Help

The symmetric cryptographic encryption algorithm 3-DES (Triple-DES) is the further development of the Data Encryption Standard DES and uses symmetric keys with a length of 112 Bit. DES is a widely used encryption algorithm with a key length of 56 Bit. However, this key length is nowadays regarded as insecure. In 3-DES the DES encryption is performed three times in a row with two independent cryptographic keys, which are generated from the 112 Bit key. DES is standardized as Federal Information Processing Standard FIPS 46-3 and becomes 3-DES by ANSI X9.52-1998.

The Advanced Encryption Standard AES is a symmetric encryption algorithm, which can operate symmetric keys with either 128, 192 or 256 Bit length. It was developed by the cryptographers Dr. Joan Daemen and Dr. Vincent Rijmen and named Rijndael-Chiffre. The algorithm is deemed suitably secure for the 21st century. It was standardized in the year 2001 as Federal Information Processing Standard FIPS 197.

The activation code is a 12 character alphanumeric value generated by authega entered by the user once to activate personal access to authega. It can only be used effectively when combined with the associated Activation-ID . The individual activation code is sent to the authega user via postal service.

Activation data is employed by the user to activate the personal access to authega. Activation does not mean that the user has complete access to his/her personalized services. To achieve this, he/she first needs an initialized Authentication medium as well for authentication purposes. The activation data are the activation code activation code and the activation ID Aktivierungs-ID , which are sent to the user by administration.

The activation ID is a number of up to 20 digits generated by authega employed by the user to activate a personal access to authega. It can only be used effectively when combined with the associated activation code . The individual activation ID is sent to the authega user via email.

An asymmetric key pair is assigned to a user or system individually. It consists of a public and a private key. The private key must only be known to the user and is used for individual authentication or decryption of electronic information using asymmetric, cryptographic methods. The public key is used by the general public to verify an electronic signature made with the private key or an individual encryption . The cryptographic method ensures that the encryption encryption and decryption as well as signature and signature check or authentication, respectively, only work for the respective key pair.

With asymmetric cryptographic methods, a person or system is always assigned two keys, i.e. an asymmetric key pair asymmetric key pair for e.g. signature, authentication or encryption purposes, a public and a private key. The public key is available to everyone, the private key only to the relevant person or system, respectively. The private key can e.g. be used to sign data or for authentication both of which can then be checked with the associated public key by everyone. The public key can be used to encrypt data for the respective communication partner and this data can then only be decrypted with this person's / system's private key. Well-known asymmetric, cryptographic methods are e.g. RSA, DSS and ECC.

A piece of software or file that provides pre-defined functionalities for technical access of a computer to authega to integrate other computer software.

Signature creation components (e.g. signature cards) and certification service providers (e.g. Trustcenter ) that shall be used in connection with authega and other related services have to provide a certain minimal level of security technology and meet certain technical requirements. These security technical minimal standards and technical requirements are described in the authega policy.

The authega certificate file is provided by an internationally acclaimed Trustcenter (D-Trust) and is used to verify the identity of authega to a computer or user. The Certificate has a singular characteristic. The electronic SHA256 fingerprint is: 856b031920112910880860748c61dc957aba585ccda495ebe1383d7eeaf5e2bf. If this Certificate has different fingerprints, it is not an authega certificate.

The authega certificate file is an electronic identity card for a person issued by a Trustcenter, verified by the trustcenter’s electronic signature, and particularly guaranteed by the assignment of a public key to a person. The authega certificate file is generated in the registration process and needed for logging-in to a business application.

Authentication is the process to prove the claimed identity of e.g. a person with respect to an electronic identifier. IT Systems achieved most often by checking the user login and password. Stronger security is provided by an authentication using asymmetric cryptographic methods or biometric characteristics (e.g fingerprint).

