a.trust
a.trust is an Austrian company that offers all services related to electronic signatures. a.trust operates on the basis of the Austrian Signature Act and the European Directive, i.e. it is a certification service provider for the issuance of qualified certificates (trust|sign) and secure digital signatures. a.trust maintains a public directory of certificates issued by it and a public, constantly updated revocation list in which the numbers of all revoked and blocked certificates are stored. All documents describing the technical and organizational factors and processes of trust|sign are published on the homepage of a.trust.
AES
Abbreviation for: Advanced Encryption Standard - A symmetric cryptosystem and successor to the DES and Triple DES method
Alternating teleworking
In addition to working from home, this form of teleworking also involves fixed days of presence at the company and is very often implemented in practice. In this way, attempts are made to minimize the potential risks of this form of work (loss of social ties within the company, poor flow of information, career barriers).
Traffic light account
The traffic light account serves as a control instrument for flexible working time organization and, in addition to recording actual working time, enables the necessary regulations for dealing with the different time balances. Similar to traffic lights, it is divided into a red, an amber and a green phase. During the green phase, employees can work a predefined number of plus or minus hours and manage them independently. In the yellow phase, the agreed number of plus or minus hours is exceeded or not reached, i.e. the employees agree measures with the group or their superiors to balance the account. In the red phase, supervisors and employees jointly analyze how the high time account balance can be balanced.
Readiness for work
The Federal Labor Court (BAG) defines readiness for work as the "time of alert attentiveness in a state of relaxation". Employees are obliged to remain at the workplace without carrying out specific activities in order to be able to take up work when required. Standby duty is part of regular working time.
Work break
Interruption of working hours for a shorter or longer period.
Work plan
Planning of employees' working hours and shifts, including absences.
Working hours
Working time within the meaning of this Act is the time from the start to the end of work, excluding rest breaks; working hours for several employers are to be added together (Section 2 (1) sentence 1 ArbZG). In underground mining, rest breaks count as working time.
Working time recording
The term "working time recording" stands for a variety of methods that can be used to record employees' working times. At the very least, the start and end of working hours are recorded.
Work flexibilization
Flexible working time is primarily determined by the variability of the duration and location as well as the scope for planning on the part of the employee and employer.
Working Hours Act
The Working Hours Act lays down the basic standards for when and for how long employees may work at most. The following pages provide an overview of important points of the law.
Working time account
The working time account is used to record working hours and shows the actual number of hours worked. This balance can show plus and minus hours. Depending on the agreement, these are balanced out in a fixed compensation period.
Working time models
There are a number of models for structuring working time, for decoupling working time and operating time, which are intended to offer the company optimum use of its resources on the one hand and optimum time flexibility for employees on the other. The working hours that employees have to work and the corresponding working time model are defined in employment and collective agreements as well as company agreements (usually as weekly working hours).
Distribution of working hours
In addition to the start and end of the daily working time, the working time distribution also defines the distribution of this working time over days, weeks and months. The distribution of the defined and agreed working time duration must be co-determined by the respective employee.
Obligation to keep records
According to a ruling by the European Court of Justice on May 14, 2019, employers are obliged to keep full records of their employees' working hours. Employers are also obliged under the ArbZG to keep records for at least two years.
A-SIT
Center for Secure Information Technology - Austria.
Asymmetric encryption
With this type of encryption, the digital signature is generated, which can then be sent and read securely. There is a key pair consisting of a public, freely accessible key and a private key. key of the user. These keys are managed by certification authorities or trust centers. Internet users can register there in person and then receive their chip card with the private key and can use this e.g. for home banking with HBCI for example.
ATC
Abbreviation for: Application Transaction Counter - TAN counter that is incremented by 1 each time a TAN is generated.
Authentication
Authentication refers to the verification of a message to ensure that the sender of this message is actually the person it claims to be. Authentication is made possible with the help of digital signatures.
Authentication
Authentication is used as a preparatory step to establish an identity, usually a person who wants to prove their identity. During authentication, the person identifies themselves through possession (e.g. key), knowledge (e.g. password) or being (e.g. biometric feature). The evidence presented in this way is then used for authentication used for authentication.
Authorization
After successful authentication, certain rights are usually assigned. In a computer system, for example, the right to access certain files. This process is known as authorization. In most cases, the authorizations granted relate to the access or use of certain resources (e.g. the use of files) or the execution of certain transactions (e.g. transfers up to a predetermined amount).
Backup
Data backup is a process in which copies of data are made on a computer system so that, in the event of data loss on this system, the backed-up data can be used to restore a state that is as close as possible to that at the time of the data loss. The amount of permanently lost data should be kept to a minimum through intelligent backup strategies. Backups can also be used to restore compromised systems to a guaranteed uncompromised state. In this case, it is important to ensure that backups of a system in an uncompromised state are present and available.
Bandwidth models
An agreement on the fluctuation range of daily or weekly working hours with maximum or minimum times is called a bandwidth model. The contractual working hours must be achieved on average.
On-call service
Since a ruling by the European Court of Justice (ECJ), on-call duty has been part of working time and means that employees must be at a location specified by the employer (in contrast to on-call duty) in order to be able to start work immediately.
Staffing plan
A staffing plan regulates how many and which employees, with which qualifications, are deployed when and where within the company.
Works Council
The works council is a body elected by the company's own employees to represent their interests vis-à-vis the employer.
Operating time
Operating time is understood to mean the provision of the service in the company using the operating resources (equipment, machines, facilities, etc.) and the personnel assets (qualification and motivation of the personnel).
BIC
Abbreviation for: Bank Identifier Code - The BIC is the international bank sort code, which enables worldwide identification of credit institutions. The BIC consists of a four-digit bank name, the respective country code, a two-digit location and the branch name. For international transfers, the BIC only needs to be specified until February 1, 2016.
Botnets
The name is derived from the word robot and describes a network of computers that are under the control of an attacker and are usually remote-controlled by the attacker. Botnets are used, for example, to carry out distributed denial-of-service attacks (DDoS) or to send SPAM. The malware that enables the attacker to take control of a computer is often installed by carelessly clicking on email attachments. However, malware can also be infiltrated via websites that exploit vulnerabilities in Internet browsers. For this reason, it is recommended that you do not generally work on your own PC with administrator authorizations.
