About us
The product has been added to the shopping cart Show shopping cart

Glossary

A B C D E F G H I J K M N O P Q R S T V W Z

A

a.trust

a.trust is an Austrian company that offers all services related to electronic signatures. a.trust operates on the basis of the Austrian Signature Act and the European Directive, i.e. it is a certification service provider for the issuance of qualified certificates (trust|sign) and secure digital signatures. a.trust maintains a public directory of certificates issued by it and a public, constantly updated revocation list in which the numbers of all revoked and blocked certificates are stored. All documents describing the technical and organizational factors and processes of trust|sign are published on the homepage of a.trust.
AES
Abbreviation for: Advanced Encryption Standard
A symmetric cryptosystem and successor to the DES and Triple DES method
A-SIT
Center for Secure Information Technology – Austria.
Asymmetric encryption
With this type of encryption, the digital signature is generated, which can then be sent and read securely. There is a key pair consisting of a public, freely accessible key and a private key. key of the user. These keys are managed by certification authorities or trust centers. Internet users can register there in person and then receive their chip card with the private key and can use this e.g. for home banking with HBCI for example.
ATC
Abbreviation for: engl. Application Transaction Counter
TAN counter, which is increased by 1 each time a TAN is generated.
Authentication
Authentication refers to the verification of a message to ensure that the sender of this message is actually the person it claims to be. Authentication is made possible with the help of digital signatures.
Learn more
Authentication
Authentication is used as a preparatory step to establish an identity, usually a person who wants to prove their identity. During authentication, the person identifies themselves through possession (e.g. key), knowledge (e.g. password) or being (e.g. biometric feature). The evidence presented in this way is then used for authentication used for authentication.
Learn more
Authorization
After successful authentication, certain rights are usually assigned. In a computer system, for example, the right to access certain files. This process is known as authorization. In most cases, the authorizations granted relate to the access or use of certain resources (e.g. the use of files) or the execution of certain transactions (e.g. transfers up to a predetermined amount).
Learn more

B

Backup

Data backup is a process in which copies of data are made on a computer system so that, in the event of data loss on this system, the backed-up data can be used to restore a state that is as close as possible to that at the time of the data loss. The amount of permanently lost data should be kept to a minimum through intelligent backup strategies. Backups can also be used to restore compromised systems to a guaranteed uncompromised state. In this case, it is important to ensure that backups of a system in an uncompromised state are present and available.
BIC
Abbreviation for: Bank Identifier Code
The BIC is the international bank identification code, which enables the worldwide identification of credit institutions. The BIC consists of a four-digit bank name, the respective country code, a two-digit location and the branch name. For international transfers, the BIC only needs to be specified until February 1, 2016.
Botnets
The name is derived from the word robot and describes a network of computers that are under the control of an attacker and are usually remote-controlled by the attacker. Botnets are used, for example, to carry out distributed denial-of-service attacks (DDoS) or to send SPAM. The malware that enables the attacker to take control of a computer is often installed by carelessly clicking on email attachments. However, malware can also be infiltrated via websites that exploit vulnerabilities in Internet browsers. For this reason, it is recommended that you do not generally work on your own PC with administrator authorizations.
Browser-Plugin
Program that extends the function of the Internet browser used.
BSI
Abbreviation for: Federal Office for Information Security

C

CCID
Abbreviation for: Circuit(s) Card Interface Devices Describes a standard protocol for communication between USB devices and smart cards.
Encryption key
Electronic key for encrypting messages; encrypted messages cannot be read by third parties. Customer and institution keys form a key pair. In HBCI banking with chip card, the customer key is stored in the chip of the HBCIchip card.
Chip card
Chip cards are usually plastic cards with an integrated chip on which a microprocessor is often implemented. Today, chip cards contain microprocessors with cryptographic functionality with which data can be encrypted or cryptographically signed. Chip cards with cryptographic functions in particular can be used to make online banking more secure in conjunction with correspondingly trustworthy hardware.
Chip card reader
Chip card readers are “chip contactors”: With a chip card reader, you can access a chip card and its functions from your computer: for example, HBCI cards for home banking or the GeldKarte for cashless payments. Smart card readers are divided into security classes depending on their features: A so-called class 3 reader has a keypad and display, a class 2 reader has only a keypad and a class 1 reader has neither.
Construction Kit
Construction kits are software tools that enable even a layman to develop a Trojan with just a few mouse clicks. Die so entstandenen Trojaner können besonders gefährlich sein, wenn sie gezielt in Hinblick auf ein potentielles Opfer entwickelt werden und nicht zur allgemeinen Verbreitung bestimmt sind. In this case, virus scanners cannot recognize them by means of a signature.
CT-API
Abbreviation for: Card Terminal Application Programming Interface The CT-API is an open interface with which handling and communication with smartcards can be realized independently of the application.