The security of authega relies, among other things, on the use of crytographic key pairs and, where applicable, on the associated digital certificates. The private keys in particular are stored in a file and are protected against unauthorised access. The medium on which these keys are stored is called authentication medium. The following authentication media can be used for authega:

• Certificate file

Als Authenticator wird im Rahmen der Login-Art FIDO/Passkey ein FIDO2-fähiges Gerät bezeichnet, das in der Lage ist, einen entsprechenden FIDO-Token bzw. einen Passkey zu erzeugen. Mit Authenticator sind also in diesem Zusammenhang gemäß der Erläuterung unter FIDO/Passkey aktuell drei unterschiedliche Arten von Geräten gemeint:

• Für die Nutzungsart FIDO: Ein sog. Security-Token, also ein Hardware-basierter Stick, auf dem das für den Login nötige geheime Schlüsselmaterial sicher und vor Unbefugten geschützt erzeugt und gespeichert wird, z.B. ein YubiKey, Nitrokey oder ein SoloKey. Dieser Security-Token wird z.B. per USB, Bluetooth oder NFC mit dem System verbunden, auf dem man sich anmelden will.
• Für die Nutzungsart Passkey mit Cloud-Synchronisation: Ein Mobilgerät, typischerweise ein Smartphone, das in der Lage ist, einen Passkey zu erzeugen und das beim Hinzufügen bzw. beim Login am PC/Laptop per Bluetooth (mittels Scannen eines QR-Codes) gekoppelt wird. Das funktioniert nur, wenn die Cloud-Synchronisation auf dem Mobilgerät aktiviert ist: Auf Apple Geräten der iCloud-Schlüsselbund, auf Android Geräten entweder der Google Passwortmanager oder der Passwortmanager eines anderen Herstellers. Bei Dienstgeräten ist die Cloud-Synchronisation aus Sicherheitsgründen oft deaktiviert, weshalb solche Geräte hierfür nicht genutzt werden können.  
• Für die Nutzungsart Passkey ohne Cloud-Synchronisation: Ein Windows 11 PC mit aktiviertem Windows Hello. Hierbei wird der Passkey im sicheren Speicherchip des PCs (Trusted Platform Module = TPM) erzeugt und gespeichert. Hierfür wird kein weiteres Gerät benötigt.

Für die Nutzung eines FIDO/Passkey Logins bei authega muss ein Authenticator verwendet werden, der über einen zweiten Faktor, also z.B. eine PIN oder ein biometrisches Merkmal (Finger-/Gesichtserkennung) abgesichert ist. Hierbei ist es unerheblich, für welche der o.g. Arten der Nutzung (FIDO oder Passkey mit/ohne Cloud-Synchronisation) man sich entscheidet: Ohne eine Absicherung des Authenticators mit einem zweiten Faktor, darf der FIDO/Passkey Login bei authega nicht genutzt werden.

Weitere Informationen zu den Vor- & Nachteilen der unterschiedlichen Nutzungs- & Gerätearten finden Sie unter FIDO/Passkey .

Authenticity generally means the integrity and credibility of data or a partner instance. Authenticity can be assured and checked through cryptographic methods e.g. asymmetric cryptographic methods. asymmetric cryptographic methods .

A black list is used by a  Trustcenter to publish certificates that were locked before their validity interval expired. All certificates listed in the black list are invalid as soon as they are published there.

The blocking code will be sent to authega users by post as part of the registration. This is required to block or delete access.

The purpose of captchas is to make a misuse of functions of authega, especially by automated attacks, more difficult by ensuring that an entry was made by a human.

An electronic identity card for a person, organization or system issued by a  Trustcenter and verified by the trustcenter's electronic signature and particularly guaranteed by the assignment of a public key to a person, organization or system. Usually certificates are published in a  directory service . authega issues personal certificates for persons.

Criteria to check and evaluate the security of information technology. They are suitable for the assessment of security characteristics for practically all products and systems. They were adapted by the International Organization for Standardization (ISO) as international standards with the number 15408.

In technical terms a computer virus is a non-autonomous program routine that reproduces itself by connecting itself to other software or operating system areas of e.g. a computer and that once started performs manipulations of it that cannot be controlled by the user. The idea and name of computer viruses is derived from the biological example of viruses. Computer viruses often cause changes or data loss in a computer and also cause problems with programs as well as interruptions of regular operations.

