Help
3
3-DES
The symmetric cryptographic encryption algorithm 3-DES (Triple-DES) is the further development of the Data Encryption Standard DES and uses symmetric keys with a length of 112 Bit. DES is a widely used encryption algorithm with a key length of 56 Bit. However, this key length is nowadays regarded as insecure. In 3-DES the DES encryption is performed three times in a row with two independent cryptographic keys, which are generated from the 112 Bit key. DES is standardized as Federal Information Processing Standard FIPS 46-3 and becomes 3-DES by ANSI X9.52-1998.
A
Advanced Encryption Standard (AES)
The Advanced Encryption Standard AES is a symmetric encryption algorithm, which can operate symmetric keys with either 128, 192 or 256 Bit length. It was developed by the cryptographers Dr. Joan Daemen and Dr. Vincent Rijmen and named Rijndael-Chiffre. The algorithm is deemed suitably secure for the 21st century. It was standardized in the year 2001 as Federal Information Processing Standard FIPS 197.
Activation Code
The activation code is a 12 character alphanumeric value generated by authega entered by the user once to activate personal access to authega. It can only be used effectively when combined with the associated Activation-ID. The individual activation code is sent to the authega user via postal service.
Activation data
Activation data is employed by the user to activate the personal access to authega. Activation does not mean that the user has complete access to his/her personalized services. To achieve this, he/she first needs an initialized Authentication medium as well for authentication purposes. The activation data are the activation code activation code and the activation ID Aktivierungs-ID, which are sent to the user by administration.
Activation ID
The activation ID is a number of up to 20 digits generated by authega employed by the user to activate a personal access to authega. It can only be used effectively when combined with the associated activation code. The individual activation ID is sent to the authega user via email.
Asymmetric Key Pair
An asymmetric key pair is assigned to a user or system individually. It consists of a public and a private key. The private key must only be known to the user and is used for individual authentication or decryption of electronic information using asymmetric, cryptographic methods. The public key is used by the general public to verify an electronic signature made with the private key or an individual encryption. The cryptographic method ensures that the encryption encryption and decryption as well as signature and signature check or authentication, respectively, only work for the respective key pair.
Asymmetrc Cryptograhphic Methods
With asymmetric cryptographic methods, a person or system is always assigned two keys, i.e. an asymmetric key pair asymmetric key pair for e.g. signature, authentication or encryption purposes, a public and a private key. The public key is available to everyone, the private key only to the relevant person or system, respectively. The private key can e.g. be used to sign data or for authentication both of which can then be checked with the associated public key by everyone. The public key can be used to encrypt data for the respective communication partner and this data can then only be decrypted with this person's / system's private key. Well-known asymmetric, cryptographic methods are e.g. RSA, DSS and ECC.
authega-Functional Library
A piece of software or file that provides pre-defined functionalities for technical access of a computer to authega to integrate other computer software.
authega-Policy
Signature creation components (e.g. signature cards) and certification service providers (e.g. Trustcenter) that shall be used in connection with authega and other related services have to provide a certain minimal level of security technology and meet certain technical requirements. These security technical minimal standards and technical requirements are described in the authega policy.
authega-certificate
The authega certificate file is provided by an internationally acclaimed Trustcenter(D-Trust) and is used to verify the identity of authega to a computer or user. The Certificate has a singular characteristic. The electronic SHA256 fingerprint is: 3a 3b 1c 7f 86 ce f0 ec 26 86 c6 5f da 94 e0 7e 6d bf ce b5 ed 04 10 31 5f 25 94 6a 19 97 ec 31. If this Certificate has different fingerprints, it is not an authega certificate.
authega certificate file
The authega certificate file is an electronic identity card for a person issued by a Trustcenter, verified by the trustcenter’s electronic signature, and particularly guaranteed by the assignment of a public key to a person. The authega certificate file is generated in the registration process and needed for logging-in to a business application.
Authentication
Authentication is the process to prove the claimed identity of e.g. a person with respect to an electronic identifier. IT Systems achieved most often by checking the user login and password. Stronger security is provided by an authentication using asymmetric cryptographic methods or biometric characteristics (e.g fingerprint).