Browser plugin
Program that extends the function of the Internet browser used.
BSI
Abbreviation for: Federal Office for Information Security
CCID
Abbreviation for: Circuit(s) Card Interface Devices Describes a standard protocol for communication between USB devices and smart cards.
Cipher key
Electronic key for encrypting messages; encrypted messages cannot be read by third parties. Customer and institution keys form a key pair. In HBCI banking with chip card, the customer key is stored in the chip of the HBCI chip card.
Chip card
Chip cards are usually plastic cards with an integrated chip on which a microprocessor is often implemented. Today, chip cards contain microprocessors with cryptographic functionality with which data can be encrypted or cryptographically signed. Chip cards with cryptographic functions in particular can be used to make online banking more secure in conjunction with correspondingly trustworthy hardware.
Chip card reader
Chip card readers are "chip contactors": With a chip card reader, you can access a chip card and its functions from your computer: for example, HBCI cards for home banking or the GeldKarte for cashless payments. Smart card readers are divided into security classes depending on their features: A so-called class 3 reader has a keypad and display, a class 2 reader has only a keypad and a class 1 reader has neither.
Circadian rhythm
From the Latin "circa" = approximately and "dies" = day, the human circadian rhythm (or biological rhythm) determines the continuous fluctuations in activity throughout the day. This influences the employee's performance and should be taken into account when distributing working hours.
Construction Kit
Construction kits are software tools that enable even a layman to develop a Trojan with just a few mouse clicks. Trojans created in this way can be particularly dangerous if they are developed specifically with a potential victim in mind and are not intended for general distribution. In this case, virus scanners cannot recognize them by means of a signature.
CT-API
Abbreviation for: Card Terminal Application Programming Interface The CT-API is an open interface with which handling and communication with smartcards can be realized independently of the application.
Data Encryption Standard
Data Encryption Standard (DES) is a frequently used symmetric encryption method. Also used as triple DES for greater security.
Data confidentiality
Data confidentiality means that no one who intercepts the file can read it. Data confidentiality is achieved through encryption.
Data Protection Act
Sensitive handling of personal data is regulated by law: Permission to collect, store and use personal data only when absolutely necessary.
Debit card
Payment card that has a credit limit and with which a cardholder can pay for goods or services at an electronic checkout. When paying with a debit card, the customer's account is debited directly with the payment amount - usually after just a few working days. The payment is therefore often referred to as "pay now".
DES
Abbreviation for: Data Encryption Standard - see Data Encryption Standard
DESFire
Mifare product name for contactless cards with current crypto algorithms
German Banking Industry
A committee of German banks which, among other things, has defined standards for data exchange in home banking. Known as the Central Credit Committee (ZKA) until August 2011.
Digital signature
Digital signatures and electronic signatures are often used synonymously.
Digital certificate
Traditional paper certificates are documents that confirm a certain property, ability or right to the holder. These can be ID cards, diplomas or insurance contracts. Certificates are signed by an authority that is trusted. Digital certificates are digital documents that assign a digital identifier to a natural person. This identifier is the public key from the individual key pair that is personally assigned to the certificate holder. The certificate is issued by a certification body. In this way, the real person can identify themselves in the virtual world and sign legally binding documents. The signature is verified using the public key and the digital certificate.
Discontinuous shift work
In the case of discontinuous shift work, the operating time is less than 168 hours per week. The weekend or even just Sunday can be work-free.
DLL injection
Abbreviation for: Dynamic Link Libary Injection - In DLL injection, malicious code is executed by a process on the client system that is actually trustworthy. This process is forced to reload the malicious code, which is located in a dynamic link library (DLL). This can be done, for example, by changing the registry entry that determines which DLLs are to be loaded when a program is started.
DNS protocol
Abbreviation for: Domain Name System protocol - The DNS protocol must run on every Internet computer and converts host names (e.g. www.sicherheitsoffensive2007.de) into IP addresses (e.g. 85.10.196.145) and vice versa. Without this conversion, it is not possible to communicate on the Internet, as the data packets can only be assigned to the correct computer using an IP address.
DNS spoofing
Abbreviation for: Domain Name System spoofing - DNS spoofing is a common form of pharming: an attacker manipulates the mapping between a computer name and the corresponding IP address. This allows the attacker to simulate the identity of two communication partners and thus receive the data packets of both partners.
Double submission control
A double submission control protects home banking with chip cards in the FinTS standard against replay attacks, i.e. interception and multiple submission of the same transfer. The double submission control consists of a combination of sequence counter and a list of sequences already submitted.
EAL 4
Abbreviation for: Evaluation Assurance Level - There are 7 levels of trustworthiness that describe the correctness of the implementation of the system under consideration or the depth of testing.
EBICS
Abbreviation for: Electronic Banking Internet Communication Standard - EBICS is a multibank-capable standard for the transmission of payment transaction data via the Internet
ec card
Abbreviation for: Eurocheque card - see girocard
E-Commerce
This refers to any trade on the Internet between companies (business to business = B2B) and companies to end customers (business to consumer = B2C).
eHC
Abbreviation for: electronic health card
E-Government
E-government refers to electronic communication between public authorities and companies or citizens, e.g. applying for a passport, submitting your income tax return, etc.
eID
Abbreviation for: Electronic proof of identity - the online ID function of the nPA. It enables secure and clear identification with the ID card on the Internet and at vending machines
Simple signatures
Signatures that are not based on a qualified certificate and/or were not created using technical components and procedures recommended by a trust center for creating secure signatures are called simple digital signatures.
Electronic banking
Electronic communication between banks and their customers is called e-banking. This includes Internet banking, loan applications, the conclusion of building society contracts, securities trading, account statement services, etc.
Electronic Cash
With this payment method, the cardholder enters their personal identification number (PIN). After online verification by the card-issuing bank and a successful transaction, the merchant has a 100% payment guarantee.
Electronic time recording
Recording the data at one or more time recording terminals and transferring the data to a time recording server, where the data is checked, stored and evaluated. Subsequent forwarding to the payroll accounting software.