D

Data Encryption Standard

Data Encryption Standard(DES) is a frequently used symmetric encryption method. Also used as triple DES for greater security.
Data confidentiality
Data confidentiality means that no one who intercepts the file can read it. Data confidentiality is achieved through encryption.
Debit card
Payment card that has a credit limit and with which a cardholder can pay for goods or services at an electronic checkout. When paying with a debit card, the customer’s account is debited directly with the payment amount – usually after just a few working days. Payment is therefore often referred to as “pay now”.
DES
Abbreviation for: Data Encryption Standard
see Data Encryption Standard
DESFire
Mifare product name for contactless cards with current crypto algorithms
German Banking Industry
A committee of German banks that has defined standards for data exchange in home banking, among other things. Known as the Central Credit Committee(ZKA) until August 2011.
Digital signature
Digital signatures and electronic signatures are often used interchangeably.
Digital certificate
Traditional paper certificates are documents that confirm a certain property, ability or right to the holder. These can be ID cards, diplomas or insurance contracts. Certificates are signed by an authority that is trusted. Digital certificates are digital documents that assign a digital identifier to a natural person. This identifier is the public key from the individual key pair that is personally assigned to the certificate holder. The certificate is issued by a certification body. In this way, the real person can identify themselves in the virtual world and sign legally binding documents. The signature is verified using the public key and the digital certificate.
DLL injection
Abbreviation for: Dynamic Link Libary Injection
With DLL injection, malicious code is executed on the client system by a process that is actually trustworthy. This process is forced to reload the malicious code, which is located in a dynamic link library (DLL). This can be done, for example, by changing the registry entry that determines which DLLs are to be loaded when a program is started.
DNS protocol
Abbreviation for: Domain Name System protocol
The DNS protocol must run on every Internet computer and converts host names (e.g. www.sicherheitsoffensive2007.de) into IP addresses (e.g. 85.10.196.145) and vice versa. Without this conversion, it is not possible to communicate on the Internet, as the data packets can only be assigned to the correct computer using an IP address.
DNS spoofing
Abbreviation for: Domain Name System spoofing
DNS spoofing is a common form of pharming: An attacker manipulates the assignment between a computer name and the corresponding IP address. This allows the attacker to simulate the identity of two communication partners and thus receive the data packets of both partners.
Double submission control
A double submission check protects home banking with a chip card in the FinTS-standard against replay attacks, i.e. eavesdropping and multiple importing of the same transfer. The double submission control consists of a combination of sequence counter and a list of sequences already submitted.

E

EAL 4

Abbreviation for: Evaluation Assurance Level
There are 7 levels of trustworthiness that describe the correctness of the implementation of the system under consideration or the depth of testing.
EBICS
Abbreviation for: Electronic Banking Internet Communication Standard
EBICS is a multibank-capable standard for the transmission of payment transaction data via the Internet
ec card
Abbreviation for: Eurocheque card
see girocard
E-Commerce
This refers to any trade on the Internet between companies (business to business = B2B) and companies to end customers (business to consumer = B2C).
eHC
Abbreviation for: electronic health card
E-Government
E-government refers to electronic communication between public authorities and companies or citizens, e.g. applying for a passport, submitting your income tax return, etc.
eID
Abbreviation for: Electronic proof of identity
The online ID function of the nPA. It enables secure and clear identification with the ID card on the Internet and at vending machines
Simple signatures
Signatures that are not based on a qualified certificate and/or were not created using technical components and procedures recommended by a trust center for creating secure signatures are called simple digital signatures.
Electronic banking
Electronic communication between banks and their customers is called e-banking. This includes Internet banking, loan applications, the conclusion of building society contracts, securities trading, account statement services, etc.
Electronic Cash
With this payment method, the cardholder enters their personal identification number(PIN). After online verification by the card-issuing bank and a successful transaction, the merchant has a 100% payment guarantee.
ELSTER
Abbreviation for: Electronic tax return
ELSTER is a free tax program from the German tax authorities.
ELV
Abbreviation for: Electronic direct debit procedure
With the electronic direct debit procedure (ELV), the customer signs the payment slip and thereby agrees to the collection of the amount by direct debit. ELV is not an officially approved payment method of the German Banking Industry. The terminal simply reads the cardholder’s account number and sort code from the magnetic strip and the cardholder legitimizes himself with his signature. The transaction is carried out offline and does not include a payment guarantee.
ePA
Abbreviation for: Electronic ID card
Synonym for nPA (new ID card).
eSign
Abbreviation for: Electronic signature
The signature function of the nPA. It is used to sign digital documents in a legally binding manner.
eTicketing
Tickets or admission tickets that are only stored as an encrypted data record on a chip card.