"Cookies" are small data sets that are stored on your device and managed by your browser when you visit a website. If you surf the same website again later, the website can recognize you. There are different types of cookies:

• Session-Cookies
• Tracking-Cookies

Cryptoboxes are usually used for the general  encryption of communication connections or lines. All electronic information transmitted over a communication connection is encrypted in a node with the cryptobox and decrypted on the other side with another cryptobox. The security of line encryption is usually based on strong, symmetric, cryptographic methods. All electronic information is encrypted with the same symmetric key which is only known to the relevant cryptoboxes.

A cryptochip is a high performance processor that speeds up cryptographic operations and performs them securely. It allows the secure storage of personal key media to protect then against unauthorized access. As part of the asymmetric method, it allows for example an individual secure storage of private keys. A cryptochip can for example be used on chip cards or in computer systems.

The general goal of cryptography is to make data unrecognizable for unauthorized third parties through the application of encryption encryption methods and the rule of keeping information confidential, respectively. Encryption is only as strong as the theoretical and mathematical effort required by an unauthorized person to reconstruct the data. Cryptography also contains methods to prove authentication , electronic signature and authenticity authenticity .

A crypto medium is cryptographic information used as input for cryptographic methods for encryption , authentication and electronic signature. A crypto medium is most often an individual piece of information like e.g. a password, a Password or the private key of an asymmetric key pair that is kept confidential by a person or system. It can, however, also be unique, biometric characteristics of a person like e.g. a fingerprint, characteristics of speech patterns or eyes. These are also publicly known key media of persons or systems which are e.g. used to check electronic signatures or authentication like for example the public key of an asymmetric key pair.

A directory service in this document means a database that is built hierarchically (tree structure) according to the ITU Standard X.500 and which allows querying of information using a suitable system. This is used e.g. for address, email and certificate directories which can be searched for the desired information according to different criteria. The database can also be distributed across more than one server.

Der Anzeigename ist vom Nutzer beim Hinzufügen eines neuen FIDO-Tokens/Passkeys frei wählbar. Er wird vom System vorgeschlagen und kann übernommen oder beliebig geändert werden, auch später noch. Der systemseitige Vorschlag wird nach dem Schema „authega LFF ID“ erstellt. Hierbei steht „LFF“ (Landesamt für Finanzen) für die PersonalID Bayern und „ID“ für Ihre authega-ID. Es ist ratsam, diesen Vorschlag um den Namen des verwendeten Authenticators zu ergänzen, z.B. mit "YubiKey 5 NFC" oder "iPhone SE". So lassen sich mehrere FIDO-Token/Passkeys besser unterscheiden.

Auf Ihrem Authenticator wird immer nur der Anzeigename angezeigt, der initial eingegeben wurde: Spätere Änderungen dessen im authega-Konto sind nur dort wirksam und nicht auf dem Authenticator.

Der Anzeigename entspricht im FIDO/Passkey-Standard dem sog. Displayname. Im Gegensatz zum Username wird er z.B. bei Login-Versuchen nicht immer angezeigt, sondern nur unter bestimmten Bedingungen.

The electronic identity is a name that a system can understand and correlate to a person or another system. This name is often called user login or account. An electronic identity is assigned permissions which curtail the use of the system by the system. This shall ensure that the user is really a legitimate user of the respective identity. This is achieved by a secure Authentication process.

An electronic signature is a technical method. An electronic signature allows the determination of the creator of data. It can be used as an electronic way to state an intention or for authentication authentication . Asymmetric cryptographic methods can be used to create and check electronic signatures.

authega uses the electronic signature only ever for authentication (Authentication Signature).

Electronic misuse means unauthorized access to systems including the unauthorized use of systems for one's own purposes. Please note that already unauthorized access to another one's Computer is a punishable offence in Germany. The laws concerning the misuse of computers are not the same throughout the EU.

Encryption means the transformation of data for secure storage or transfer. A cryptographic key is used to make the content of e.g. a document, a file or anemail unreadable for unauthorized third parties. Only the intended receiver can read the data using the matching (decryption) key. There are different encryption methods like symmetric, asymmetric and hybrid encryption.