ELSTER
Abbreviation for: Electronic tax return - ELSTER is a free tax program from the German tax authorities.
ELV
Abbreviation for: Electronic direct debit procedure - With the electronic direct debit procedure (ELV), the customer signs the payment slip and thereby agrees to the collection of the amount by direct debit. ELV is not an officially approved payment method of the German Banking Industry. The terminal simply reads the cardholder's account number and sort code from the magnetic strip and the cardholder legitimizes himself with his signature. The transaction is carried out offline and does not include a payment guarantee.
ePA
Abbreviation for: Electronic ID card - synonym for nPA (new ID card).
eSign
Abbreviation for: Electronic signature - the signature function of the nPA. It is used to sign digital documents in a legally binding manner.
eTicketing
Tickets or admission tickets that are only stored as an encrypted data record on a chip card.
Extended function time
As a sub-form of the flexitime model, the "extended" working time (within the framework of working time) can be extended by an on/off period in order to deal with extreme peaks in demand or to take personal interests into account.
Hard disk encryption
Hard disk encryption can protect data on laptops or PCs from hacker attacks. However, there are different types of hard disk encryption.
Fingerprint
Time recording of working times at the hardware terminal, which is equipped with a biometric fingerprint sensor. The medium used is not the card or transponder, but the individual fingerprint.
FinTS
Abbreviation for: Financial Transaction Service - HBCI was renamed FinTS in 2002. Among other things, the standard defines security procedures for authenticating and encrypting orders. These security procedures include both the PIN/TAN procedure and chip cards with corresponding readers, through which HBCI has mainly become known.
Flexible working hours
Flexible working hours, also known as "flexitime", are working hours that deviate from normal working hours in terms of the position and duration of working hours. Flexitime can involve daily, weekly, monthly or other arrangements. There are numerous models for this: from flexitime to lifetime working time accounts.
Flexi law
Abbreviation for the Act on Social Security for Flexible Working Time Arrangements.
Function time
Functional time as an extension of the flexitime model is not based on a core time, as is usually the case, where attendance is mandatory for all employees, but on the company's agreed functional times. The company's function time defines the internal time frame for the functioning of the various work areas. The distribution of working hours is determined by the colleagues themselves within the framework of the function time.
Secret key
The secret key is stored on the user's chip card and cannot be read. It is used for signature generation: When the message is signed, a kind of copy of the message is made and encrypted using the secret key. The signed document then consists of the original document and the encrypted copy.
Purse
Electronic wallet for paying small amounts of money; established in Germany under the name GeldKarte.
Messenger of money
Unsuspecting Internet users are now being recruited in large numbers by fraudsters as money messengers via mass emails. The money obtained through online banking fraud is to be laundered through third parties. The victim is lured by lucrative side jobs. It should make its own account available to receive a sum of money, withdraw it and pay it in cash into another account. A certain amount is promised as compensation. Caution: These transactions are punishable by law!
MoneyCard
Since 1997, this payment system has been used to pay small amounts for everyday needs in stores - and can now also be used online. It is based on a chip on girocard or other bank customer cards, also known as an electronic purse. An amount of up to max. 200,- € saved. When paying, the purchase amount is debited from the GeldKarte chip in the merchant terminal or on your home PC.
girocard
The former debit card is now called girocard and is becoming a multifunctional debit card (customer card). The eurocheque card (or ec card for short) was originally developed as a guarantee card for use with eurocheques. Today it is a multifunctional debit card. The electronic services that can be used with the card presented can be recognized by the pictograms applied and the card can now be individually designed by the issuing institutions. Today's debit cards from the German banking industry can generally process all electronic payment methods such as electronic cash, ELV, OLV, POZ and GeldKarte. The card-accepting merchant decides whether or not to guarantee payment based on the selected payment method.
Flexitime
Flexitime is a form of working time in which employees can organize their own working hours in terms of location and distribution within the framework specified by the company. A distinction is made between classic flexitime, functional time and extended functional time.
Greylisting
Greylisting is a method of combating SPAM in which the first attempt to deliver an e-mail is temporarily rejected. At the same time, the receiving e-mail server remembers the sender's data and accepts the incoming e-mail on a second delivery attempt. In addition, a mail server working with greylisting usually keeps so-called white lists in which permitted senders are dynamically entered. Greylisting is successful in combating SPAM as long as the SPAMers do not use real queues to send e-mail, as regular mail servers do.
GSM card
Abbreviation for: Global System for Mobile Communications card - The cell phone card with a chip that is used to connect the phone to the digital mobile communications network. In addition, the personal cell phone book and SMS messages are stored on this card. With a PC card reader and the appropriate software, such as smartMate, this data can also be processed and saved from the PC.
Validity period
The validity period refers to the period of validity of a subscriber certificate within a PKI. For example, the validity period for a signature certificate in accordance with the German Signature Act is 3 years.
Favorability principle
If an employment contract provision is objectively more favorable for employees than the corresponding provision in the collective agreement, the principle of favorability applies. In this case, individual contractual agreements take precedence over the collective agreement (Section 4 (3) of the Collective Agreement Act).
Hardware terminal
See terminal
Hash function
A hash function is a compression function (summarization) for information. It calculates output values of a fixed length from input values of any length. These output values are referred to as hash values.
Hash value
The hash value is the compressed version of a file. You can think of the hash value as the fingerprint of a file. A person can be precisely identified by their fingerprint, a file by its hash value. The hash value is created by compressing a file of any size using a mathematical process called a hash function. The slightest change to the file results in a completely different hash value. There are various methods for calculating the hash value. The hash function is a one-way function. Such a hash function is not reversible, which means that it is not possible to restore the original text.
HBCI
Abbreviation for: Home Banking Computer Interface - HBCI has become the data exchange standard for home banking. The HBCI standard is based on threefold security: - by means of a chip card, - the password for the card, which the customer can name himself, - and the private and public data keys required for communication between the customer and the bank (see Encryption). When establishing the connection, the user authorizes himself with a password via his HBCI software on the bank server. This then sends the limits for all actions back to the software. The user can then complete their transactions, which are sent to the server in a data segment after completion. All data is exchanged via a backup technology integrated into the software.
