A law governing the framework conditions for electronic signatures, in German briefly referred to as SigG, from 16 May 2001; defines rules for using electronic signatures.

A symmetric, freely available encryption method, also referred to as Rijndael algorithm. The key has variable and fully independent lengths of 128, 160, 192, 224 or 256 bits. AES offers a very high level of security and is available licence-free.

A symmetric, freely available encryption method, also referred to as Rijndael algorithm. The key has variable and fully independent lengths of 128, 160, 192, 224 or 256 bits. AES offers a very high level of security and is available licence-free.

Programs that trace and eliminate malware on a PC. Installing so-called honeypots is a newer way to ward off attacks. These are traps that appear particularly attractive to attackers.

API literally means Application Programming Interface, or shorter: programming interface. APIs are used in computing to achieve uniform and structured data transfer between programs and program parts.

Abbreviation for application software and usually refers to mobile apps for tablets and smartphones; programs that benefit users. These include, for instance, calendars, carsharing, text processing, navigation, access to databases or computer games. Apps must usually be distinguished from the system software that is responsible for running the computer.

A field of informatics dealing with the development of computer systems that can independently carry out functions for which usually human intelligence is required, for example, logical thinking, solving problems, learning from experience or voice recognition.

A method that uses a public key to convert plain text to a secret text. A secret key can then be used to change the text back to plain text. The advantage of asymmetric methods: Since the public key is not secret, the channel does not have to be protected against eavesdropping. What's decisive here is that the public key can be assigned without doubt to the holder of the pertinent secret key. To ensure this, trusted certification authorities issue digital certificates that assign the public key to the private key.

Special driver software for the electronic ID card. It is needed to use the German ID card in the digital world and to enable communication between a smartcard reader and the ID card. The software can be downloaded free of charge from:

A. Authentication confirms (verifies) the authenticity of a person, a document or a device.

B. Proof of one's own identity, for instance, through knowledge (e.g. input of a code), possession (presentation of an ID card) or biometric features.

D-Trust is a provider of authorisation certificates. The Issuing Office for Authorisation Certificates (VfB) decides whether or not a service provider (e.g. online shop) is authorised to use the online ID function of the German ID card. Anyone wishing to receive such authorisation is required to submit a voluntary self-declaration regarding data protection and prove that the data which they wish to read from their customers' ID cards is truly needed for the service to be provided. The authorisation CA then issues the corresponding certificates for service providers at a technical level.


An electronic signature which pursuant to section 2 of the Act on Digital Signature is exclusively assigned to the signature key holder and enables identification of the holder. This must be generated with means that are under the sole control of the signature key holder. Moreover, this signature is linked to the data to which it refers in such a manner that any later changes can be detected.


Scriptural money is also called book money and describes the stock of money held in bank accounts. With scriptural money, electronic payments are possible, such as transfers via online banking, direct debit, cheque or card payments. It can therefore be mapped digitally, but – unlike digital money or digital crypto assets – it is not based on digital technology, such as the blockchain. Scriptural money today accounts for around 80 percent of euro money supply. This demand deposit is not ‘unlimited legal tender’. It is generated by banks – i.e., in the private sector – by granting loans to create money. Scriptural money can be exchanged for cash at any time.

Authentication method used between an inspection system and a machine-readable travel document. This method enables encrypted data exchange. Data can only be read from the passport if the reading party (for instance, the border control officer) has the matching access key. This ensures that data cannot be read or copied by unauthorised parties or without the passport holder's consent.

Big data is understood to be large amounts of mostly unstructured data. It is a term that refers to the rapid rise in data volume and the growing diversity of the data generated. There is vast number of different sources of big data. The biggest producers of big data are social networks, cloud computing and the mobile Internet. New technical systems are now needed in order to process and analyse these ever-larger quantities of data. Private business is particularly keen to analyse these data volumes in order to gain information and identify patterns. The idea here is to collect information in order to be able to forecast future results, ideally in realtime.

Large technology corporations are referred to as ‘Big Tech’, for instance, Facebook, Google, Amazon, Apple and PayPal. They are characterised by a high level of innovation, very high customer orientation and ample financial resources. Big Techs usually benefit from network effects as well as global customer data and use machine learning and artificial intelligence in order to comprehensively evaluate such data and create detailed customer screenings at a low cost. Big Techs are increasingly offering products and services similar to those of financial companies. Google has already had a European banking licence since 2011, Facebook and Apple have applied for it.