Zwei unterschiedliche Nutzungsarten

FIDO steht für Fast IDentity Online und ist ein international anerkannter Standard, mit dem es möglich ist, sich bei Online-Diensten ohne Passwort, aber dennoch sehr sicher anzumelden. Passkey baut auf FIDO auf und ermöglicht durch Nutzung einer Cloud-Synchronisation eine geräte- und systemübergreifende passwortlose Anmeldung. Eine Passkey-Nutzung ist aber auch ohne Cloud-Synchronisation möglich. Dementsprechend kann man grundsätzlich zwischen zwei Arten der Nutzung eines FIDO/Passkey Logins unterscheiden:

• Entweder auf die "klassische" Art (FIDO), so wie der FIDO-Login ursprünglich konzipiert wurde: Hierfür benötigt man einen sogenannten Security-Token als Authenticator, also z.B. einen Hardware-Stick, in dem geheime Schlüssel sicher und vor Unbefugten geschützt gespeichert werden, z.B. einen YubiKey, Nitrokey oder SoloKey. Damit ein Security-Token bei authega genutzt werden kann, muss er FIDO2-fähig sein. Dieser Security-Token beherbergt das für einen Login nötige geheime Schlüsselmaterial und wird z.B. per USB, Bluetooth oder NFC mit dem System verbunden, auf dem man sich anmelden will. Bei dieser Art der Nutzung bleiben die geheimen Schlüssel immer auf dem Authenticator des Nutzers und somit in seiner eigenen und alleinigen Hoheit. Daher muss der Nutzer hier auch selbst für den Fall vorsorgen, dass der Authenticator nicht mehr genutzt werden kann (z.B. Verlust/Zerstörung), indem z.B. bei wichtigen Online-Diensten als alternative Login-Möglichkeit ein zweiter Authenticator hinzugefügt oder rechtzeitig sichergestellt wird, dass auch eine andere Login-Art genutzt werden kann (bei authega z.B. der Login mit Zertifikatsdatei oder Mobilgerät).
• Oder mit einem Passkey. Hier kann man zwischen zwei Arten von Passkeys unterscheiden:
  • Passkeys mit Cloud-Synchronisation: Hierbei wird als Authenticator typischerweise ein Mobilgerät (z.B. ein Smartphone) verwendet, das beim Hinzufügen bzw. beim Login am PC per Bluetooth (mittels Scannen eines QR-Codes) gekoppelt wird. In diesem Fall wird das geheime Schlüsselmaterial auf dem Mobilgerät erzeugt, über eine verschlüsselte Synchronisation in die Cloud des jeweiligen Herstellers übertragen und dort verschlüsselt gespeichert, i.d.R. abgesichert mit der vom Nutzer am Mobilgerät gesetzten Bildschirmsperre (z.B. PIN oder Finger-/Gesichtserkennung). Bei dieser Nutzungsart werden die geheimen Schlüssel also in die Hersteller-Cloud übertragen und befinden sich nicht mehr in der (alleinigen) Hoheit des Nutzers. Diese Art der Nutzung beinhaltet somit einerseits eine gewisse Abhängigkeit vom jeweils genutzten Anbieter, bietet typischerweise aber auch den Vorteil, dass bei Verlust/Zerstörung des verwendeten Geräts ein Wiederherstellungs-Mechanismus genutzt werden kann, um wichtige Online-Dienste auch in solchen Fällen weiter nutzen zu können. Typische Beispiele hierfür sind: Die Verwendung der Passwörter App i.V.m. mit dem iCloud-Schlüsselbund auf Apple-Geräten oder die Verwendung des in Google Chrome integrierten Passwortmanagers i.V.m. aktivierter Synchronisation über das Google Konto, z.B. auf Android oder Windows Geräten.
  • Passkeys ohne Cloud-Synchronisation: Bei dieser Art des Logins wird auch ein Passkey erzeugt, allerdings das geheime Schlüsselmaterial nicht in eine Cloud übertragen. Ansonsten funktioniert diese Login-Art ganz ähnlich wie die bisher beschriebenen Varianten. Eine Möglichkeit, wie man derzeit einen Passkey-Login ohne Cloud-Synchronisation nutzen kann, ist Windows Hello: Hierbei legt man auf einem aktuellen Windows PC z.B. eine PIN für den Windows-Login fest (alternativ ist auch Finger-/Gesichtserkennung möglich). Nachdem Windows Hello dementsprechend aktiviert wurde, kann es auch für die Passkey-Erzeugung und anschließend für Passkey-Logins bei Webdiensten genutzt werden, wobei der zweite Faktor die Windows Hello PIN (bzw. Finger-/Gesichtserkennung) ist. Hierbei bleibt das geheime Schlüsselmaterial derzeit in einem besonders gesicherten Speicherchip des PCs, dem sogenannten Trusted Platform Module (TPM). Auch bei dieser Art der Nutzung bleiben die geheimen Schlüssel also aktuell in der eigenen Hoheit des Nutzers und werden nicht in eine Cloud übertragen. Die Möglichkeit einer Cloud-Synchronisation ist jedoch für einen späteren Zeitpunkt vom Hersteller angekündigt.

