innovative it-solutions in business and government · innovative it-solutions in business and...
TRANSCRIPT
Innovative IT-Solutionsin Business and Government
presented at the
See you in the exposition – booth 1332!
2
Imprint
IT-Security Made in Germany
Innovative IT-Security Solutions in Business and Government
Special Edition on the occasion of RSA® Conference 2008
Publisher
TELETRUST Deutschland e.V.
Chausseestraße 17
10115 Berlin, Germany
Supported by
German Federal Ministry of the Interior
German Federal Ministry of Economics and Technology
Concept and realisation
Kesberg Consulting
53173 Bonn, Germany
Photos
German Federal Press Office, Bundesdruckerei GmbH,
DB AG/Heiner Müller-Elsner, Deutsche Telekom AG, European
Commission, German Federal Ministry of the Interior, German
Federal Ministry of Economics and Technology, IABG GmbH,
OK FIFA WM 2006, Photocase.com, PixelQuelle.de, SAP AG,
secunet Security Networks AG, T-Mobile Deutschland GmbH,
Utimaco Safeware AG, Verband Deutscher Verkehrsunternehmen
The logos and names used herein are the registered trademarks
of the respective firms and institutions that own them.
3
Dr. Wolfgang Schäuble, MP
Michael Glos, MP
Cryptography is the key technology for IT security.
Ever since the parliamentary resolution on key
cryptographic applications in 1999, the govern-
ment has supported the broad use of encryption
technologies. The continuing development,
evaluation and spread of trustworthy and
dependable cryptographic systems is the result
of consistent liberal policies on cryptography.
Such policy is also required for sensitive company
and government information – as well as private
information – to remain well protected into the
future.
German manufacturers have assumed a leading
role internationally in developing standards and
in creating high-quality encryption products. The
most recent example of successfully applied
chip technologies containing cryptographic
mechanisms is the introduction of the new
German passport that supports biometric feature
data. It will remain a main aim of the German
government’s ICT policy to strengthen the
international competitiveness in this sector.
It is impossible to imagine business, public
administration and the private lives of citizens
without modern information technologies and
online applications. New forms of communication
are being developed at an ever faster pace;
extensive information is accessible almost
instantly and from nearly everywhere. More
than ever, business, government and society
rely on information infrastructures that are both
stable and dependable. Yet at the same time,
the risks also continue to grow: The number of
malicious software programmes has doubled
each year in recent times. The trend here is
towards unobtrusive software that aims to steal
information and pursue other criminal activities.
The German government has formulated the poli-
tical tasks in the field of IT security in its “National
Plan for Information Infrastructure Protection”. The
aim of the plan is to provide information infra-
structure in Germany with appropriate protection,
to respond to IT security defects effectively and
to improve German expertise in IT security while
helping to set international standards. At the
same time, effective innovation and e-government
strategies will help exploit the enormous potential
of the German ICT industry.
Dr. Wolfgang Schäuble, MP Federal Minister of the Interior
Michael Glos, MPFederal Minister of Economics and Technology
4
IT-Security Made in Germany
Innovative IT-Security Solutionsin Business and Government
5
ContentsForeword 3
IT-Security Made in Germany 6
Innovative IT-Security Solutions
Critical Infrastructures 10
High Security 12
E-Government 14
Mobile Security 16
Mobile Ad Hoc Networks 18
ID and Ticket Systems 20
Electronic Personal Identification Documents 22
International Standards 24
Improving Security Together 26
RSA® Conference 2008
IT-Security Solutions at the RSA® Conference 27 - 35
Innovative IT-Security Solutionsin Business and Government
6
IT-Security Made in Germany – Solutions Meeting the Highest Demands
Business, transportation, utilities,
banks and public administration are
increasingly reliant on networked
information systems. The success of
e-government and e-business strategies
requires solutions that enjoy broad
public trust. Reliable IT infrastructures
and security solutions for protecting data
and communication media effectively are
a must.
7
(NPSI), an overarching IT security strategy
to protect IT infrastructures. The Federal
Office for Information Security (BSI) – the
central IT security service provider for the
German government – is making an essential
contribution to transparency in security quality
in co-operation with expert partners from the
business community.
All government programmes for promoting
the development of the information society
place a high value on the requisite security.
Security research continues to remain an
important focus also in the 7th EU Framework
Programme. As already in the 6th Programme,
various national and international projects,
such as the protection of critical information
structures, are to be conducted. The German
government is to support the security research
by developing in 2006 the “National Strategy
Electronic business processes can only be
applied successfully if they are shielded
against the misuse and loss of data or against
attacks. The intense co-operation among the
German federal government, industry and
the scientific community is thus aimed at
developing and using trustworthy applications
based on reliable security solutions.
Business and government in dialogue
In close contact with powerful partners in
the business community, policymakers have
applied basic standards, thereby creating a
climate where the existing know-how could be
bundled as a prerequisite for developing and
applying highly secure crypto solutions. The
German government has made an important
contribution here with its liberal policies on
cryptography. Because the government has not
imposed legal restrictions on the development
and use of cryptographic processes, solutions
are available in Germany that achieve the
highest security standards.