Whistleblower Protection Act
The Whistleblower Protection Act was introduced throughout Europe to protect people who report legal violations within companies. This is also referred to as whistleblowing. Logically, these whistleblowers are not welcome at the companies in question. The Whistleblower Protection Act is intended to protect their rights.
Home banking
Account inquiries, transfers and securities transactions from home - you can do all this via home banking on your PC over the Internet. To log in to the bank via the Internet, you first enter a personal password into the PC card reader. The personal chip card is activated and a code contained in it is transmitted to the bank. If the data is correct, the Internet account will be activated.
HTTPS
Abbreviation for: HyperText Transfer Protocol Secure - standard protocol for the tap-proof transmission of data on the Internet.
IBAN
Abbreviation for: International Bank Account Number - The IBAN was developed and introduced to simplify international payment transactions. This consists of a two-digit country code (for Germany "DE"), a two-digit checksum and the bank sort code and account number. Since February 1, 2014, the use of the IBAN has been mandatory for transfers from companies and associations. The cut-off date for private customers is February 1, 2016.
Image
An image of a computer is a special backup method with which complete computers can be restored to a previous state in a short time. Creating images is a way of backing up a system at a time when the system is guaranteed to be uncompromised in order to have a reliable recovery source in the event of a compromise.
Insolvency protection for working time credits
In the event of a company insolvency, the amounts of money or time saved in working time accounts with longer terms are lost. However, these are due to the respective employees. Companies are therefore legally obliged to protect the working time credits in partial retirement and long-term accounts against insolvency (Section 8a ATG and Section 7 d SGB IV).
Integrity
Integrity means that the recipient of a message can recognize whether it has been manipulated (falsified) by an unknown attacker. The integrity of data is ensured by the digital signature.
IP address
Abbreviation for: Internet Protocol address - number that allows the addressing of computers (and other) devices in an IP network such as the Internet. Technically speaking, the current Ipv4 version is a 32-digit binary number or a decimal number from 0 to 255 separated by dots. Example: 56.124.221.156
ITSEC
Abbreviation for: Information Technology Security Evaluation Criteria - The ITSEC standard refers to criteria for evaluating the security of information technology systems. The ITSEC standard is an internationally recognized standard for evaluating secure signature creation components. The ITSEC standard recognizes 7 evaluation levels (E0 to E6) and 3 security levels (low, medium and high). However, ITSEC is not sufficient for evaluating the entire security environment and is supplemented by individual requirements from FIPS 140 in the area of smart cards and by the British Standard (BS) 7799 in the organizational area. At European level, but also in the USA, the ITSEC standard will be replaced by the Common Criteria Common Criteria for Testing and Evaluating the Security of Information Technology for the Assessment of Trusted Security Technologies.
Annual working time
The contractually agreed net working hours, which are calculated on the basis of the average weekly working hours, serve as the basis for the annual working hours. The average contractual annual working hours are achieved in accordance with the company's interests and the interests of the employees, while the salary is paid at a constant monthly rate.
Annual part-time
Annual part-time work is the annual volume of work that is on average less than the comparable annual full-time volume and can be distributed differently. For example, by alternating months of full-time work with months off or by alternating weeks, whereby the contractually agreed annual part-time work is achieved.
Java-Card
Variant of the Java programming language. Allows the execution of Java applets on smart cards.
Job sharing
From the English word "share", job sharing means job sharing. This means that one or more jobs are filled by two or more part-time employees. The duration and position of the working hours can often be agreed individually between the job sharers.
Job splitting
From the English. "to split" means to divide a full-time job into two independent part-time jobs.
Youth protection feature
Youth protection feature on the GeldKarte.
Core time
The core time is a predefined period within the flexible working time during which all employees must be present at the workplace and perform the agreed work.
Keylogger
A keylogger is a piece of software or hardware that logs all keystrokes made by a user on a computer and makes them available to an attacker. Keyloggers are used to spy on access codes in particular. Keyloggers based on hardware cannot be detected by software. Especially when using public computers, it should be expected that keyloggers are installed. Therefore, no information should be provided that could lead to the disclosure of confidential information.
Classic flexitime
Traditional flexitime consists of core working hours with a general attendance requirement and flexitime periods. Within these periods, employees can define the start and end of their daily working hours themselves.
Continuous shift work
As the operating hours are 24 hours a day and therefore 168 hours a week, the continuous shift work includes night work as well as work on Saturdays and Sundays.
Cryptography
Cryptography is a branch of mathematics that deals with the encryption of data. Where information is not secured by closed systems, cryptography can provide electronic security.
Short-term account
In the case of short-term accounts, short-term fluctuations that arise, for example, in relation to incoming orders, the process flow or individual requirements, are balanced within an agreed period of time.
KVK
Abbreviation for: Health insurance card - Currently being replaced by the eGK.
Location of working hours
With flexible working time models, the start and end of the daily working time can change and vary on a daily, weekly or monthly basis. Therefore, in the case of shift work, for example, the position of working hours is based on these factors and alternates between early, late and night shifts.
State Data Protection Act
State data protection laws are the state counterparts to the Federal Data Protection Act (for federal authorities and private companies) adopted in the 16 federal states. The state data protection laws apply to the respective state authorities and local administrations.
Long-term account
A credit balance of working time is recorded or built up in a long-term account over several years, which can be used for a longer period of leave, such as a sabbatical. Long-term accounts allow companies and employees to flexibilize their working hours over their entire working life.
Working life
A total working time is usually set by the company. This is to be completed in different working periods. This model enables a flexible entry phase into working life, possible interruptions and then a flexible transition into retirement.
Empty time
Idle time (also known as downtime) describes a period in which the operating resources of a business are not used or no service is provided.
Man-in-the-middle attack
A so-called man-in-the-middle attack is a special attack method in which an attacker attacks the communication between two parties by being between the parties and being able to exercise full control over the data traffic. In online banking, the attacker may be malware on the user's computer which manipulates the transfer data, for example. To protect against man-in-the-middle attacks, every user should always check exactly who the direct communication partner is and use trustworthy end devices. As a rule, your own PC cannot be classified as trustworthy.