Das bayerische Landesamt für Sicherheit in der Informationstechnik (LSI) empfiehlt ausdrücklich die Verwendung von Hardware-basierten Security-Token (FIDO), kommt in einer Risikoeinschätzung aber auch zu dem Schluss, dass die Nutzung von Cloud-synchronisierten Passkeys grundsätzlich vertretbar ist. In dieser Einschätzung weist das LSI auf folgende Punkte hin, die bei einer Entscheidung für/gegen eine Cloud-synchronisierte Passkey-Nutzung zu berücksichtigen sind:

• Die Passkeys können bei unzureichenden Sicherheitsmaßnahmen des Cloud-Anbieters aus der Cloud abfließen.
• Die Passkeys können vom Cloud-Anbieter (un)absichtlich gelöscht werden. Dabei ist wichtig zu erwägen, dass viele Cloud-Anbieter einem anderen Rechtsraum unterliegen.
• Ein Angreifer kann bei Übernahme des Kontos, mit dem der Nutzer auf die Anbieter-Cloud zugreift, auf sämtliche synchronisierte Passkeys zugreifen, sofern keine weiteren Sicherheitsmaßnahmen zum Schutz der Passkeys ergriffen wurden.

Vorteile und weitere wichtige Hinweise

Ein ganz wesentlicher Vorteil eines Logins mit FIDO/Passkey ist, dass dieser als Phishing-resistent gilt, da ein versehentliches Anmelden mit einem FIDO-Token/Passkey an einer gefälschten Webseite technisch ausgeschlossen ist (Bindung des Tokens/Passkeys bei dessen Erzeugung an die korrekte Domain des genutzten Online-Dienstes).

Für die Nutzung eines FIDO/Passkey Logins bei authega muss ein FIDO2-fähiger Authenticator verwendet werden, der über einen zweiten Faktor, also z.B. eine PIN oder ein biometrisches Merkmal (Finger-/Gesichtserkennung) abgesichert ist. Hierbei ist es unerheblich, für welche der o.g. Arten der Nutzung (FIDO oder Passkey mit/ohne Cloud-Synchronisation) man sich entscheidet: Ohne eine Absicherung des Authenticators mit einem zweiten Faktor darf der FIDO/Passkey Login bei authega nicht genutzt werden.

Insb. im Falle eines Verlusts des verwendeten Authenticators ist es daher sehr wichtig, dass dieser zweite Faktor nur vom legitimen Nutzer selbst eingegeben werden kann, weshalb z.B. eine vom Nutzer selbst gesetzte PIN so gesetzt sein muss, dass sie von Anderen nicht einfach erraten werden kann.

