject areas:

(i) Identity and Access Management (IAM),

(ii) Enterprise Security Management, and

(iii) Seamless ICT Infrastructure Security.

In each one of these areas, T-Systems offers

a broad spectrum of services along the

entire value chain. These include Security

Consulting, Engineering, Integration, Products

and Solutions, as well as Operations or

Management and Maintenance.

secunet Security Networks AG T-Systems

www.secunet.com

info@secunet.com

www.t-systems.com/ict-security

info.ict-security@t.systems.com

SINA LE Box

SINA Box Standard 3HE

29

Sirrix AG is one of the leading specialists in all

areas of Information Security. The main focus

is the design and development of innovative

security solutions for communication systems

and the protection of sensitive digital content.

Our competence furthermore includes the

design, analysis and implementation of crypto-

graphic schemes and protocols. Sirrix AG

has extensive experience in product-related

business and Sirrix Labs is recognized for

its development of highly-reliable hard- and

software.

Sirrix.CRYPT VOIP/ISDN/GSM is a fully

interoperable encryption system for securing

voice and data communication on link level.

TURAYA is a high-assurance security kernel

fulfilling highest security standards

and the first one incorporating

Trusted Computing functionalities.

TÜV Informationstechnik GmbH

TÜV Informationstechnik GmbH (short TUViT)

works impartially and competently in the

field of information technology. As a provider

of trust we focus on assessing, testing and

certifying any kind of IT products, IT systems

and IT processes which have to be compliant

to specific requirements.

TUViT is accredited by organizations and

government agencies for the scope of

IT Quality and IT Security. These accreditations

and our long experience in this field ensure

the quality of our services.

www.tuvit.net

security@tuvit.de

Sirrix AG security technologies

www.sirrix.com

info@sirrix.com

30

Sirrix.VPN is a highly distributed and easy

to manage corporate Trusted-VPN System

with TPM security chip.

Sirrix.PBX is a highly distributed

Private Branch Exchange, a telecom-

munication system supporting ISDN,

Voice-over-IP and mobile clients.

cryptovision Inc. is the leading supplier of

minimally invasive IT security products

with high ROI based on innovative crypto

technology (e.g. ECC, see Suite B).

Worldwide, more than 30 million people do

already use cryptovision technology for:

PKI for secure Identity Management

E-Mail encryption and digital signatures

Crypto libraries for various IT systems

(VHDL, Assembler, C, C++)

Smart Card Middleware for seemless token

integration

cryptovision demonstrates live:

Secure IDM with PKI exemplified at PKI

for Novell

Combine logical access and physical

access with Smart Card Middleware and

Card Management Systems

atsec information security is an independent,

standards-based IT security consulting and

evaluation services company that combines

a business-oriented approach to information

security with in-depth technical knowledge

and global experience. atsec was founded in

Munich in 2000 and has extensive operations

with offices in the US, Germany, Sweden, the

UK, and China. atsec works with leading global

companies such as IBM, HP, Oracle, Cray,

BMW, SGI, Vodafone, Swisscom, RWE, and

Wincor-Nixdorf.

CV Cryptovision Inc. atsec information security

www.cryptovision.com

info@cryptovision.com

www.atsec.com

info@atsec.com

31

IICS GmbH, based in Nuremberg, plans,

develops and markets products and solutions

for data and communication security in mobile

applications. IICS is a pioneer for mobile

security and has launched in 2007 the world‘s

first smart card in microSD format providing

security and PKI functionality for mobile

devices, particularly Smartphones and PDAs.

The certgate hardware token ensures that

mobile applications meet highest security

policies. Corporate processes can be extended

to mobile devices improving productivity

without sacrificing security. Mobile banking

gets comfortable security.

IICS demonstrates

Certgate Smart Card microSD PKI:

Smart Card Chip inside

Windows, Windows Mobile, Linux ...

No hardware drivers

microSD, adapters for miniSD, SD, USB

Middleware MS CSP and PKCS#11

512 MB Flash Memory

Nexus AB

Nexus is a leading e-Security company

providing products, solutions and services

for the international market.

Our business concept is to offer products,

solutions and services around information

security in order to protect our customer’s

sensitive information and knowledge from

unauthorized access.