Mifare
Brand name of NXP Semiconductors for contactless RFID chip card technology.
Overtime
Overtime is defined as exceeding the statutory standard working time of 8 hours per day or 48 hours per week. These additional working hours must be recorded in accordance with Section 16 (2) ArbZG and must be compensated within a predefined period so that the average working day of 8 hours is not exceeded.
Minimum rest period
At the end of the daily working time, employees must have an uninterrupted rest period of at least 11 hours (Section 5 (1) ArbZG). In exceptional cases, e.g. in hospitals and care facilities, the rest period can be shortened by up to 1 hour if the reduction is compensated by a corresponding extension of another rest period (Section 5 (2) ArbZG).
Minimum wage
With the Minimum Wage Act, which came into force on August 16, 2014, the minimum wage of EUR 8.50 gross per hour has been in force since January 1, 2015.
Minus hours
Minus hours result from working less than the agreed working hours.
Minimum Wage Act
The law that defines the regulations on the minimum wage. Came into force in Germany on 01.01.2015.
Mobile time recording
Mobile time recording refers to the recording of working time outside of your own company. This is relevant for field staff. Nowadays, working times are transmitted to the time recording software using portable devices and saved directly.
nPA
Abbreviation for: new ID card - new electronic ID card
Night work
According to the Working Hours Act, night work is defined as any work that lasts more than 2 hours during the night. This is the time from 11 pm to 6 am, in bakeries and confectioneries the time from 10 pm to 5 am.
Normal working hours
Full-time employment with working hours of 35 to 40 hours per week is referred to as normal working hours. The work is generally performed from Monday to Friday, without variation.
Public key
Asymmetric encryption uses key pairs consisting of a public key and a private key. The public key is not secret and is managed by trust centers. It is necessary to carry out public operations, such as encrypting messages or verifying digital signatures.
OLV
Abbreviation for: Online Direct Debit Scheme - The Online Direct Debit Scheme (OLV) is a registered trademark. This is a payment method that offers a high level of security at low cost. The customer signs the payment slip and authorizes with this signature to collect the amount by direct debit. OLV is available to all ec card holders - even those who do not know their PIN or are worried about being observed when entering it at the till.
Permanent shift system
If employees only work a specific shift, e.g. the permanent night shift, this constitutes a permanent shift system.
Personnel administration
Personnel administration refers to the administrative, routine tasks of human resources. It is performed by the HR department, which also has organizational tasks. The HR department in particular is characterized by administrative activities. With the help of computer-aided personnel management, significant simplifications can be realized. The individual tasks of personnel administration include -creating and maintaining personnel files -activities relating to the recruitment and induction of new employees and the departure of employees -processing employees' working hours, vacations and absences -personnel data administration -payroll accounting -social security administration -personnel statistics -calculation and payment of the equalization levy
Personal data
Personal data is information or individual details about the personal or factual circumstances of a specific person: information about your name, age, date of birth, address, etc.
PACE protocol
Abbreviation for: Password Authenticated Connection Establishment Protocol - Refers to a password-based authentication and key agreement procedure. The protocol was developed by the German Federal Office for Information Security (BSI) for use in the nPA.
Patch
Software correction package. As a rule, such correction packages (patches) are delivered by manufacturers, bug fixes or software improvements which, among other things, close security gaps that have frequently become known.
PC/SC
Standard protocol for communication between the operating system and chip card reader or SmartCard.
Personal firewall
A personal firewall is a firewall for a single computer. This is software that is designed to protect the computer from attacks from an unprotected network, e.g. the Internet, and to control all network traffic.
Pharming
Pharming attacks are directed against the DNS protocol (Domain Name System). This is an attempt to "foist" false IP addresses on one of the many DNS servers available on the Internet. This means that the user is redirected to a fake website instead of their bank's website, for example.
Phishing
The word phishing is a combination of the English words "password" and "fishing". Phishing is the spying on passwords and other sensitive data, for example with the help of fake emails or websites. In online banking, attackers try to capture a user's PINs and valid TANs in this way, which are then used to plunder the account.
PIN
Abbreviation for: Personal Identification Number - The PIN is the access control to the signing and decryption functions on the chip of the card and activates the (signature) key. A distinction is made between initial PIN, signature PIN and decryption PIN.
PKI
Abbreviation for: Public Key Infrastructure - See Public Key Infrastructure
Private Key
See secret key
Proxy Trojans
A proxy Trojan carries out a kind of man-in-the-middle attack. It intervenes in the online banking communication between the customer and the bank. The special thing about it is that it is usually active in real time directly on the victim's PC and modifies all communication as required.
Public Key Infrastructure
The public key infrastructure provides the basis for secure virtual private networks, e-mail communications, portal authentication or electronic signatures. PKI manages the required certificates and electronic keys. It encrypts confidential information and you are therefore effectively protected against attacks. You can now carry out your electronic business processes securely. PKI is the umbrella term for the unity of people, hardware, software, guidelines and methods. It is involved in generating, issuing, storing, managing and revoking certificates. PKI is predominantly hierarchically structured.
PUK
Abbreviation for: Personal Unblocking Key - The signatory receives one PUK for the signature PIN (if the card type allows it) and one for the encryption PIN, the functionality is the same. A PIN may only be entered incorrectly a maximum of 2 times in succession. After the 3rd incorrect entry, the card function is blocked and can be unblocked with the PUK. The PUK has a numerical design and is sent to the card applicant sealed in a PUK envelope. The PUK must be stored securely. However, the deblocking function by entering the PUK cannot be carried out indefinitely. The PIN may only be unblocked ten times in succession, i.e. an incorrect PIN may only be entered a maximum of 32 times in succession. If no correct PIN is entered after 10 consecutive deblocking attempts, the card is blocked forever.
QES
Abbreviation for: Qualified Electronic Signature - see Qualified Electronic Signature
Qualified electronic signature
According to the German Signature Act (SigG), this is an advanced electronic signature that is based on a valid, qualified certificate and was created with a secure signature creation device (SSCD).