Ist ein bei authega hinzugefügter Authenticator abhanden gekommen, sollte dieser umgehend aus dem zugehörigen authega-Konto gelöscht werden. Das kann der Nutzer nach dem Login in authega selbst tun: unter Mein Benutzerkonto > FIDO/Passkeys verwalten kann jeder hinzugefügte FIDO-Token/Passkey auch wieder gelöscht werden. Nach erfolgter Löschung ist es nicht mehr möglich, sich mit diesem Token/Passkey bei authega einzuloggen (s. dazu auch die FAQ Wie lösche ich FIDO-Token/Passkeys aus meinem authega Konto? ). Steht zu befürchten, dass durch das Abhandenkommen des Authenticators das komplette authega-Konto sowie ggf. auch die angeschlossenen Fachverfahren und darin enthaltenen Daten kompromittiert sind, so sollte das authega-Konto komplett gelöscht werden: s. hierzu die FAQ Kann ich ein Benutzerkonto auch wieder löschen?

Siehe Authenticator (FIDO/Passkey)

Siehe Displayname (FIDO/Passkey)

Siehe Username (FIDO/Passkey)

Hackers are persons who break into networks, databases or hard drives for which they are not authorized to steal data stored there or to access personal information. They usually enter without the knowledge of the victim to gain access to keys, account numbers or credit card numbers.

Hijacking is the unauthorized takeover of a communication connection between a computer and a server. The attacker prepares for the takeover of the communication connection by listening into all the data of the other online session. The attacker may gain enough information from the collected data to synchronize his own computer with the server in question. The server will then not realize that it is connected to another than the computer which initially created the communication connection. Hijacking can make the takeover of an authenticated communication connection possible if the communication connection is not secured sufficiently.

A Hardware Security Module (HSM) is an (internal or external) peripheral device for the efficient and secure execution of cryptographic operations. It ensures the reliabilty and integrity of data and the related information for business critical IT systems. To guarantee the reliability, the cryptographic keys used have to be protected against physical attacks as well as side-channel attacks.

An HTML page is an internet page developed or written in Hyper-Text-Markup-Language. HTML is traditionally used to create internet pages.

HTTPS is the secure mode of the internet protocol HTTP (Hyper-Text-Transfer-Protocol) for the transfer of information via the internet. It integrated the security protocol SSL that offers encryption- and authentication mechanisms for a communication connection via the internet.

Is a cryptographic method that combines symmetric and asymmetric methods. Mostly it uses symmetric method as encryption mechanisms and asymmetric methods for the key exchange (Encryption of the symmetric key with the public key of the receiver).

Integrity in information security is a security goal that states that data shall be complete and unchanged for a certain amount of rime. A change could occur intentionally, accidentally or due to a technical error. Integrity comprises data security (protection against loss) and protection against forgery (protection from intended changes).
The integrity of data is guaranteed if the data originated for the specified sender and if they were transmitted to the receiver fully and unchanged.

The evaluation of ITSec includes the check and evaluation of the security characteristics of an information technological product according to the security criteria set down in the evaluation handbook. It is far beyond a simple check for conformity between the user guide and the real behavior of the product.

Malware is any type of malicious software like computer viruses, trojans, worms, etc. Malware provides functionality unknown to the user which can e.g. delete, change or copy data. It may also be used to spy data like passwords.

Masquerading means that a person or system assumes a faked identity in electronic traffic or that he/she/it is not the identity it pretends to be. In the absence of appropriate security measures, an unauthorized server can use e.g. similarities of names or covert electronic redirects to provide an internet page that the user requested of a trusted server. The unauthorized server can then for example spy the password during a user's login attempt or receive files not intended for it or present data not coming from the original server.

The key length is a measure for the strength of cryptographic encryption- and signature methods and determined by the number of Bits of the cryptographic key used in the methods. The higher the number of Bits of the used key, the stronger the cryptographic method. The minimal key length is the minimal number of Bits to be used for a cryptographic key to ensure that the respective method is regarded as strong.

Siehe  FIDO/Passkey

The password is your personal identification component that belongs to the certificate file generated and without which it is not possible to have access to your authega account. It is chosen by you yourself during the registration process according to the following requirements:

The password can be 15 to 128 characters long and must consist of a combination of at least 3 of the following 4 character groups: lowercase letters, uppercase letters, numbers and special characters.