On this basis, the level of IT security in
Germany should meet the growing require-
ments in the future. To do this, the German
government has implemented the „National
Plan for Information Infrastructure Protection“
8
TELETRUST has established for devising specifi-
cations for components and interfaces.
TELETRUST is active at the international level as
well, for instance in dialogue with the European
Commission and the European Network
and Information Security Agency (ENISA).
TELETRUST, in co-operation with BSI, is
responsible for the programme of the German
workshop at the annual Information Security
Solutions Europe (ISSE). In the form of the
European Bridge-CA, TELETRUST has access
to a platform and manufacturer-independent
institution for secure and authentic electronic
communications and transactions among
the participating partners from business and
government.
Certificates, norms, standards –
accepted world-wide
The German Federal Office for Information
Security (BSI) plays an important role for
public awareness of IT objectives set in public
policy, like for instance in the context of the
national security plan. BSI provides the needed
groundwork in the fields of IT security and
consulting public bodies, manufacturers, sellers
and users of information technology.
Providing the latest information on the risks
and hazards for the citizens, administrations
for Security Research” with the participation of
governmental agencies like the Federal Office
for Information Security (BSI), research institu-
tions, and the business community.
Interfaces between government
and industry
One interface between policymakers,
manufacturers of secure technologies and
application solutions as well as providers of
reliable services and users is the “TELETRUST”
association. Independent politically and eco-
nomically, this group promotes the develop-
ment and use of trustworthy information and
communication technology.
Interoperability of components and processes,
security guarantees and consideration of
their global compatibility are the criteria that
9
and the economy when using IT is just as
much a part of BSI‘s work as is testing
and certifying the security of IT systems. In
addition, BSI is actively involved in helping to
set international standards, norms and security
criteria such as the “Common Criteria” (CC).
BSI made an essential contribution to the
international compatibility of IDs through its
efforts at conformity when it introduced the
ePassport – the new electronic passport con-
forming to EU directives.
BSI provides very practical support with its
manual on basic IT security, which gives
users effective standard security measures
for typical IT systems along with tips on how
to apply them. Users who have successfully
implemented these measures can then obtain
BSI certification.
Innovative IT security solutions –
made in Germany
The German encryption business offers not
only high-tech components, but also specialised
general solutions that are used principally in
areas where application-oriented security is
needed. With its extensive knowledge of the
security industry, it supports the business com-
munity and public bodies in securing digital
business processes. This brochure introduces
several examples of practical applications from
this portfolio of solutions.
Whether in the fields of critical infrastructures
and high security, e-government or mobile
security, mobile ad hoc networks, ID and card
systems or electronic personal documents,
security solutions “Made in Germany” always
provide reliable communications and secure
business processes. In co-operation with
local partners, German IT security providers
offer business and government bodies global
on-site service ranging from advice, the
implementation of tailored solutions all the way
to support.
10 11
Data transmission pathways are now part of
this critical infrastructure. This infrastructure
can come under attack and suffer manipulation
in many ways.
Transportation and traffic systems are particu-
larly at risk. The Bahn AG, the German national
railway corporation, is a case in point. The rail
network of about 35,000 km has to handle
around 30,000 train trips daily for passenger
service alone – an enormous logistical feat
requiring the most modern traffic manage-
ment technology to assure effectiveness and
reliability. For that purpose, the Bahn AG has
set up seven main long-haul train operation
centres that handle most rail traffic in Germany
through a number of subsidiary centres.
The highest security standards
To prevent targeted manipulation of train
dispatch data on the data network between
the main and subsidiary centres, the Bahn
AG relies on hardware encryption devices
developed by Rohde & Schwarz SIT GmbH.
The nervous systems of modern industrial
countries are computer driven – a high-
risk scenario. Effective protection of
these critical infrastructures against IT
attacks is thus an urgent necessity.
Public utilities, such as electricity, water and
public transportation, have enjoyed extra
protection from early on. Yet with the global
interconnectedness of the information society,
classic risk scenarios are no longer relevant.
Effective Protection for Critical Infrastructures
Critical Infrastructures
10 11
be designed more efficiently with the related
reduction in operating costs, the future-proof
professional protection of train guidance data
has also been guaranteed.
The demand for secure communication media
in business and government continues to
assure that the encryption solutions of
Rohde & Schwarz SIT are found in countless
other mobile and stationary applications
in the fields of voice, data, fax and video
communication.
These devices encrypt all data between the
main and subsidiary centres. The keys to these
devices can be changed at any time while
the system is in operation. All security-related
operating actions are recorded and stored in a
system that prohibits unauthorised alteration.
Access to the encryption devices is only pos-
sible through the security management system.
Mutual authentication of the security adminis-
trators and the devices occurs using modern
asymmetric processes based on SmartCard
technology. This technology protects commu-
nication against falsification, manipulation and
external interception through the use of signa-
tures and encryption.