Authentication Medium
The security of authega relies amongst others on the use of digital certificates and the associated key pairs. These certificates and key pairs are either stored in a file. The medium on which certificate and key are stored is called authentication medium. The following authentication media can be used for authega:
- Software Certificate
Information is provided on the page "Registration".
Authenticity
Authenticity generally means the integrity and credibility of data or a partner instance. Authenticity can be assured and checked through cryptographic methods e.g. asymmetric cryptographic methods. asymmetric cryptographic methods.
B
Black Lists
A black list is used by a Trustcenter to publish certificates that were locked before their validity interval expired. All certificates listed in the black list are invalid as soon as they are published there.
Blocking Code
The blocking code will be sent to authega users by post as part of the registration. This is required to block or delete access.
C
Certificate
An electronic identity card for a person, organization or system issued by a Trustcenter and verified by the trustcenter's electronic signature and particularly guaranteed by the assignment of a public key to a person, organization or system. Usually certificates are published in a directory service. authega issues personal certificates for persons.
Common Criteria
Criteria to check and evaluate the security of information technology. They are suitable for the assessment of security characteristics for practically all products and systems. They were adapted by the International Organization for Standardization (ISO) as international standards with the number 15408.
Computer Viruses
In technical terms a computer virus is a non-autonomous program routine that reproduces itself by connecting itself to other software or operating system areas of e.g. a computer and that once started performs manipulations of it that cannot be controlled by the user. The idea and name of computer viruses is derived from the biological example of viruses. Computer viruses often cause changes or data loss in a computer and also cause problems with programs as well as interruptions of regular operations.
Cookies
"Cookies" are small data sets that are stored on your device and managed by your browser when you visit a website. If you surf the same website again later, the website can recognize you. There are different types of cookies:
Cryptobox
Cryptoboxes are usually used for the general encryption of communication connections or lines. All electronic information transmitted over a communication connection is encrypted in a node with the cryptobox and decrypted on the other side with another cryptobox. The security of line encryption is usually based on strong, symmetric, cryptographic methods. All electronic information is encrypted with the same symmetric key which is only known to the relevant cryptoboxes.
Cryptochip
A cryptochip is a high performance processor that speeds up cryptographic operations and performs them securely. It allows the secure storage of personal key media to protect then against unauthorized access. As part of the asymmetric method, it allows for example an individual secure storage of private keys. A cryptochip can for example be used on chip cards or in computer systems.
Cryptography
The general goal of cryptography is to make data unrecognizable for unauthorized third parties through the application of encryption encryption methods and the rule of keeping information confidential, respectively. Encryption is only as strong as the theoretical and mathematical effort required by an unauthorized person to reconstruct the data. Cryptography also contains methods to prove authentication, electronic signature and authenticity authenticity.
Crypto Medium
A crypto medium is cryptographic information used as input for cryptographic methods for encryption, authentication and electronic signature. A crypto medium is most often an individual piece of information like e.g. a password, a Password or the private key of an asymmetric key pair that is kept confidential by a person or system. It can, however, also be unique, biometric characteristics of a person like e.g. a fingerprint, characteristics of speech patterns or eyes. These are also publicly known key media of persons or systems which are e.g. used to check electronic signatures or authentication like for example the public key of an asymmetric key pair.
D
Directory Service
A directory service in this document means a database that is built hierarchically (tree structure) according to the ITU Standard X.500 and which allows querying of information using a suitable system. This is used e.g. for address, email and certificate directories which can be searched for the desired information according to different criteria. The database can also be distributed across more than one server.
E
Electronic Identity
The electronic identity is a name that a system can understand and correlate to a person or another system. This name is often called user login or account. An electronic identity is assigned permissions which curtail the use of the system by the system. This shall ensure that the user is really a legitimate user of the respective identity. This is achieved by a secure Authentication process.
Electronic Signature
An electronic signature is a technical method. An electronic signature allows the determination of the creator of data. It can be used as an electronic way to state an intention or for authentication authentication. Asymmetric cryptographic methods can be used to create and check electronic signatures.
authega uses the electronic signature only ever for authentication(Authentication Signature).