F

Hard disk encryption
Hard disk encryption can protect data on laptops or PCs from hacker attacks. However, there are different types of hard disk encryption.
Learn more

Fingerprint

The fingerprint of a file is the hash value of this file. The hash value is the compressed version of a file. A person can be precisely identified by their fingerprint, a file by its hash value.
FinTS
Abbreviation for: Financial Transaction Service
In 2002, HBCI was renamed FinTS. Among other things, the standard defines security procedures for authenticating and encrypting orders. These security procedures include both the PIN/TAN procedure and chip cards with corresponding readers, through which HBCI has mainly become known.

G

Secret key

The secret key is stored on the user’s chip card and cannot be read. It is used for signature generation: When the message is signed, a kind of copy of the message is made and encrypted using the secret key. The signed document then consists of the original document and the encrypted copy.
Wallet
Electronic wallet for paying small amounts of money; established in Germany under the name GeldKarte.
Money messenger
Unsuspecting Internet users are now being recruited in large numbers by fraudsters as money messengers via mass emails. The money obtained through online banking fraud is to be laundered through third parties. The victim is lured by lucrative side jobs. It should make its own account available to receive a sum of money, withdraw it and pay it in cash into another account. A certain amount is promised as compensation. Caution: These transactions are punishable by law!
MoneyCard
Since 1997, this payment system has been used to pay small amounts for everyday needs in stores – and is now also available online. The basis is a chip on girocard or other bank customer cards, which is also known as an electronic wallet. This chip is used at the bank or with a cyberJack®chip card reader from home an amount up to max. 200,- € saved. When paying, the purchase amount is debited from the GeldKarte chip in the merchant terminal or on your home PC.
girocard
The former debit card is now called girocard and is becoming a multifunctional debit card (customer card). The eurocheque card (or ec card for short) was originally developed as a guarantee card for use with eurocheques. Today it is a multifunctional debit card. The electronic services that can be used with the card presented can be recognized by the pictograms applied and the card can now be individually designed by the issuing institutions. Today’s debit cards from the German banking industry can generally process all electronic payment methods such as electronic cash, ELV, OLV, POZ and GeldKarte. The card-accepting merchant decides whether or not to guarantee payment based on the selected payment method.
Greylisting
Greylisting is a method of combating SPAM in which the first attempt to deliver an e-mail is temporarily rejected. At the same time, the receiving e-mail server remembers the sender’s data and accepts the incoming e-mail on a second delivery attempt. In addition, a mail server working with greylisting usually keeps so-called white lists in which permitted senders are dynamically entered. Greylisting is successful in combating SPAM as long as the SPAMers do not use real queues to send e-mail, as regular mail servers do.
GSM card
Abbreviation for: Global System for Mobile Communications card
The cell phone card with a chip that is used to connect the phone to the digital mobile network. In addition, the personal cell phone book and SMS messages are stored on this card. With a PC card reader and the appropriate software, such as smartMate, this data can also be processed and saved from the PC.
Validity period
The validity period refers to the period of validity of a subscriber certificate within a PKI. For example, the validity period for a signature certificate in accordance with the German Signature Act is 3 years.