The following table shows all characters that can be used for a password at authega:

Please note that the password has sufficient complexity so that it cannot be easily guessed by others. For example, your pet's name is not a secure password.
The selection of the password has decisive influence on the security of your authega certificate file and thus your access to the respective business application. This is even more important as the certificate file could be copied unnoticed (e.g. in the case of phishing) and then the assigned password alone represents the security anchor.
Please ensure that the password is neither lost nor known to others, as it cannot be reset or reassigned. Authentication with authega and access to the business applications can only be granted with a valid certificate file and knowledge of the associated password.

If you suspect that your certificate file has been copied unauthorized, as a precaution you should use My user account > Change password or My user account > Renew user account. By doing this your existing certificate file will become invalid and you will receive a new certificate file with a new password.

Further information on this topic can be found under Passwords from the Federal Office for Information Security.

A Personal Firewall is a security software for a personal computer improve protection against access by unauthorized third parties from the internet. It shall protect the computer against attacks from the outside and hinder certain programs like e.g. Computer viruses to access the Internet from your computer. To achieve this, the firewall controls all connections to other networks and also checks requests to the Internet as well as data coming onto the computer.

Phishing is a deliberate attack of a hacker with the intention to gain access to personal information like the victim's credit card numbers, passwords or PIN numbers. The victim for example receives a seemingly serious email or internet page from a seemingly well-known sender like civil service, a bank or a credit card institute. This then asks the victim to visit an internet page and to enter confidential, personal information there for required comparison or evaluation purposes. As this internet page is faked, the hacker will then gain access to the personal information and can then use them for his own interests.

Phishing is a neologism of the words "Password" and "fishing".

Defacto Standard of the company RSA Security defining the format for the storage and transport of asymmetric key pairs using Certificates and other electronic key media.

A security infrastructure that allows the exchange of encrypted data in non-secure nets (e.g. the Internet) based on a key pair (asymmetric encryption) issued by a trusted provider or to generate and check signatures. More information on asymmetric encryption or signatures can be found on the pages of the Bundesamt für Sicherheit in der Informationstechnik (BSI).

Plausibility concerns syntactic and semantic or formal and content-related correctness of electronic information. In authega, for example, only plausible information is sent from a portal to the business procedures.

In asymmetric measures this is the cryptographic key to which only the key holder must have access. The private key is used to generate electronic signatures (authentication signatures) and to decrypt data.

PSE means Personal Security Environment. This is a personal, electronic security area containing security relevant data like e.g. a private keys . A PSE is usually found on a chip card but it can also be a encrypted file. The PSE is either password protected or secured by a Password or biometric method (e.g. fingerprint).

In asymmetric measures this is the cryptographic key which the owner or issuing Trustcenter publishes publicly using a directory service directory service or on a disk, as internet download or via email. The public key is officially verified and associated with the identified person without reason for doubt using a Certificate issued and electronically signed by a Trustcenter . The public key is used to verify the owners electronic signatures or to encrypt electronic information, which only the owner can encrypt with his/her associated private key.

Qualified signature cards allow the holder amongst other to create a  electronic signature according to the German Signature law which is as binding as a manual signature. One pair of the key pairs contained on the qualified signature card is associated uniquely to the owner by a Trustcenter Trustcenter which is accredited by the Regulierungsbehörde für Post und Telekommunikation and processed by products for qualified signatures.

A internationally accepted method for symmetric Encryption named after the developer Ronald L. Rivest where the keys of varying length can be used. RC4 is basically a pseudo random number generator. The method was developed in 1987 by Rivest for RSA Security.

A revocation list is used by Trustcenter to publish certifikastes that were revoked before their validity expired. All certificates in a revocation list are invalid from the time of publication.

The RSA algorithm is an asymmetric, cryptographic method suitable for electronic signatures, authentication, as well as key exchange of symmetric keys via asymmetric encryption . It was developed in 1977 by Rivest, Shamir and Adleman. The security of this algorithm is based on the complexity of the factorization of big numbers.