Electronic Misuse
Electronic misuse means unauthorized access to systems including the unauthorized use of systems for one's own purposes. Please note that already unauthorized access to another one's Computer is a punishable offence in Germany. The laws concerning the misuse of computers are not the same throughout the EU.
Encryption
Encryption means the transformation of data for secure storage or transfer. A cryptographic key is used to make the content of e.g. a document, a file or anemail unreadable for unauthorized third parties. Only the intended receiver can read the data using the matching (decryption) key. There are different encryption methods like symmetric, asymmetric and hybrid encryption.
F
H
Hackers
Hackers are persons who break into networks, databases or hard drives for which they are not authorized to steal data stored there or to access personal information. They usually enter without the knowledge of the victim to gain access to keys, account numbers or credit card numbers.
Hijacking
Hijacking is the unauthorized takeover of a communication connection between a computer and a server. The attacker prepares for the takeover of the communication connection by listening into all the data of the other online session. The attacker may gain enough information from the collected data to synchronize his own computer with the server in question. The server will then not realize that it is connected to another than the computer which initially created the communication connection. Hijacking can make the takeover of an authenticated communication connection possible if the communication connection is not secured sufficiently.
Hardware Security Modul (HSM)
A Hardware Security Module (HSM) is an (internal or external) peripheral device for the efficient and secure execution of cryptographic operations. It ensures the reliabilty and integrity of data and the related information for business critical IT systems. To guarantee the reliability, the cryptographic keys used have to be protected against physical attacks as well as side-channel attacks.
HTML-Page
An HTML page is an internet page developed or written in Hyper-Text-Markup-Language. HTML is traditionally used to create internet pages.
HTTPS
HTTPS is the secure mode of the internet protocol HTTP (Hyper-Text-Transfer-Protocol) for the transfer of information via the internet. It integrated the security protocol SSL that offers encryption- and authentication mechanisms for a communication connection via the internet.
Hybrider kryptographischer Algorithmus
Is a cryptographic method that combines symmetric and asymmetric methods. Mostly it uses symmetric method as encryption mechanisms and asymmetric methods for the key exchange (Encryption of the symmetric key with the public key of the receiver).
I
Integrity
Integrity in information security is a security goal that states that data shall be complete and unchanged for a certain amount of rime. A change could occur intentionally, accidentally or due to a technical error. Integrity comprises data security (protection against loss) and protection against forgery (protection from intended changes).
The integrity of data is guaranteed if the data originated for the specified sender and if they were transmitted to the receiver fully and unchanged.
ITSec
The evaluation of ITSec includes the check and evaluation of the security characteristics of an information technological product according to the security criteria set down in the evaluation handbook. It is far beyond a simple check for conformity between the user guide and the real behavior of the product.
M
Malware
Malware is any type of malicious software like computer viruses, trojans, worms, etc. Malware provides functionality unknown to the user which can e.g. delete, change or copy data. It may also be used to spy data like passwords.
Masquerading
Masquerading means that a person or system assumes a faked identity in electronic traffic or that he/she/it is not the identity it pretends to be. In the absence of appropriate security measures, an unauthorized server can use e.g. similarities of names or covert electronic redirects to provide an internet page that the user requested of a trusted server. The unauthorized server can then for example spy the password during a user's login attempt or receive files not intended for it or present data not coming from the original server.
Mindestschlüssellänge
The key length is a measure for the strength of cryptographic encryption- and signature methods and determined by the number of Bits of the cryptographic key used in the methods. The higher the number of Bits of the used key, the stronger the cryptographic method. The minimal key length is the minimal number of Bits to be used for a cryptographic key to ensure that the respective method is regarded as strong.
O
P
Password
The password is your personal identification component that belongs to the certificate file generated and without which it is not possible to have access to your authega account. It is chosen by you yourself during the registration process according to the following requirements:
The password can be 15 to 128 characters long and must consist of a combination of at least 3 of the following 4 character groups: lowercase letters, uppercase letters, numbers and special characters.
The following table shows all characters that can be used for a password at authega:
a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z |
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | ä | ö | ü | ß | Ä | Ö | Ü | ! | " | # | $ | % | & | ' | ( | ) |
* | + | - | . | / | : | ; | < | = | > | ? | @ | [ | ] | \ | ^ | _ | ` | { | } | | | ~ |
Please note that the password has sufficient complexity so that it cannot be easily guessed by others. For example, your pet's name is not a secure password.