H

Hash function

A hash function is a compression function (summarization) for information. It calculates output values of a fixed length from input values of any length. These output values are referred to as hash values.
Hash value
The hash value is the compressed version of a file. You can think of the hash value as the fingerprint of a file. A person can be precisely identified by their fingerprint, a file by its hash value. The hash value is created by compressing a file of any size using a mathematical process called a hash function. The slightest change to the file results in a completely different hash value. There are various methods for calculating the hash value. The hash function is a one-way function. Such a hash function is not reversible, which means that it is not possible to restore the original text.
HBCI
Abbreviation for: Home Banking Computer Interface
HBCI has become the data exchange standard for home banking. The HBCI standard is based on threefold security: – by means of a chip card, – the password for the card, which the customer can name himself, – and the private and public data keys required for communication between the customer and the bank (see Encryption). When establishing the connection, the user authorizes himself with a password via his HBCI software on the bank server. This then sends the limits for all actions back to the software. The user can then complete their transactions, which are sent to the server in a data segment after completion. All data is exchanged via a backup technology integrated into the software.
Whistleblower Protection Act

The Whistleblower Protection Act was introduced throughout Europe to protect people who report legal violations within companies. This is also referred to as whistleblowing. Logically, these whistleblowers are not welcome at the companies in question. The Whistleblower Protection Act is intended to protect their rights.

Learn more

Home banking
Account inquiries, transfers and securities transactions from home – you can do all this via home banking on your PC over the Internet. To log in to the bank via the Internet, you first enter a personal password into the PC card reader. The personal chip card is activated and a code contained in it is transmitted to the bank. If the data is correct, the Internet account will be activated.

HTTPS

Abbreviation for: HyperText Transfer Protocol Secure (secure hypertext transfer protocol)
Standard protocol for the tap-proof transfer of data on the Internet.

I

IBAN

Abbreviation for: International Bank Account Number
The IBAN was developed and introduced to simplify international payment transactions. This consists of a two-digit country code (for Germany “DE”), a two-digit checksum and the bank sort code and account number. Since February 1, 2014, the use of the IBAN has been mandatory for transfers from companies and associations. The cut-off date for private customers is February 1, 2016.
Image
An image of a computer is a special backup method with which complete computers can be restored to a previous state in a short time. Creating images is a way of backing up a system at a time when the system is guaranteed to be uncompromised in order to have a reliable recovery source in the event of a compromise.
Integrity
Integrity means that the recipient of a message can recognize whether it has been manipulated (falsified) by an unknown attacker. The integrity of data is ensured by the digital signature.
IP address
Abbreviation for: Internet Protocol address
Number that allows the addressing of computers (and other) devices in an IP network such as the Internet. Technically speaking, the current Ipv4 version is a 32-digit binary number or a decimal number from 0 to 255 separated by dots. Example: 56.124.221.156
ITSEC
Abbreviation for: Information Technology Security Evaluation Criteria
The ITSEC standard refers to criteria for evaluating the security of information technology systems. The ITSEC standard is an internationally recognized standard for evaluating secure signature creation components. The ITSEC standard recognizes 7 evaluation levels (E0 to E6) and 3 security levels (low, medium and high). However, ITSEC is not sufficient for evaluating the entire security environment and is supplemented by individual requirements from FIPS 140 in the area of smart cards and by the British Standard (BS) 7799 in the organizational area. At European level, but also in the USA, the ITSEC standard will be replaced by the Common Criteria Common Criteria for Testing and Evaluating the Security of Information Technology for the Assessment of Trusted Security Technologies.

J

Java-Card

Variant of the Java programming language. Allows the execution of Java applets on smart cards.
Youth protection feature
Youth protection feature on the GeldKarte.

K

Key

See key.
Keylogger
A keylogger is a piece of software or hardware that logs all keystrokes made by a user on a computer and makes them available to an attacker. Keyloggers are used to spy on access codes in particular. Keyloggers based on hardware cannot be detected by software. Especially when using public computers, it should be expected that keyloggers are installed. Therefore, no information should be provided that could lead to the disclosure of confidential information.
Cryptography
Cryptography is a branch of mathematics that deals with the encryption of data. Where information is not secured by closed systems, cryptography can provide electronic security.
KVK
Abbreviation for: Health insurance card
Is currently being replaced by the eGK.