Qualified certificate
A qualified certificate clearly assigns signature creation data to a person. The certificate is stored in a publicly accessible database (directory service) and is saved on the signatory's card when the card is handed over. A qualified certificate may only be issued by a certification service provider who has a certificate from the state supervisory authority for issuing qualified certificates.
Collective qualification agreement
A collective agreement on qualifications is a collective agreement that regulates the training and further training of employees. The collective agreement also stipulates a training plan to be drawn up in consultation between the employer and the works council in the event of changes to the requirements of the employee's own job.
Rotating shift system
If employees work alternating shifts, this is a rotating shift system. These can be two-shift systems (early and late shifts) or three-shift systems (early, late and night shifts).
On-call service
Employees on call are obliged to be available at all times and to be able to start work immediately when called upon. In contrast to on-call duty, employees are allowed to determine their own location. Only the time during which employees are actually required to work counts as working time.
Rest breaks
For working hours of more than 6 hours and up to 9 hours, the rest breaks must total at least 30 minutes. If the working time exceeds 9 hours, the breaks must be at least 45 minutes in total. The breaks can be taken in blocks of 15 minutes or as one continuous break. Rest breaks do not count as working time.
RDH
Abbreviation for: RSA-DES hybrid method - Describes a mixed (hybrid) encryption method in which the symmetric Triple-DES method and the asymmetric RSA method are used together.
Regulation of the Digital Signature Act
Please note: The Digital Signature Act only defines the conditions under which the signature is recognized as secure. The legal effect of the qualified electronic signature, i.e. in which cases the qualified electronic signature can replace the handwritten signature, is not defined in the Signature Act! These regulations are set out in the Civil Code and the Administrative Procedure Act. Although the Digital Signature Act is very comprehensive and often very detailed, it is far from regulating all applications of digital identity. Only digital certificates for persons are subject to regulation; computers and software objects remain unaffected. A further restriction is that a personal certificate in Germany only ever relates to a single natural person, not to a group of persons or a legal entity.
Registration Authority
See registration office
Registration office
A registration authority is the point of contact for applying for signature key certificates. The application is forwarded to a certification body. This issues the certificate and forwards it back to the registration authority for issue.
RegTP
Abbreviation for: Regulatory Authority for Telecommunications and Postal Services - The Regulatory Authority for Telecommunications and Postal Services represents the highest hierarchical level of SigG-compliant trust centers in Germany.
Replay Attack Toolkit
If data is intercepted on a line and retransmitted to the bank system, this is known as a replay attack: a transfer is made to the correct recipient several times against the customer's will.
RFID
Abbreviation for: Radio-Frequency Identification - Identification using electromagnetic waves. RFID enables the contactless recording of data.
RMA
Abbreviation for: Return Merchandise Authorization - goods return number.
Rootkit
A rootkit is a collection of software tools that attackers use to cover their tracks after successfully breaking into a system. In particular, they are used to conceal future activities, such as the attacker logging in, and to hide files and processes. The rootkit often also overwrites system commands.
RSA
Abbreviation for: Rivest, Shamir and Adleman - RSA is an asymmetric encryption method. RSA was invented in 1978 by Ron Rivest, Adi Shamir and Leonard Adleman.
QES
Abbreviation for: Qualified electronic signature
Qualified electronic signature
According to the German Signature Act (SigG), an advanced electronic signature that is based on a valid, qualified certificate and was created with a secure signature creation device (SSCD).
Qualified certificate
Certificate that uniquely assigns signature creation data to a person. It is stored in a publicly accessible database and transferred to the signatory's card when the card is handed over. May only be issued by a certification service provider with state certification.
Collective qualification agreement
Collective agreement that regulates the training and further education of employees. Prescribes a qualification plan in the event of changes in job requirements, which is agreed between the employer and the works council.
Permanent shift system
If employees only work a specific shift, e.g. the permanent night shift, this constitutes a permanent shift system.
Personnel administration
Personnel administration refers to the administrative, routine tasks of human resources. It is performed by the HR department, which also has organizational tasks. The HR department in particular is characterized by administrative activities. With the help of computer-aided personnel management, significant simplifications can be realized.
PACE protocol
Abbreviation for: Password Authenticated Connection Establishment Protocol. Refers to a password-based authentication and key agreement procedure. The protocol was developed by the German Federal Office for Information Security (BSI) for use in the nPA.
Patch
Software correction package. As a rule, such correction packages (patches) are delivered by manufacturers, bug fixes or software improvements which, among other things, close security gaps that have frequently become known.
PC/SC
Standard protocol for communication between the operating system and chip card reader or SmartCard.
Personal firewall
A personal firewall is a firewall for a single computer. This is software that is designed to protect the computer from attacks from an unprotected network, e.g. the Internet, and to control all network traffic.
Pharming
Pharming attacks are directed against the DNS protocol (Domain Name System). This is an attempt to "foist" false IP addresses on one of the many DNS servers available on the Internet. This means that the user is redirected to a fake website instead of their bank's website, for example.
Phishing
The word phishing is a combination of the English words "password" and "fishing". Phishing is the spying on passwords and other sensitive data, for example with the help of fake emails or websites.
PIN
Abbreviation for: Personal Identification Number. The PIN is the access control to the signing and decryption functions on the chip of the card and activates the (signature) key.
PKI
Abbreviation for: Public Key Infrastructure. The public key infrastructure provides the basis for secure virtual private networks, e-mail communications, portal authentication or electronic signatures.
Private Key
Secret key in cryptography.
Proxy Trojans
A proxy Trojan carries out a kind of man-in-the-middle attack. It intervenes in the online banking communication between the customer and the bank.
Public Key Infrastructure
The public key infrastructure manages the required certificates and electronic keys. It encrypts confidential information and offers protection against attacks.
PUK
Abbreviation for: Personal Unblocking Key. The signatory receives one PUK for the signature PIN and one for the encryption PIN. A PIN may only be entered incorrectly a maximum of 2 times in succession.
key
In cryptography, a key is a piece of information that is used to control encryption and decryption.
Key certificate
In the case of key certificates, a distinction is made between the (qualified) certificate for signing (signature certificate) and the encryption or confidentiality certificate. The qualified certificate is the certificate of the public signature key, the encryption certificate is the certificate of the public encryption key. Attribute certificates do not contain keys.