The use of modern cryptographic processes
for encrypting and authenticating – in
conjunction with a device concept with the
highest security standards – assures that
train guidance data is transmitted without any
manipulation or interception.
Universal and efficient protection for
business and government
The encryption devices are key components of
modern state-of-the-art railway traffic control
solutions. The Bahn AG thus profits in two
ways at once: not only can the work processes
12
The task was challenging: over 200 widely
geographically dispersed German embassies
had to be connected to a network that would
not fall prey to eavesdropping. The highly
secure VPN solution SINA from the Essen-
based company secunet made the task pos-
sible by developing its product according to
the requirements of the German Federal Office
for Information Security (BSI). SINA is the only
system approved for IP-based communication
up to security levels “top secret“ or “NATO secret”.
Acid test in the Foreign Service
Due to the nature of its business, the diplo-
matic service works with highly sensitive data.
Highly secure solutions like SINA are thus
essential. The system makes it possible to
secure even the most complex data processing
infrastructures without restraint on perform-
ance. Thanks to its use of proven standard
components such as a minimised operating
system hardened by additional protective
features, SINA’s solution is more cost effective
and flexible than classic cryptographic devices.
German Missions Abroad Secure on the Internet
High Security
IT security is a major issue wherever
data is transmitted across public net-
works. Top secret information from
government offices in particular cannot
be allowed to fall into the wrong hands.
Intelligent security architecture helps
to master this challenge – even while
saving costs.
13
High security for mobile applications
The SINA virtual workstation enables mobile
security because the solution is not restricted
to a networked workplace. The protected data
is simply processed and saved offline; the
local data keeping is protected by a crypto
file system also using SINA encryption. This
mobile solution can, of course, be connected
to a fixed, SINA-protected network without
any difficulty. The modular SINA architecture
is already in use protecting mobile ad hoc
networks (IABG), PDAs and crypto-based
telephony.
The diplomats at the German Federal Foreign
Office can now securely exchange their top
secret files over a local area network (LAN)
equipped with a SINA Box. A smartcard-
backed PKI protects the connection and
access to files. The SINA Thin Client – a
smartcard-secured workplace – enables data
to be exchanged securely with other servers
online even beyond the LAN. The SINA
Thin Client does not have a hard disk, but is
booted from CD-ROM or Flash ROM, and it
only processes the respective screen output
using a terminal server protocol so that no
sensitive data is saved locally. In addition, this
architecture permits parallel access to security
areas with different security levels.
SINA technology is not only successfully in
use at the German Federal Foreign Office. The
German Federal Office of Administration, the
German Federal Bank, the German Federal
Armed Forces and the European air naviga-
tion centre EUROCONTOL rely on this high
security solution. At EUROCONTROL, users
in the management system for emergency air
traffic situations are connected via SINA tech-
nology. The German Federal Armed Forces use
SINA to protect their global command informa-
tion system and its internal SAP applications.
14 15
government. Modern administration is thus
becoming an efficient result-oriented service
marked by greater responsiveness to citizens‘
needs. The consistent application of advanced
information and communication technologies
(ICT) is clearing the way to this lean administra-
tive culture. Aside from the digitisation of pre-
viously paper-based processes, this also pro-
vides an opportunity to review ingrained work
processes within and amongst public bodies
– and to modernise them.
This vision is already a reality in many parts of
German public administration. A good number
of the 6,000 autonomous town halls and coun-
ty halls are linked together in one of the most
advanced local government data networks into
a state-wide Virtual Private Network (VPN).
A broad range of responsive administrative
processes can now be handled in this data
network with direct communication among the
individual authorities. And this communication
network meanwhile extends well beyond
national frontiers. Thanks to efficient
Secure e-government has long been the
established reality in German local and
state government. Local government
data networks with drastically shortened
official channels ease the strain on
public budgets – to the benefit of all
citizens.
Increasing efficiency, quality and transparen-
cy are the guiding principles behind modern
administrative processes in state and local
Responsive Administration Thanks to Secure E-Government
E-Government
14 15
The three-stage model thus offers the highest
degree of availability, integrity and transparency
for transmitted data. Since it was first released
to users, T-Systems has controlled and
monitored the e-government platform from
a service and network management centre
around the clock. When it comes to security,
readiness for implementation and border-
crossing potential, this communication solution
has become a model for future European
e-government applications.
technical interfaces with the TESTA European
administrative network, German authorities now
enjoy a time and expense-saving direct link to
Europe, making them part of the modern public
administration infrastructure.
Model solutions
Thanks to direct data exchange, the new
network infrastructure enables faster job
processing among authorities because it is
free of media breaks. Citizens profit from
these improvements just as much as do public
bodies. For instance, instead of three weeks,
it now takes just four or five days to issue a
personal identity card.
Telekom's T-Systems subsidiary handles three
important aspects of security:
The VPN structure, which functions as a
secure tunnel through the internet and works
using the BSI-certified IPSec standard.