M

Man-in-the-middle attack

A so-called man-in-the-middle attack is a special attack method in which an attacker attacks the communication between two parties by being between the parties and being able to exercise full control over the data traffic. In online banking, the attacker may be malware on the user’s computer which manipulates the transfer data, for example. To protect against man-in-the-middle attacks, every user should always check exactly who the direct communication partner is and use trustworthy end devices. As a rule, your own PC cannot be classified as trustworthy.
Mifare
Brand name of NXP Semiconductors for contactless RFID chip card technology.

N

nPA

Abbreviation for: new ID card
new electronic ID card

O

Public key

Asymmetric encryption uses key pairs consisting of a public key and a private key. The public key is not secret and is managed by trust centers. It is necessary to carry out public operations, such as encrypting messages or verifying digital signatures.
OLV
Abbreviation for: Online Direct Debit Scheme
The Online Direct Debit Scheme (OLV) is a registered trademark. This is a payment method that offers a high level of security at low cost. The customer signs the payment slip and authorizes with this signature to collect the amount by direct debit. OLV is available to all ec card holders – even those who do not know their PIN or are worried about being observed when entering it at the till.

P

PACE protocol

Abbreviation for: Password Authenticated Connection Establishment Protocol
Refers to a password-based authentication and key agreement procedure. The protocol was developed by the German Federal Office for Information Security (BSI) for use in the nPA.
Patch
Software correction package. As a rule, such correction packages (patches) are delivered by manufacturers, bug fixes or software improvements which, among other things, close security gaps that have frequently become known.
PC/SC
Standard protocol for communication between the operating system and chip card reader or SmartCard.
Personal firewall
A personal firewall is a firewall for a single computer. This is software that is designed to protect the computer from attacks from an unprotected network, e.g. the Internet, and to control all network traffic.
Pharming
Pharming attacks are directed against the DNS protocol (Domain Name System). This is an attempt to “foist” false IP addresses on one of the many DNS servers available on the Internet. This means that the user is redirected to a fake website instead of their bank’s website, for example.
Phishing
The word phishing is a combination of the English words “password” and “fishing”. Phishing is the spying on passwords and other sensitive data, for example with the help of fake emails or websites. In online banking, attackers try to capture a user’s PINs and valid TANs in this way, which are then used to plunder the account.
PIN
Abbreviation for: Personal Identification Number
The PIN is the access control to the signing and decryption functions on the chip of the card and activates the (signature) key. A distinction is made between initial PIN, signature PIN and decryption PIN.
PKI
Abbreviation for: Public Key Infrastructure
See Public Key Infrastructure
private key
See secret key
Proxy Trojan
A proxy Trojan carries out a kind of man-in-the-middle attack. It intervenes in the online banking communication between the customer and the bank. The special thing about it is that it is usually active in real time directly on the victim’s PC and modifies all communication as required.
Public Key Infrastructure
The public key infrastructure provides the basis for secure virtual private networks, e-mail communications, portal authentication or electronic signatures. PKI manages the required certificates and electronic keys. It encrypts confidential information and you are therefore effectively protected against attacks. You can now carry out your electronic business processes securely. PKI is the umbrella term for the unity of people, hardware, software, guidelines and methods. It is involved in generating, issuing, storing, managing and revoking certificates. PKI is predominantly hierarchically structured.
PUK
Abbreviation for: Personal Unblocking Key
The signatory receives one PUK for the signature PIN (if permitted by the card type) and one for the encryption PIN; the functionality is the same. A PIN may only be entered incorrectly a maximum of 2 times in succession. After the 3rd incorrect entry, the card function is blocked and can be unblocked with the PUK. The PUK has a numerical design and is sent to the card applicant sealed in a PUK envelope. The PUK must be stored securely. However, the deblocking function by entering the PUK cannot be carried out indefinitely. The PIN may only be unblocked ten times in succession, i.e. a maximum of 32 consecutive incorrect PIN may be entered a maximum of 32 times in succession. If no correct PIN is entered after 10 consecutive deblocking attempts, the card is blocked forever.

Q

QES

Abbreviation for: Qualified Electronic Signature
see Qualified Electronic Signature
Qualified electronic signature
According to the German Signature Act(SigG), an advanced electronic signature that is based on a valid, qualified certificate and was created with a secure signature creation device(SSCD).
Qualified certificate
A qualified certificate clearly assigns signature creation data to a person. The certificate is stored in a publicly accessible database(directory service) and is saved on the signatory’s card when the card is handed over. A qualified certificate may only be issued by a certification service provider who has a certificate from the state supervisory authority for issuing qualified certificates.