Temporary cookies that are automatically deleted after each internet session is ended are known as session cookies. As a rule, these are deleted when you close your browser.

The security check of a system can be performed formally or technically. The system configuration will always be checked against imponderabilities with respect to security resulting in recommendations concerning the computer configuration. Further information on security on the internet can be found on the page "Deutschland sicher im Netz e. V." at www.sicher-im-netz.de. There are software products and scanners that check a computer's security configuration. Product may be run on the computer directly or check the configuration via a secure internet connection.

When exercising your own data, you must also belong to and protect a security option from the given questions. The security option gives you the opportunity to give or delete your own access to authega Zertifikate Different software key heard heard too broad. Only you and authega know which question and which answer the deletion enables your own access options.

The signature law is intended to create a framework for electronic signatures to so provide a secure legal basis for e.g. deals made on the internet. This law defines three types of electronic signatures: Simple electronic signatures , advanced electronic signatures and qualified electronic signatures . Compliance and control of the rules concerning the signature law are provided by the Regulierungsbehörde für Telekommunikation und Post (www.bundesnetzagentur.de).

Secure Socket Layer (SSL) is a protocol for secure data exchange between computer and server via the internet. Computer and server can authenticate each other using asymmetric cryptographic methods and encrypt data for data exchange. The protocol was developed by the company Netscape.

Symmetric methods use the same key for encryption encryption and decryption of data. If the encrypted file shall be transferred, the receiver must also be provided with the secret key using a secure communication path. A problem arises from the fact that there is no really secure method for key exchange apart from a conversation under 4 eyes. Asymmetric methods solve the key exchange problem.

A software certificate is a file with a special format (extension .pfx). The data is encrypted and can only be activated with a PIN for use. A software certificate can be stored on different storage media and copied as often as required. Backup copies can be easily z. B. on hard disk or USB stick.

TESTA (Trans-European Services for Telematics between Administrations is an Overlay network of the European public administrations. The primary goal of TESTA is to provide European organizations, agencies and administration with comprehensive and well-structured services based on accepted market standards to guarantee a simple and reliable exchange of data and best possible interoperability. One part of this big project is TESTA Germany, the cooperation of the state and the federal states to join the individual networks of the federal state and to provide a direct connection of individual federal agencies and the Informationsverbund Berlin-Bonn (IVBB). The TESTA network is the backbone of a "Corporate Network Administration" for communication across the borders of countries.

A token is an electronic key.  It is required to log in to authega.

In addition to cookies that are deleted after each session, there are also cookies that are saved over several sessions. These include the so-called tracking cookies.

A seemingly useful file or software that does not contain the expected content. This allows the file or software to install unwanted functionality on a computer >without the user's knowledge. This can then lead to passwords or other confidential data being spied, changed, deleted or sent to unauthorized parties during the next data transfer. This "data theft" usually remains unnoticed without dedicated security measures.

A Trustcenter is an independent trusted instance for the issuance and management of electronic Certificates . The Trustcenter digitally signs the certificates it generated and so guarantees the authenticity of the data on the certificate. As all participants of asymmetric methods trust the Trustcenter, they can so trust also in the validity of the issued Certificates and the public keys of the other participants.

A user account is an authorization for access to a restricted service or specialist procedure. A user has to authenticate himself when logging in.

Der Benutzername wird beim Hinzufügen eines neuen FIDO-Tokens/Passkeys vom System automatisch festgelegt und kann vom Nutzer nicht geändert werden. Er ist nach dem Schema „authega-lff-id“ aufgebaut. Auch hier steht „lff“ (Landesamt für Finanzen) für die PersonalID Bayern und „id“ für Ihre authega-ID.

Der Benutzername entspricht im FIDO/Passkey-Standard dem sog. Username. Im Gegensatz zum Displayname wird er z.B. bei Login-Versuchen immer angezeigt.

A virus scanner is a piece of software that up to a point protects from computer viruses by regularly or permanently checking the files on a computer (computer, server, ...). The virus scanner has to be kept up-to-date by regular and frequent update of the virus definition files to ensure best possible protection.