SECCOS
Abbreviation for: Secure Chip Card Operating System - operating system that runs on the microprocessor in the golden chip of the ZKA bank card.
Secoder
The Secoder standard was specified by the German Banking Industry. The aim was to define a simple chip card reader that is primarily optimized for online banking so that online transactions can be made even more secure by visualizing data on the card reader's display. A Secoder chip card reader has: - Secoder seal of the ZKA - Keypad for entering confidential information such as the card PIN - Display for displaying and checking data, e.g. for the payment amount when paying online with a GeldKarte - An intelligent firewall, e.g. for blocking access to the chip card in the event of suspected misuse
SEPA
Abbreviation for: Single Euro Payments Area - To achieve more competition and efficiency in the market and to ensure uniform procedures and standards for the processing of euro payments throughout Europe. IBAN then replaces the national account identifier.
Safety class 1
These simple chip card readers do not have their own keypad or display, so the data can be spied out via the PC when the user enters it on the way to the chip card.
Safety class 2
Security class 2 readers have their own keypad, but no display. The data is transferred directly to the chip card without any detour via the PC and is thus protected against attacks by viruses or Trojans.
Safety class 3
Security class 3 readers have a keypad and a separate display on which the data is shown again immediately before the signature. This allows users to ensure that their entries have not been falsified and that the correct data is signed.
Safety class 4
Class 4 chip card readers have a personalized security module with RSA functions in addition to the keypad and display. This provides the respective communication partner with secure proof that a class 4 card reader has been used. The verification is realized by an additional signature, which the security module of the card reader calculates using the respective data. The card reader signature is embedded in the application using application-specific additional functions in the reader.
Security classes
The German Banking Industry's security classes for chip card readers indicate the level of security the devices offer for data transmission.
SigG
Abbreviation for: Signature Act - See Signature Act.
Signature law
The Digital Signature Act (SigV), in conjunction with the Digital Signature Ordinance, defines a security standard for digital signatures. The Digital Signature Act initially distinguishes between a simple, an advanced and a qualified electronic signature. Only the latter is regulated in detail and is therefore considered to be compliant with the Signature Act. The qualified signature must make the identity of the signatory recognizable by means of a certificate and be created using a secure signature creation device. The signature creation device is considered secure if it has either been evaluated accordingly by a state-approved testing body or if the manufacturer guarantees corresponding security. Furthermore, this signature creation device must be at the sole disposal of the signatory. And finally, the certification service provider must offer secure infrastructures, procedures and technology in accordance with the Signature Act and its follow-up regulations.
Signature card
The private key of a subscriber is securely stored on a signature card so that they can sign and decrypt their messages electronically.
Signature verification key
See Public key
Signature verification
To verify the digital signature, your signature verification software requires the sender's signature verification key. This signature verification key is contained in the sender's certificate, which is sent with the signed message. The signature software automatically checks the validity and origin of the certificate as well as the integrity of the signed data and outputs the result of the check in a message.
Signature key
See secret key
Signature regulation
The Signature Ordinance (SigV) supplements the Signature Act with regard to the procedures and processes of the certification authorities.
Signing process
Let's assume you want to sign a document electronically: After you have generated the electronic data, insert your signature card into the card reader. In your application program, click on the command Sign document. If it is an approved technical signature component, the content of the document will now be displayed to you again, namely with the help of the so-called display component (secure viewer) of your signature application software. Check what you see on the screen now, because this is the relevant content for the electronic signature! If you now want to confirm and sign the content, you must enter the PIN of your signature card.
SigV
Abbreviation for: Signature Ordinance - See Signature Ordinance.
Smart Card
SmartCard means clever, intelligent card: The golden chip on the card contains a "small computer" (processor chip card with cryptic co-processor) including the "SECCOS" operating system and can read, store, process and output data. This chip intelligence is used specifically to protect the interaction between chip card, application (e.g. online banking, cashless payment, e-ticketing), chip contact unit (e.g. external card terminal on the PC, card reader in the ATM) and infrastructure (e.g. background system of the credit institution, e-ticketing system) against misuse. Used as a synonym for chip card.
Smart Card Reader
Synonym for chip card reader
Spam
Abbreviation for: Unsolicited advertising emails - spam is the generic term for unsolicited advertising emails. The word has its origins in English, where Spam refers to cheap canned meat.
Locking service
A revocation service is a service provided by a trust center that can be used to order the revocation of certificates around the clock. This is important, for example, if a participant's signature card has been stolen or they no longer appear trustworthy.
Block list
A revocation list (CRL) contains the information of revoked certificates of a trust center service provider. Certificates are revoked, for example, if a signature card is lost or stolen.
SSEE
Abbreviation for: Secure Signature Creation Device - Defined in "Directive 1999/93/EC on a Community framework for electronic signatures" as configured software or hardware that is used to store and apply the signature key (signature creation device) and fulfills the requirements of Annex III of the Directive.
SSL/TLS
Abbreviation for: Secure Socket Layer / Transport Layer Security - SSL is a standardized protocol for encrypting messages on the Internet. The protocol was developed by Netscape and ensures complex 128-bit encryption of data. TLS is the standardized form of SSL.
Symmetric encryption
The same key (DES) is used for encryption and decryption. This is also referred to as private key communication. The key handover or key exchange (sender/receiver) must take place via a secure transport route, as otherwise anyone who comes into possession of the key could read the data exchanged between sender and receiver. The symmetric method is around 1000 times faster than the asymmetric encryption method. The DES key is regenerated in the signatory's PC for each encryption process using random numbers.
Sabbatical
Companies and employees can agree a sabbatical arrangement in their employment contracts. Employees can build up a time credit by working additional hours and use this for a longer period of paid leave from work, for example for long-term leave, a family phase, educational measures or other individual projects. The duration of a sabbatical can be up to one year, depending on the time credits saved.
Shift work
If work is performed at different times, such as early, late or night shifts, or regularly at times that deviate from normal working hours, such as continuous night shifts, this constitutes shift work.