R

RDH

Abbreviation for: RSA-DES hybrid method
Describes a mixed (hybrid) encryption method in which the symmetric Triple-DES method and the asymmetric RSA method are used together.
Regulation of the Digital Signature Act
Please note: The Digital Signature Act only defines the conditions under which the signature is recognized as secure. The legal effect of the qualified electronic signature, i.e. in which cases the qualified electronic signature can replace the handwritten signature, is not defined in the Signature Act! These regulations are set out in the Civil Code and the Administrative Procedure Act. Although the Digital Signature Act is very comprehensive and often very detailed, it does not regulate all applications of digital identity. Only digital certificates for persons are subject to regulation; computers and software objects remain unaffected. A further restriction is that a personal certificate in Germany only ever relates to a single natural person, not to a group of persons or a legal entity.
registration authority
See registration authority
Registration authority
A registration authority is the point of contact for applying for signature key certificates. The application is forwarded to a certification body. This issues the certificate and forwards it back to the registration authority for issue.
RegTP
Abbreviation for: Regulatory Authority for Telecommunications and Posts
The Regulatory Authority for Telecommunications and Posts is the highest hierarchical level of SigG-compliant trust centers in Germany.
Replay Attack Toolkit
When data is intercepted on a line and retransmitted to the institution’s system, this is known as a replay attack: a transfer is made to the correct recipient several times against the customer’s will.
RFID
Abbreviation for: Radio-Frequency Identification
For example, identification using electromagnetic waves. RFID enables the contactless recording of data.
RMA
Abbreviation for: Return Merchandise Authorization
Return Merchandise Authorization number.
Rootkit
A rootkit is a collection of software tools that attackers use to cover their tracks after successfully breaking into a system. In particular, they are used to conceal future activities, such as the attacker logging in, and to hide files and processes. The rootkit often also overwrites system commands.
RSA
Abbreviation for: Rivest, Shamir and Adleman
RSA is an asymmetric encryption method. RSA was invented in 1978 by Ron Rivest, Adi Shamir and Leonard Adleman.