The selection of the password has decisive influence on the security of your authega certificate file and thus your access to the respective business application. This is even more important as the certificate file could be copied unnoticed (e.g. in the case of phishing) and then the assigned password alone represents the security anchor.
Please ensure that the password is neither lost nor known to others, as it cannot be reset or reassigned. Authentication with authega and access to the business applications can only be granted with a valid certificate file and knowledge of the associated password.
If you suspect that your certificate file has been copied unauthorized, as a precaution you should use My user account > Change password or My user account > Renew user account. By doing this your existing certificate file will become invalid and you will receive a new certificate file with a new password.
Further information on this topic can be found under Passwords from the Federal Office for Information Security.
Personal Firewall
A Personal Firewall is a security software for a personal computer improve protection against access by unauthorized third parties from the internet. It shall protect the computer against attacks from the outside and hinder certain programs like e.g. Computer viruses to access the Internet from your computer. To achieve this, the firewall controls all connections to other networks and also checks requests to the Internet as well as data coming onto the computer.
Phishing
Phishing is a deliberate attack of a hacker with the intention to gain access to personal information like the victim's credit card numbers, passwords or PIN numbers. The victim for example receives a seemingly serious email or internet page from a seemingly well-known sender like civil service, a bank or a credit card institute. This then asks the victim to visit an internet page and to enter confidential, personal information there for required comparison or evaluation purposes. As this internet page is faked, the hacker will then gain access to the personal information and can then use them for his own interests.
Phishing is a neologism of the words "Password" and "fishing".
PKCS#12
Defacto Standard of the company RSA Security defining the format for the storage and transport of asymmetric key pairs using Certificates and other electronic key media.
PKI
A security infrastructure that allows the exchange of encrypted data in non-secure nets (e.g. the Internet) based on a key pair (asymmetric encryption) issued by a trusted provider or to generate and check signatures. More information on asymmetric encryption or signatures can be found on the pages of the Bundesamt für Sicherheit in der Informationstechnik (BSI).
Plausibility
Plausibility concerns syntactic and semantic or formal and content-related correctness of electronic information. In authega, for example, only plausible information is sent from a portal to the business procedures.
Private Schlüssel
In asymmetric measures this is the cryptographic key to which only the key holder must have access. The private key is used to generate electronic signatures (authentication signatures) and to decrypt data.
PSE
PSE means Personal Security Environment. This is a personal, electronic security area containing security relevant data like e.g. a private keys. A PSE is usually found on a chip card but it can also be a encrypted file. The PSE is either password protected or secured by a Password or biometric method (e.g. fingerprint).
Public Key
In asymmetric measures this is the cryptographic key which the owner or issuing Trustcenter publishes publicly using a directory service directory service or on a disk, as internet download or via email. The public key is officially verified and associated with the identified person without reason for doubt using a Certificate issued and electronically signed by a Trustcenter. The public key is used to verify the owners electronic signatures or to encrypt electronic information, which only the owner can encrypt with his/her associated private key.
Q
Qualified Signature Cards
Qualified signature cards allow the holder amongst other to create a electronic signature according to the German Signature law which is as binding as a manual signature. One pair of the key pairs contained on the qualified signature card is associated uniquely to the owner by a Trustcenter Trustcenter which is accredited by the Regulierungsbehörde für Post und Telekommunikation and processed by products for qualified signatures.
R
RC4
A internationally accepted method for symmetric Encryption named after the developer Ronald L. Rivest where the keys of varying length can be used. RC4 is basically a pseudo random number generator. The method was developed in 1987 by Rivest for RSA Security.
Revocation List
A revocation list is used by Trustcenter to publish certifikastes that were revoked before their validity expired. All certificates in a revocation list are invalid from the time of publication.
RSA Method
The RSA algorithm is an asymmetric, cryptographic method suitable for electronic signatures, authentication, as well as key exchange of symmetric keys via asymmetric encryption. It was developed in 1977 by Rivest, Shamir and Adleman. The security of this algorithm is based on the complexity of the factorization of big numbers.