Data encryption and authentication with
digital signatures for applications guarantee
the trustworthiness of electronic communi-
cations, such as when sending e-mails and
documents.
A central directory service in the framework
of public key infrastructure (PKI) for keys
and certificates.
16 17
the efficiency of notebooks and PDAs, their
mobile use also makes them the Achilles’ heel
of company networks.
Mobile and hand-held computers no longer
only access relatively uncritical calendar
functions and contact information. Increasingly,
these devices also contain recent and sensitive
business data, as well as access authorization
details for the company network. Mobile
computers can be easily mislaid or even
stolen, making them into a security loophole
of unknown magnitude.
A security solution for mobile employees
In many industry sectors, employees who work
in business areas that involve high mobility,
such as sales, consulting, field work and
management, are equipped with PDAs and
notebooks, and have long made the “mobile
office” reality. By using different interfaces
and transmission paths, users can synchronize
their portable devices with centrally-held data,
including current CRM files, and can transfer
Secure Mobile Business
Mobile Security
Notebooks, PDAs and other devices are
making company data mobile, but also
creating new risks. But, with the right
security solutions, it is possible to combine
higher productivity and data security.
Information is one of the most valuable assets
a company has. Many companies first realize
this when they start storing their data on
mobile devices: although this helps increase
16 17
by practicality, user acceptance, management
efficiency and seamless integration into the
existing IT environment. Data encryption is
automatic and invisible to users, and there is
no way for operator errors to occur. A model
solution for mobile security: Microsoft Germany,
for example, protects its mobile devices by
using Utimaco’s security solutions, which fully
comply with Microsofts‘ internal data protection
standards. Numerous organisations world-
wide put their trust in these secure mobile
computing solutions.
newly gathered information into the company
network. The advantages of creating such a
“mobile office” are obvious: customers are
served faster and better, important information
is available anywhere and anytime, and
employee productivity increases significantly.
The security requirements of companies are of
crucial importance in mobile working, to enable
them to benefit from all advantages without
taking risks. Utimaco secure mobile computing
solutions guarantee that security concepts can
be made reality.
Tailor-made mobile security
To best meet a company’s security
requirements, a modular solution for mobile
devices is based on a concept with four
cornerstones:
Secure authentication
Encryption of all data
Central administration and configuration
No need for the user to install or uninstall
the security software
These cornerstones provide secure and
controllable mobile working environments
for both users and companies. Established
mobile security solutions are characterized
18 19
In order to respond to evolving emergencies
or threats quickly and appropriately, communi-
cations are expected to meet all the demands
for bandwidth, speed, dependability, robust-
ness and security – demands that are perfect-
ly met by mobile ad hoc networks (MANET).
Unlike existing wireless communication
networks such as mobile wireless networks,
mobile ad hoc networks require no base sta-
tions. Each system involved simultaneously
acts as a router, thus enabling highly mobile
end-to-end communications with no media
interruptions.
HiMoNN® (Highly Mobile Network Node) is
a solution for a MANET developed by IABG
GmbH. Thanks to its capabilities, HiMoNN®
always offers the greatest advantages
wherever a local concentration of various
response forces requires secure, stable
broadband communications. Such occasions
can arise anytime there are major events such
as football matches, mass disasters or even
security threats calling for an emergency
response such as a hostage situation.
Mobile Ad Hoc Networks – Deployed for Safety and Security
Mobile Ad Hoc Networks
Whether it’s a major sporting event,
flooding disaster or multi-vehicle accident
on the motorway – the authorities and
organisations in charge are expected
to respond as quickly as possible,
demonstrate extreme flexibility and offer
seamless co-ordination. New solutions in
mobile communications provide substan-
tial assistance without the need for fixed,
extensive communication infrastructures.
18 19
The solution proved its effectiveness and
impressive utility during various matches of the
German football league. Police equipped with
the devices had uninterrupted access to the
POLAS police information system over secure
broadband connections, thereby improving
security significantly for these matches.
Dependable, robust and capable
HiMoNN® provides its participants with voice,
data and video services. Access to online sensor
data and databases is also assured for each end
system device. The system performs automatic
self-optimisation in terms of local wireless con-
ditions, is easy to operate and can be deployed
on short notice. The modulation process it
uses permits a data transfer rate comparable
to that of DSL, and this in turn enables parallel
transmission of voice, video and mass amounts
of data in the shortest conceivable time. The
integration of a comprehensive QoS concept
enables support for realtime applications.
Using MANET with the greatest
possible security
These solutions are marked by more than just
their impressive mobility and flexibility. A major
Mobile Ad Hoc Networks
priority was also given to achieving the greatest
possible security. In co-operation with the
German Federal Office for Information Security
(BSI), IABG and the firm secunet Security
Networks AG implemented particularly secure
encryption and authentication technologies.