S

key

In cryptography, a key is a piece of information that is used to control encryption and decryption.
Key certificate
In the case of key certificates, a distinction is made between the (qualified) certificate for signing (signature certificate) and the encryption or confidentiality certificate. The qualified certificate is the certificate of the public signature key, the encryption certificate is the certificate of the public encryption key. Attribute certificates do not contain keys.
SECCOS
Abbreviation for: Secure Chip Card Operating System
Operating system that runs on the microprocessor in the golden chip of the ZKA bank card.
Secoder
The Secoder standard was specified by the German Banking Industry. The aim was to define a simple chip card reader that is primarily optimized for online banking so that online transactions can be made even more secure by visualizing data on the card reader’s display. A Secoder chip card reader has: – Secoder seal of the ZKA – Keypad for entering confidential information such as the card PIN – Display for displaying and checking data, e.g. for the payment amount when paying online with a GeldKarte – An intelligent firewall, e.g. for blocking access to the chip card in the event of suspected misuse
SEPA
Abbreviation for: Single Euro Payments Area
To achieve greater competition and efficiency in the market and to ensure uniform procedures and standards for processing euro payments throughout Europe. IBAN then replaces the national account identifier.
Security class 1
These simple chip card readers do not have their own keyboard or display, so the data can be spied out when the user enters it on the way to the chip card via the PC.
Security class 2
Security class 2 readers have their own keypad, but no display. The data is transferred directly to the chip card without any detour via the PC and is thus protected against attacks by viruses or Trojans.
Safety class 3
Security class 3 readers have a keypad and a separate display on which the data is shown again immediately before the signature. This allows users to ensure that their entries have not been falsified and that the correct data is signed.
Safety class 4
Class 4 chip card readers have a personalized security module with RSA functions in addition to the keypad and display. This provides the respective communication partner with secure proof that a class 4 card reader has been used. The verification is realized by an additional signature, which the security module of the card reader calculates using the respective data. The card reader signature is embedded in the application using application-specific additional functions in the reader.
Security classes
The German Banking Industry’s security classes for chip card readers indicate the level of security the devices offer for data transmission.
SigG
Abbreviation for: Signature Act
See Signature Act.
Signature Act
The Digital Signature Act(SigV), in conjunction with the Digital Signature Ordinance, defines a security standard for digital signatures. The Digital Signature Act initially distinguishes between a simple, an advanced and a qualified electronic signature. Only the latter is regulated in detail and is therefore considered to be compliant with the Signature Act. The qualified signature must make the identity of the signatory recognizable by means of a certificate and be created using a secure signature creation device. The signature creation device is considered secure if it has either been evaluated accordingly by a state-approved testing body or if the manufacturer guarantees corresponding security. Furthermore, this signature creation device must be at the sole disposal of the signatory. And finally, the certification service provider must offer secure infrastructures, procedures and technology in accordance with the Signature Act and its follow-up regulations.
Signature card
The private key of a subscriber is securely stored on a signature card so that they can sign and decrypt their messages electronically.
Signature verification key
See public key
Signature verification
To verify the digital signature, your signature verification software requires the sender’s signature verification key. This signature verification key is contained in the sender’s certificate, which is sent with the signed message. The signature software automatically checks the validity and origin of the certificate as well as the integrity of the signed data and outputs the result of the check in a message.
Signature key
See secret key
Signature Ordinance
The Signature Ordinance(SigV) supplements the Signature Act with regard to the procedures and processes of the certification authorities.
Signing process
Let’s assume you want to sign a document electronically: After you have generated the electronic data, insert your signature card into the card reader. In your application program, click on the command Sign document. If it is an approved technical signature component, the content of the document will now be displayed to you again, namely with the help of the so-called display component (secure viewer) of your signature application software. Check what you see on the screen now, because this is the relevant content for the electronic signature! If you now want to confirm and sign the content, you must enter the PIN of your signature card.
SigV
Abbreviation for: Signature Ordinance
See Signature Ordinance.
Smart Card
SmartCard means clever, intelligent card: The golden chip on the card contains a “small computer” (processor chip card with cryptic co-processor) including the “SECCOS” operating system and can read, store, process and output data. This chip intelligence is used specifically to protect the interaction between chip card, application (e.g. online banking, cashless payment, e-ticketing), chip contact unit (e.g. external card terminal on the PC, card reader in the ATM) and infrastructure (e.g. background system of the credit institution, e-ticketing system) against misuse. Used as a synonym for chip card.
Smart Card Reader
Synonym for smart card reader
spam
Abbreviation for: Unsolicited advertising emails
Spam is the generic term for unsolicited advertising emails. The word has its origins in English, where Spam refers to cheap canned meat.
Locking service
A revocation service is a service provided by a trust center that can be used to order the revocation of certificates around the clock. This is important, for example, if a participant’s signature card has been stolen or they no longer appear trustworthy.
Block list
A revocation list (CRL) contains the information of revoked certificates of a trust center service provider. Certificates are revoked, for example, if a signature card is lost or stolen.
SSEE
Abbreviation for: Secure Signature Creation Device
Defined in the “Directive 1999/93/EC on a Community framework for electronic signatures” as configured software or hardware that is used to store and apply the signature key (signature creation device) and fulfills the requirements of Annex III of the Directive.
SSL/TLS
Abbreviation for: Secure Socket Layer / Transport Layer Security
SSL is a standardized protocol for encrypting messages on the Internet. The protocol was developed by Netscape and ensures complex 128-bit data encryption. TLS is the standardized form of SSL.
Symmetric encryption
The same key(DES) is used for encryption and decryption. This is also referred to as private key communication. The key handover or key exchange (sender/receiver) must take place via a secure transport route, as otherwise anyone who comes into possession of the key could read the data exchanged between sender and receiver. The symmetric method is around 1000 times faster than the asymmetric encryption method. The DES key is regenerated in the signatory’s PC for each encryption process using random numbers.