S
Session-Cookies
Temporary cookies that are automatically deleted after each internet session is ended are known as session cookies. As a rule, these are deleted when you close your browser.
Security Check
The security check of a system can be performed formally or technically. The system configuration will always be checked against imponderabilities with respect to security resulting in recommendations concerning the computer configuration. Further information on security on the internet can be found on the page "Deutschland sicher im Netz e. V." at www.sicher-im-netz.de. There are software products and scanners that check a computer's security configuration. Product may be run on the computer directly or check the configuration via a secure internet connection.
Security Question
When exercising your own data, you must also belong to and protect a security option from the given questions. The security option gives you the opportunity to give or delete your own access to authega Zertifikate Different software key heard heard too broad. Only you and authega know which question and which answer the deletion enables your own access options.
Signature Act
The signature law is intended to create a framework for electronic signatures to so provide a secure legal basis for e.g. deals made on the internet. This law defines three types of electronic signatures: Simple electronic signatures, advanced electronic signatures and qualified electronic signatures. Compliance and control of the rules concerning the signature law are provided by the Regulierungsbehörde für Telekommunikation und Post (www.bundesnetzagentur.de).
Signature Card
Please note the recommendations of the issuer of your signature card regarding the support of certain operating systems. Only signature cards from Bayern PKI are supported. These can be obtained from the registration office of your authority (e.g. as a SmartCard or in connection with an ID card) .Please note the recommendations of the issuer of your signature card with regard to the support of certain operating systems. These can be obtained from the registration office of your authority (e.g. as a SmartCard or in connection with an ID card).
Secure Socket Layer (SSL)
Secure Socket Layer (SSL) is a protocol for secure data exchange between computer and server via the internet. Computer and server can authenticate each other using asymmetric cryptographic methods and encrypt data for data exchange. The protocol was developed by the company Netscape.
Symmetrische kryptographische Verfahren
Symmetric methods use the same key for encryption encryption and decryption of data. If the encrypted file shall be transferred, the receiver must also be provided with the secret key using a secure communication path. A problem arises from the fact that there is no really secure method for key exchange apart from a conversation under 4 eyes. Asymmetric methods solve the key exchange problem.
Software Certificate
A software certificate is a file with a special format (extension .pfx). The data is encrypted and can only be activated with a PIN for use. A software certificate can be stored on different storage media and copied as often as required. Backup copies can be easily z. B. on hard disk or USB stick.
T
TESTA
TESTA (Trans-European Services for Telematics between Administrations is an Overlay network of the European public administrations. The primary goal of TESTA is to provide European organizations, agencies and administration with comprehensive and well-structured services based on accepted market standards to guarantee a simple and reliable exchange of data and best possible interoperability. One part of this big project is TESTA Germany, the cooperation of the state and the federal states to join the individual networks of the federal state and to provide a direct connection of individual federal agencies and the Informationsverbund Berlin-Bonn (IVBB). The TESTA network is the backbone of a "Corporate Network Administration" for communication across the borders of countries.
Tracking-Cookies
In addition to cookies that are deleted after each session, there are also cookies that are saved over several sessions. These include the so-called tracking cookies.
Trojans
A seemingly useful file or software that does not contain the expected content. This allows the file or software to install unwanted functionality on a computer >without the user's knowledge. This can then lead to passwords or other confidential data being spied, changed, deleted or sent to unauthorized parties during the next data transfer. This "data theft" usually remains unnoticed without dedicated security measures.
Trustcenter
A Trustcenter is an independent trusted instance for the issuance and management of electronic Certificates. The Trustcenter digitally signs the certificates it generated and so guarantees the authenticity of the data on the certificate. As all participants of asymmetric methods trust the Trustcenter, they can so trust also in the validity of the issued Certificates and the public keys of the other participants.
U
Username
A user account is an authorization for access to a restricted service or specialist procedure. A user has to authenticate himself when logging in.
V
Virus Scanner
A virus scanner is a piece of software that up to a point protects from computer viruses by regularly or permanently checking the files on a computer (computer, server, ...). The virus scanner has to be kept up-to-date by regular and frequent update of the virus definition files to ensure best possible protection.