These technologies ensure communication that
cannot be penetrated by eavesdroppers, and
they also prevent any data manipulation during
transmission. Aside from its confidentiality and
integrity for the transmitted data, the security
architecture also ensures tight access controls
and authentication for network access.
IT security at the highest standards – it is the
means for exchanging even highly sensitive
data and information across ad hoc networks.
20 21
ID and Ticket Systems
Based on developments of the German IT security
industry and its co-operative effort to apply
international standards, the VDV (Association of
German Transportation Companies) has created
a system solution for Chip-Card-supported
tickets (eTickets). These eTickets are marked
by a high degree of flexibility and also are inter-
operable useable with various electronic payment
processes and storage media. When the elec-
tronic fare management system was introduced,
the main emphasis was placed on dynamically
integrating the IT security components with
user functions. The security architecture and
standardised components for applications
using touch-free interfaces were co-operatively
developed by T-Systems, Infineon and NXP,
among other firms, and then evaluated for
security quality by the German Federal Office for
Information Security (BSI).
Increased protection against counter-
feiting and more efficient controls
Electronic fare management benefits both
passengers and transport companies. The
International Standards for Ticket Systems: The Example of eTicketing
ID and ticket systems have to conform
to international standards while also
meeting high security standards. At the
same time, ticket users expect these
systems to be easy to use. One examp-
le is the “VDV core application” as a
system solution for “electronic fare
management” with “electronic tickets”
that can be read out securely through a
touch-free interface.
20 21
ID and Ticket Systems
former need not to keep exact pocket change
on hand to buy tickets, whereas the latter profit
from improved protection against counterfeiting
and more efficient controls. The technical and
organisational basis for this is provided by
the VDV core application. This models all the
necessary business processes for electronic
fare management in the form of a level model
while defining the interfaces among the
participants. In this, only the chip functioning as
storage media and the SAM security module
in the reading devices are specified in detail,
as are the customer-side interfaces – and
the providers remain free to choose their own
concrete technical designs.
Among the parts of IT security management
are also the providers who carry out the
certifications needed to operate a PKI and
who are responsible for administering the
organisational and module-specific keys
outside the PKI.
The level model enables transportation firms to
perform “soft” migration, as existing back-office
systems can still be used and phased out
when required by the transport operator.
In addition to cash-free payments and the
electronic ticket, the third stage calls for
“automated ticket pricing”. Passengers merely
swipe their personal chip cards across the
reading device and the data is read without
physical contact.
Ticket payments also via mobile phone
The nationwide rollout of this electronic fare
management system in Germany is to take
place in phases over the next few years. One
exciting development is the use of mobile tele-
phones as an alternative user media. By using
a mobile phone equipped with a contact-free
NFC interface (Near-Field Communication),
customers will have the option of buying their
tickets over the mobile phone network as well.
22 23
Electronic Personal Identification Documents
long time now. As one of the first countries
worldwide, Germany has achieved a new
milestone in the field of ID security by intro-
ducing new electronic passports that meet
EU requirements and ICAO standards. The
Bundesdruckerei GmbH (Privatised former
Federal Printing House) produces around
two million German passports each year and
equips some 5,700 passport offices throughout
Germany with the necessary infrastructure.
At first glance, the electronic passport hardly
appears to differ from its conventional
predecessor. It is only an internationally
standardised mark on the front cover that
indicates that the passport cover now
contains a chip.
Since November of 2005, the new ePassport
has contained a chip that stores an added
copy of the data on the passport holder
already printed on the document: a photo and
personal information such as name, gender
and place of birth. The next generation of the
newly issued ePassports will also contain two
images of the passport holder’s fingerprints
Always a Step Ahead of Forgers – the New German ePassport
Against the backdrop of increasing
globalisation, international co-operation in
all questions of security is indispensable.
Protecting identification documents
against forgery while allowing travellers
to be clearly identified are the central
requirements for protecting against crime.
German personal identity documents
– passports, personal ID cards and drivers’
licenses – have been considered to be
among the most secure in the world for a
22 23
Electronic Personal Identification Documents
on the chip. Both the chip hardware and the
software used on the chip were tested and
certified by the German Federal Office for
Information Security (BSI) according to the
internationally recognised “common criteria”
procedure.
High security combined with protection
of personal data
The digital data stored on the chip are
protected by various security features and
mechanisms. The data are given an electronic
signature ensuring the integrity and authen-
ticity of the data. To ensure that the data
cannot be surreptitiously read from the chip,
the “basic access control” procedure mandat-
ed for EU biometric passports is applied. An
additional cryptographic protocol (“extended
access control”) to access the data will be
used for the second phase.
Each of the communication steps here is encrypt-
ed and can only be initiated once the passport or
ID holders present their documents to a border
agent or other official who then lays it on the
terminal device. At each new reading procedure,
the serial number of the RF chip is automatically
changed, which prevents the data from being
traced. This security measure prevents third
parties from eavesdropping on the contact-free
communication between the passport and the
terminal.