T

TAN

Abbreviation for: Transaction number
A TAN is used in electronic processes and serves to authorize a transaction. In online banking, for example, every transaction can only be completed by the user entering a correct TAN. In addition to the classic TAN procedure, there are now also extensions such as eTAN (electronic TAN), iTAN (indexed TAN) and mTAN (mobile TAN).
Ticket
Tickets on the GeldKarte
TLS
Abbreviation for: Transport Layer Security
Is the standardized form of SSL.
TR-03119
Abbreviation for: Technical guideline
Technical guideline of the Federal Office for Information Security (BSI), which describes the requirements for smart card readers with nPA support.
Triple DES procedure
Triple DES means triple application of the DES algorithm. The Data Encryption Standard (abbreviated to DES) is a frequently used symmetric encryption method. In the DES-DES process(abbreviated to DDV), electronic signatures and encryption are carried out using Triple DES. In the RSA-DEShybrid method(abbreviated to RDH), encryption is carried out using Triple-DES and the electronic signature using RSA. RSA is an asymmetric cryptographic method named after its inventors Rivest, Shamir and Adleman. Whether DDV or RDH is used for HBCI with chip card depends on the chip card generation.
Trojan
Trojans are programs that either appear to have a useful function or install themselves unnoticed as a virus on the user’s computer. Their purpose is to spy on the user’s data, e.g. by logging password entries. Trojans are often used to attack online accounts.
Trustcenter
Trust centers guarantee the general security of a public key infrastructure and represent the central institutions of trust by making a binding dedicated assignment of key pairs to persons(certification). Certification literally means attestation. Trust centers certify that a public key belongs to the owner of the key pair. Trust centers reliably establish the identity of their customers in order to be able to make this assignment of key and owner. For this purpose, the Trust Center requires the details of an application form and the presentation of a valid identity document to verify the details. In addition, the trust center requires a copy of this identification document signed by the applicant. Only after the trust center has established the customer’s identity beyond doubt does it create an individual signature card with the corresponding certificates for the customer.
Trust center services
Basic services provided to participants by an accredited trust center. These include the directory service, the blocking service and the timestamp service.
TÜV-IT
Abbreviation for: Technischer Überwachungs-Verein-Informationstechnik
TÜV Informationstechnik GmbH, based in Essen, offers testing and certification of IT products.

V

Encryption

Encryption protects your documents from unauthorized access Encryption and decryption also make use of the interplay of private and public keys: In order to encrypt a message specifically for a particular person, the sender uses an individual characteristic of the recipient, namely their public key. To open the encrypted message, the recipient then has to enter their complementary, i.e. private key must be activated. Since he always has the private key under his sole control, no one else can crack the message intended for him. Even though public and private keys are used for signing and encryption, every qualified certificate contains two key pairs: one for legally binding signing, the other for encryption and authentication.
Directory service
A directory service is a service provided by a trust center. The public keys of all certified participants are made available online in a directory service. Based on the directory service, the recipient of an encrypted message can then determine the authenticity of the sender.
Virus scanner
A virus scanner is software designed to protect a computer from malicious programs such as viruses and Trojans. As new viruses come into circulation every day, it is important to update the virus scanner daily. This ensures the best possible protection against this malicious code, but it can still happen that a computer is infected if it is infected by a virus that is not yet known to the virus scanner.

W

Whitepaper

A white paper is a document that deals with specific topics in fluent language without marketing ballast: as a (case) study, user description, analysis or market research. The limited topic is dealt with on up to 15 pages. White papers are increasingly being used as a communication tool.

Z

Timestamp

A time stamp within the meaning of the Digital Signature Act is a digital certificate issued by a certification authority with a digital signature confirming that certain digital data was available to it at the relevant time.
Time stamp service
A time stamp service is a service provided by a trust center with which any electronic files (the hash value of the files) can be provided with a time stamp.
Certification
Certification is the process of uniquely assigning a public key encryption key pair to a natural person. This includes the unique identification of this person and proof of possession of a public key.
Certification service provider
A certification service provider is a natural or legal person or other legally responsible entity that issues certificates and provides signature and certification services. A certification service provider provides signature products and procedures and is responsible for issuing, renewing and managing certificates (certificate creation and management). It is responsible for the registration of certificate applicants(registration office) and provides a directory and revocation service as well as an advisory service (fee-based hotline).
Certification authority
A certification authority is a natural or legal person who certifies the assignment of certificates and public signature keys to natural persons.
ZKA
Abbreviation for: Central Credit Committee
Since August 2011 German Banking Industry
Access control
Access control is a function of the micro-chip on the chip card. It means that the triggering of the signature (or decryption) is secured by an access authorization in the form of a PIN.