Interface
The interface is the part of a system that is used for communication/data transfer.
Software-based personnel management
Software-based human resources management is a component of a human resources information system that is used to collect, store, process, maintain, analyze, use, disseminate, disposition, transfer and display information related to human resources management.
Time sheet
Also called time sheet: Printout from the working time recording for information and control for employees.
Telecommunications Act
Ordinance on the technical and organizational implementation of measures to monitor telecommunications.
Transponder
Also called transponder chip: is used for contactless / contactless electronic time recording on hardware terminals.
Terminal
Also known as a hardware terminal, it is used to record working time by means of a chip card or similar.
TAN
Abbreviation for: Transaction number - A TAN is used in electronic processes and serves to authorize a transaction. In online banking, for example, every transaction can only be completed by the user entering a correct TAN. In addition to the classic TAN procedure, there are now also extensions such as eTAN (electronic TAN), iTAN (indexed TAN) and mTAN (mobile TAN).
Ticket
Tickets on the GeldKarte
TLS
Abbreviation for: Transport Layer Security - Is the standardized form of SSL.
TR-03119
Abbreviation for: Technical Guideline - Technical Guideline of the Federal Office for Information Security (BSI), which describes the requirements for smart card readers with nPA support.
Triple DES procedure
Triple DES means triple application of the DES algorithm. The Data Encryption Standard (abbreviated to DES) is a frequently used symmetric encryption method. In the DES-DES method (abbreviated to DDV), for example, electronic signatures and encryption are carried out using Triple-DES. In the RSA-DES hybrid method (abbreviated to RDH), encryption is carried out using Triple-DES and the electronic signature using RSA. RSA is an asymmetric cryptographic method named after its inventors Rivest, Shamir and Adleman. Whether DDV or RDH is used for HBCI with chip card depends on the chip card generation.
Trojan
Trojans are programs that either appear to have a useful function or install themselves unnoticed as a virus on the user's computer. Their purpose is to spy on the user's data, e.g. by logging password entries. Trojans are often used to attack online accounts.
Trustcenter
Trust centers guarantee the general security of a public key infrastructure and represent the central institutions of trust by making a binding dedicated assignment of key pairs to persons (certification). Certification literally means attestation. Trust centers certify that a public key belongs to the owner of the key pair. Trust centers reliably establish the identity of their customers in order to be able to make this assignment of key and owner. For this purpose, the Trust Center requires the details of an application form and the presentation of a valid identity document to verify the details. In addition, the trust center requires a copy of this identification document signed by the applicant. Only after the trust center has established the customer's identity beyond doubt does it create an individual signature card with the corresponding certificates for the customer.
Trust center services
Basic services provided to participants by an accredited trust center. These include the directory service, the blocking service and the timestamp service.
TÜV-IT
Abbreviation for: Technischer Überwachungs-Verein-Informationstechnik TÜV Informationstechnik GmbH, based in Essen, offers testing and certification of IT products.
Trust-based working hours
Working time system in which personnel time recording is dispensed with.
Encryption
Encryption protects your documents from unauthorized access Encryption and decryption also make use of the interplay between private and public keys: In order to encrypt a message specifically for a particular person, the sender uses an individual characteristic of the recipient, namely their public key. To open the encrypted message, the recipient must then activate their complementary key, i.e. the private key. Since he always has the private key under his sole control, no one else can crack the message intended for him. Even though public and private keys are used for signing and encryption, every qualified certificate contains two key pairs: one for legally binding signing, the other for encryption and authentication.
Directory service
A directory service is a service provided by a trust center. The public keys of all certified participants are made available online in a directory service. Based on the directory service, the recipient of an encrypted message can then determine the authenticity of the sender.
Virus scanner
A virus scanner is software designed to protect a computer from malicious programs such as viruses and Trojans. As new viruses come into circulation every day, it is important to update the virus scanner daily. This ensures the best possible protection against this malicious code, but it can still happen that a computer is infected if it is infected by a virus that is not yet known to the virus scanner.
Whitepaper
A white paper is a document that deals with specific topics in fluent language without marketing ballast: as a (case) study, user description, analysis or market research. The limited topic is dealt with on up to 15 pages. White papers are increasingly being used as a communication tool.
Timestamp
A time stamp within the meaning of the Digital Signature Act is a digital certificate issued by a certification authority with a digital signature that certain digital data was available to it at the relevant time.
Time stamp service
A time stamp service is a service provided by a trust center with which any electronic files (the hash value of the files) can be provided with a time stamp.
Certification
Certification is the process of uniquely assigning a public key encryption key pair to a natural person. This includes the unique identification of this person and proof of possession of a public key.
Certification service provider
A certification service provider is a natural or legal person or other legally responsible entity that issues certificates and provides signature and certification services. A certification service provider provides signature products and procedures and is responsible for issuing, renewing and managing certificates (certificate creation and management). It is responsible for the registration of certificate applicants (registration office) and provides a directory and revocation service as well as an advisory service (fee-based hotline).
Certification body
A certification authority is a natural or legal person who certifies the assignment of certificates and public signature keys to natural persons.
Certificate storage module
In order to create a qualified electronic signature with a new ID card (nPA), the cyberJack RFID komfort authenticates itself to the nPA using a terminal certificate as an approved signature terminal. This terminal certificate is issued exclusively by the Federal Office for Information Security. Furthermore, the chip card reader checks whether it is a genuine nPA before communication; this is also checked by means of a so-called certificate chain. For security reasons, the respective certificates are always time-limited. The certificate storage module is used to load the new certificates into the chip card reader. REINER SCT provides new certificate storage modules at regular intervals. These can be downloaded under Windows in the cyberJack device manager under "Update / Check for new versions".
ZKA
Abbreviation for: Central Credit Committee Since August 2011 German Banking Industry
Access control
Access control is a function of the micro-chip on the chip card. It means that the triggering of the signature (or decryption) is secured by an access authorization in the form of a PIN.
Time management
Time management refers to measures and methods for determining, processing and using work-related time data.
Access control
Access control controls access via a set of rules defined by the operator so that only authorized persons are granted access to the areas in buildings or protected areas on a site that have been approved for them.