As before, personal data are deleted at the
Bundesdruckerei printing house once the
passport is produced and inspected. This ful-
fils all the requirements for data protection,
and the procedure is regularly inspected by
the German Federal Commissioner for Data
Protection.
The issuance of biometrically-supported ID
documents is a major component in fighting
organised crime and international terrorism.
The aim here is to build on the high standards
already in existence and to increase document
security altogether.
24 25
International Standards
The introduction of electronic passports
(“ePassport”) has elevated the security of
identity documents to an as yet unimagined
level. For one, having an electronic copy of
the passport photo and – starting in 2007
– of the holder’s fingerprints directly in the
document permits a clear and undeniable
connection between the document and its
holder. On the other hand, the integration of
cryptographic security features has markedly
increased the document’s resistance to
forgery.
Yet these measures are only fully effec-
tive in reigning in document misuse if all
countries around the world are also capable
of reading the passports correctly. To guaran-
tee global interoperability, uniform standards
for electronic passports and the associated
reading devices are an absolute necessity.
Common Standards Create Security
The introduction of electronic passports
in Germany has made it one of the first
countries to complete the transition to
personal, biometry-based ID documents
that are protected against forgery. In
addition, the German IT industry and the
corresponding German federal authorities
– thanks to their extensive know-how and
the breadth of their experience in the field
– have played a key role in advancing the
development of internationally uniform
standards for biometrically-equipped
passports and the associated reading
devices.
24 25
International Standards
Industry and government join forces to
develop uniform standards
Because there are no internationally harmonised
testing specifications for the interface between
passports and reading devices as yet, the
German Federal Office for Information Security
(BSI) has launched the “ePassport Conformity
Testing” project.
The initiative, supported by BSI and the German
Federal Office of Criminal Investigation (BKA),
aims to produce detailed testing specifications
for electronic passports and reading devices so
as to guarantee interoperability worldwide and
to be able to test their conformity. Correct per-
formance on the respective tests for passports
or readers can be confirmed with a conformity
certificate from BSI.
The modular structure of testing specifications
also allows the testing specifications meant
for the “air” interface – the RF interface of the
passports – to be applied to additional systems
based on identical standards.
Specifications for the conformity test were
created with a key contribution of the semi-
conductor producers NXP and Infineon in the
framework of a demanding project; these speci-
fications were taken into consideration as the
German ePassport solution was developed. The
testing specifications were submitted through the
German Institute for Standardisation (Deutsches
Institut für Normung e.V. – DIN) and its inter-
national counterpart (International Organization
for Standardization/International Electrotechnical
Commission – ISO/IEC) to integrate them into
applicable international standards.
The success of German efforts at creating
conformity was illustrated at the largest inter-
national test of interoperability for the ePassports
in Berlin in the middle of 2006. There, the
functional capabilities of 400 electronic passports
from various countries were tested in combination
with 50 readers from diverse manufacturers.
The intense interest in the technology among
international experts and government representa-
tives was evident in the many inquiries they
made about BSI’s experiences when the German
ePassport was introduced.
2626
by the German IT security industry covers the
following fields as well as others:
Network security, data security,
encryption, transaction security
SmartCard solutions, passport and ID
card systems, card systems for industry
branches and companies
Security modules, crypto micro-
controllers, trusted computing
modules, operation systems
PKI and identity management, trusted
services, access, authentication,
authorisation, signatures
Biometric systems and components in
accordance with ICAO 9303
Security and conformity certifications
in accordance with ISO and ICAO
System integration and consulting
services, security concepts and applica-
tion solutions for complex systems
Exemplifying the total range of providers are
the following companies and their association,
TELETRUST:
The examples of IT security solutions presented
in this brochure are only a sample of the wide-
ranging solutions offered by German encryption
technology firms. Their full product and service
portfolio extends much further. The companies
are in intensive discussion with one another and
are jointly creating application-oriented security
solutions that enable electronic business
processes and security-critical information to
be protected. The portfolio of solutions offered
Improving Security Together – Solutions from German Encryption Firms
27
Federal Ministry of Economics and Technology
www.bmwi.de
AUMA – Association of the German Trade Fair Industry
www.auma-fairs.com
TeleTrusT Deutschland e.V.
www.teletrust.de
Federal Office for Information Security
www.bsi.bund.de
IFWexpo Heidelberg GmbH
www.ifw-expo.de
The official presentation of the Federal Republic of Germanyas well as this brochure are sponsored by
Improving Security Together – Solutions from German Encryption Firms
in cooperation with
supported by
Worldwide leading vendor of solution
for capture, manage and verification of
handwritten signatures and related data.
25 years in business. A unique technology is
used to extract and evaluate both the static
and dynamic (biometric) characteristics of
handwritten signatures. SOFTPRO is offering
solutions for e-signing as well as a holistic pro-
duct suite for fraud detection and prevention in
payment processing (FraudOne).