Our clients are large companies, such as

Volkswagen AG group, Ericsson, govern-

mental organizations such as the German

Federal Pension Fund or the Swedish Police

and banks such as SEB Bank.

www.nexussafe.com

contact@nexussafe.com

IICS GmbH

www.iics.de

info@iics.de

32

SEFIROT the internationally leading provider of

PKI-based Smart Card solutions for industries

& authorities proudly presents newest inno-

vative access protection technology and smart

card life cycle management.

The companies core business:

personalization & deployment services for up

to millions of smart cards, PKI middleware,

valuable smart card services and products,

customer-specific integration projects.

Smart Card Logon Solutions

Multi-Workstation-Multi-Account Logon for

Windows, Linux, Solaris.

CITRIX Terminal Logon, 100% session

hopping.

Smart Card Life Cycle Manager

for small, medium and large-scale

enterprises

Customized smart card personalization,

enrollment

Supervision of smart cards

Multi-domain-support, PKI-key-management,

disaster recovery

Smart card remote management

Created in 2001 in Germany, SecurStar

develops encrypted security products, which

are among the most used software and

hardware in the private and corporate markets.

Its workforce, consisting of specialists in the

IT security area, are constantly trained to help

their customers, seeking their satisfaction and

data security.

The company is attentive to the needs of

the corporate sector, constantly updating its

products, and making the latest technology

available to its clients.

SEFIROT SecurStar GmbH

www.sefirot.de

info@sefirot.de

www.securstar.com

info@securstar.com

33

NCP engineering GmbH is a provider of

application and industry-neutral communication

software for highly secure data transmission

in public networks and the Internet. Under the

guiding principle of "Secure Communications"

the firm develops products and solutions for

the areas of mobile computing, teleworking,

E-commerce, production data acquisition,

system control and branch office networking.

NCP product technology guarantees integra-

tion and compatibility with products from other

manufacturers.

NCP demonstrates the

NCP Secure Clients:

Windows Vista, XP, 2000, CE,

Windows Mobile, Symbian and Linux support

Managed solutions for medium and large

enterprizes

Conformity with all IPsec protocol extensions

Integrated, dynamic personal firewall

Strong authentication

Automatic hotspot logon

Friendly Net Detection

Intelligent connection management

Smooth user experience

Fraunhofer Institute for Secure Information Technology (SIT)

The Fraunhofer Institute for Secure Information

Technology SIT is a leading expert for IT security

and security by means of IT. Over 150 highly

qualified employees cover all relevant topics

and technologies and develop solutions for

immediate use, geared to the customer‘s needs.

The Institute offers development of secure solu-

tions and services, software licenses for security

products, and sophisticated security tests and

studies. The list of reference customers is the

resounding proof for a trustful and reliable

cooperation.

www.sit.fraunhofer.de

info@sit.fraunhofer.de

NCP engineering GmbH

www.ncp-e.com

info@ncp-e.com

34

Trustworthiness in

User-Friendly Manner

The members of the non profit organisation are

vendors as well as users from public and private

sector who form a strong competence network

for applied Cryptography and Biometrics.

Accordant to the demands of the every day

practice TeleTrusT supports the area wide

implementation of data encryption as well as

Identification, Authentification and Signature

for data protection and reliable E-Business.

In the interest of cross-border harmonization

TeleTrusT has created numerous initiatives on

the basis of established standards and con-

tributes decisively to the work of international

alliances.

Two main well established services are

European Bridge-CA and ISIS-MTT which

boost data integrity and privacy while providing

a verifiable audit trail – making e-business

trustworthy.

Secure information technology

for our society

The German Federal Office for Information

Security (BSI) is an independent and neutral

authority for IT security.

It has been established in 1991 as a high

level federal public agency within the area of

responsibility of the Ministry of the Interior.

The BSI employs a staff of around 500 people

and has a budget of some 60 million Euro.

BSI‘s ultimate ambition is the protection of

information and communication.

In this context, BSI has three strategic targets:

Prevention: Protecting information infra-

structures adequately

Preparedness: Responding effectively to IT

security incidents

Sustainability: Enhancing German compe-

tence in IT security/ Setting

international standards

TeleTrusT Deutschland e.V. Federal Office for Information Security (BSI)

www.teletrust.de

info@teletrust.de

www.bsi.bund.de

bsi@bsi.bund.de

35

Providing safety in a digital world

The partners of the German pavillon at the RSA® Conference 2008