SOFTPRO demonstrates the hardware
and software combination of
SignPad and SignDoc:
– brand new
LCD signature
tablet capturing static and dynamic (biometric)
characteristics of signatures in real time in
unparalleled high resolution, sharp, accurate
and trustworthy.
– the reliable
software solution
secures electronic documents with the
characteristics of the handwritten signature,
compliant to e-signing laws throughout the
world.
secrypt Ltd.
Certified to ISO 9001, secrypt Ltd. specializes
in solutions for optimizing digital business
processes with legally compliant electronic
signatures, time stamps and encryption,
and, with its digiSeal product family, ensures
authenticity, protection from manipulation and
confidentiality for sensitive data. Examples:
eBilling
Health care: Signature lifecycle for the
digital archive
Administration and judiciary: Electronic
signing and certification of documents
USP: 2D barcode signature
www.secrypt.de
SOFTPRO
www.signature-verification.com
28
secunet is one of Europe‘s leading suppliers
of products and services in the area of highly
complex IT security solutions. The company
comprises four business units: High Security
(SINA products), Government, Business
Security and Automotive. Our reference
list includes international enterprises from
industrial sectors (e.g. BMW, HOCHTIEF)
as well as public authorities in Germany and
abroad (e.g. Federal German Ministry of
the Interior, UK Home Office). With the
Federal Government of Germany we further-
more have developed a long lasting security
partnership.
At the RSA® Conference we demonstrate our
VPN communication gateway SINA:
Our Secure Inter Network-Architecture is the
only IP-based technology that is approved by
the German Federal Office for Information
Security (BSI) for the transmission of classi-
fied information up to the national level TOP
SECRET.
Security is an integral component of all
T-Systems solutions. We classify our
dedicated Security Services into three
subject areas:
(i) Identity and Access Management (IAM),
(ii) Enterprise Security Management, and
(iii) Seamless ICT Infrastructure Security.
In each one of these areas, T-Systems offers
a broad spectrum of services along the
entire value chain. These include Security
Consulting, Engineering, Integration, Products
and Solutions, as well as Operations or
Management and Maintenance.
secunet Security Networks AG T-Systems
www.secunet.com
www.t-systems.com/ict-security
SINA LE Box
SINA Box Standard 3HE
29
Sirrix AG is one of the leading specialists in all
areas of Information Security. The main focus
is the design and development of innovative
security solutions for communication systems
and the protection of sensitive digital content.
Our competence furthermore includes the
design, analysis and implementation of crypto-
graphic schemes and protocols. Sirrix AG
has extensive experience in product-related
business and Sirrix Labs is recognized for
its development of highly-reliable hard- and
software.
Sirrix.CRYPT VOIP/ISDN/GSM is a fully
interoperable encryption system for securing
voice and data communication on link level.
TURAYA is a high-assurance security kernel
fulfilling highest security standards
and the first one incorporating
Trusted Computing functionalities.
TÜV Informationstechnik GmbH
TÜV Informationstechnik GmbH (short TUViT)
works impartially and competently in the
field of information technology. As a provider
of trust we focus on assessing, testing and
certifying any kind of IT products, IT systems
and IT processes which have to be compliant
to specific requirements.
TUViT is accredited by organizations and
government agencies for the scope of
IT Quality and IT Security. These accreditations
and our long experience in this field ensure
the quality of our services.
www.tuvit.net
Sirrix AG security technologies
www.sirrix.com
30
Sirrix.VPN is a highly distributed and easy
to manage corporate Trusted-VPN System
with TPM security chip.
Sirrix.PBX is a highly distributed
Private Branch Exchange, a telecom-
munication system supporting ISDN,
Voice-over-IP and mobile clients.
cryptovision Inc. is the leading supplier of
minimally invasive IT security products
with high ROI based on innovative crypto
technology (e.g. ECC, see Suite B).
Worldwide, more than 30 million people do
already use cryptovision technology for:
PKI for secure Identity Management
E-Mail encryption and digital signatures
Crypto libraries for various IT systems
(VHDL, Assembler, C, C++)
Smart Card Middleware for seemless token
integration
cryptovision demonstrates live:
Secure IDM with PKI exemplified at PKI
for Novell
Combine logical access and physical
access with Smart Card Middleware and
Card Management Systems
atsec information security is an independent,
standards-based IT security consulting and
evaluation services company that combines
a business-oriented approach to information
security with in-depth technical knowledge
and global experience. atsec was founded in
Munich in 2000 and has extensive operations
with offices in the US, Germany, Sweden, the
UK, and China. atsec works with leading global
companies such as IBM, HP, Oracle, Cray,
BMW, SGI, Vodafone, Swisscom, RWE, and
Wincor-Nixdorf.
CV Cryptovision Inc. atsec information security
www.cryptovision.com
www.atsec.com
31
IICS GmbH, based in Nuremberg, plans,
develops and markets products and solutions
for data and communication security in mobile
applications. IICS is a pioneer for mobile
security and has launched in 2007 the world‘s
first smart card in microSD format providing
security and PKI functionality for mobile
devices, particularly Smartphones and PDAs.
The certgate hardware token ensures that
mobile applications meet highest security
policies. Corporate processes can be extended
to mobile devices improving productivity
without sacrificing security. Mobile banking
gets comfortable security.
IICS demonstrates
Certgate Smart Card microSD PKI:
Smart Card Chip inside
Windows, Windows Mobile, Linux ...
No hardware drivers
microSD, adapters for miniSD, SD, USB
Middleware MS CSP and PKCS#11
512 MB Flash Memory
Nexus AB
Nexus is a leading e-Security company
providing products, solutions and services
for the international market.
Our business concept is to offer products,
solutions and services around information
security in order to protect our customer’s
sensitive information and knowledge from
unauthorized access.
Our clients are large companies, such as
Volkswagen AG group, Ericsson, govern-
mental organizations such as the German
Federal Pension Fund or the Swedish Police
and banks such as SEB Bank.
www.nexussafe.com
IICS GmbH
www.iics.de
32
SEFIROT the internationally leading provider of
PKI-based Smart Card solutions for industries
& authorities proudly presents newest inno-
vative access protection technology and smart
card life cycle management.
The companies core business:
personalization & deployment services for up
to millions of smart cards, PKI middleware,
valuable smart card services and products,
customer-specific integration projects.
Smart Card Logon Solutions
Multi-Workstation-Multi-Account Logon for
Windows, Linux, Solaris.
CITRIX Terminal Logon, 100% session
hopping.
Smart Card Life Cycle Manager
for small, medium and large-scale
enterprises
Customized smart card personalization,
enrollment
Supervision of smart cards
Multi-domain-support, PKI-key-management,
disaster recovery
Smart card remote management
Created in 2001 in Germany, SecurStar
develops encrypted security products, which
are among the most used software and
hardware in the private and corporate markets.
Its workforce, consisting of specialists in the
IT security area, are constantly trained to help
their customers, seeking their satisfaction and
data security.
The company is attentive to the needs of
the corporate sector, constantly updating its
products, and making the latest technology
available to its clients.
SEFIROT SecurStar GmbH
www.sefirot.de
www.securstar.com
33
NCP engineering GmbH is a provider of
application and industry-neutral communication
software for highly secure data transmission
in public networks and the Internet. Under the
guiding principle of "Secure Communications"
the firm develops products and solutions for
the areas of mobile computing, teleworking,
E-commerce, production data acquisition,
system control and branch office networking.
NCP product technology guarantees integra-
tion and compatibility with products from other
manufacturers.
NCP demonstrates the
NCP Secure Clients:
Windows Vista, XP, 2000, CE,
Windows Mobile, Symbian and Linux support
Managed solutions for medium and large
enterprizes
Conformity with all IPsec protocol extensions
Integrated, dynamic personal firewall
Strong authentication
Automatic hotspot logon
Friendly Net Detection
Intelligent connection management
Smooth user experience
Fraunhofer Institute for Secure Information Technology (SIT)
The Fraunhofer Institute for Secure Information
Technology SIT is a leading expert for IT security
and security by means of IT. Over 150 highly
qualified employees cover all relevant topics
and technologies and develop solutions for
immediate use, geared to the customer‘s needs.
The Institute offers development of secure solu-
tions and services, software licenses for security
products, and sophisticated security tests and
studies. The list of reference customers is the
resounding proof for a trustful and reliable
cooperation.
www.sit.fraunhofer.de
NCP engineering GmbH
www.ncp-e.com
34
Trustworthiness in
User-Friendly Manner
The members of the non profit organisation are
vendors as well as users from public and private
sector who form a strong competence network
for applied Cryptography and Biometrics.
Accordant to the demands of the every day
practice TeleTrusT supports the area wide
implementation of data encryption as well as
Identification, Authentification and Signature
for data protection and reliable E-Business.
In the interest of cross-border harmonization
TeleTrusT has created numerous initiatives on
the basis of established standards and con-
tributes decisively to the work of international
alliances.
Two main well established services are
European Bridge-CA and ISIS-MTT which
boost data integrity and privacy while providing
a verifiable audit trail – making e-business
trustworthy.
Secure information technology
for our society
The German Federal Office for Information
Security (BSI) is an independent and neutral
authority for IT security.
It has been established in 1991 as a high
level federal public agency within the area of
responsibility of the Ministry of the Interior.
The BSI employs a staff of around 500 people
and has a budget of some 60 million Euro.
BSI‘s ultimate ambition is the protection of
information and communication.
In this context, BSI has three strategic targets:
Prevention: Protecting information infra-
structures adequately
Preparedness: Responding effectively to IT
security incidents
Sustainability: Enhancing German compe-
tence in IT security/ Setting
international standards
TeleTrusT Deutschland e.V. Federal Office for Information Security (BSI)
www.teletrust.de
www.bsi.bund.de
35
Providing safety in a digital world
The partners of the German pavillon at the RSA® Conference 2008