The electronic ID card contains biometric data of the card holder. This includes a digital photo and, if requested, two digital fingerprints. The biometric data is stored on the chip of the ID card and access to this data is granted exclusively to authorised, official authorities. These authorities include ID card issuing offices, passport and citizens' registration offices, customs administration, law enforcement authorities, as well as tax authorities in the federal states of Germany. Thanks to the biometric data and computer matching, these official authorities can confirm your identity in a fast and reliable manner.

A measurable physical feature (such as a fingerprint, the face and the arrangement of the nose and mouth, for instance, or a person's iris) or a personal character trait (such as a personal signature or the sound of a person's voice) which is used to confirm the identity of a registered person or to verify an identity.

This term comes from the Greek words 'bios', which means life, and 'métron', which means measure. Biometrics measures people's features, such as the face, finger or iris. Combined with mathematical methods, biometrics is used to identify and verify individuals on the basis of their personal characteristics.

Bitcoins are an electronic currency or cryptocurrency and can be used around the globe for online payments. They are generated on the Internet, digitally signed and managed on the net in a distributed way.

Bitcoins are based on the blockchain technology. All transactions in a blockchain are saved in a distributed database that is managed by all participants. Money transfers are made in a peer-to-peer application where no central organisation such as a conventional bank is required. Thanks to cryptography it is ensured that only the respective owner can carry out transactions and that the money cannot be spent several times.

A blockchain is a kind of forgery-proof, virtual ledger where each digital transaction is kept and cannot be altered. This ledger is not stored at a central site, but distributed and fed by servers all over the globe. New transactions are added in a block-wise manner. The transactions must be confirmed by all parties involved before they can be concluded and added to the chain. If a transaction is not confirmed because one of the parties feels betrayed, it will be cancelled.

From a technical point of view, a blockchain is a database. Each new record (block) that is added will get a checksum. This hash value will be stored in the block that is generated next, thus forming a chain. This makes all the transactions traceable. Each participant has basically the same access rights and can see which transactions have been made, but they cannot see who made the transaction.

The most popular example of a blockchain is the digital currency Bitcoin. This method, however, could also be used for other transaction for which intermediaries or guarantors such as notaries are still required today.

Hierarchically structured networks made up of several computers in which so-called bots (short for robots) operate via remote control. Bots are programs that run independently, for instance, they search websites for new content. Activating botnets is cons

This describes the current trend where employees use their own private devices (smartphones, tablets or laptops) for work and to access company networks. BYOD guidelines determine how IT resources may be used and the preconditions that apply to employee-owned devices in order to ensure security for the company's data. Choose Your Own Device and Corporate Owned, Personally Enabled are other alternative concepts.


This refers to direct communication between motor vehicles. They provide traffic participants with information about the traffic situation. Obstacles or dangers in traffic are identified at an early point in time.

This refers to connecting the vehicle to its environment so that it communicates with other vehicles, with traffic infrastructure services and with the Driver.

This term refers to a concept in which many people jointly use vehicles. The carsharing users first sign up with a provider and then receive e. g. an individual smartcard that allows them to unlock the car of their choice. Using an app, users can find available vehicles in their vicinity. The fleet is not based at a central Location.

The abbreviation CBDC stands for ‘Central Bank Digital Currency’ which refers to the digital currency of a central bank. One example of this is the sand dollar of the Bahamas. The European Central Bank could also issue an official digital currency – the digital euro – in addition to purely physical cash, for example. Such a CBDC would be digital legal tender. Unlike decentralised crypto assets, such as Bitcoin, CBDCs as digital currencies remain under the control of central banks and are also issued and managed by them.

Electronic certificates which were issued and signed by a certification authority and which assign certain information to the holder of the certificate. The most widely used certificate format is X.509.

An authentication method that is based on the knowledge of a participant. One participant sets a challenge which the other participant must respond to in order to prove possession of certain Information.

A changeable image that is laser-engraved into plastic cards. The images are engraved at different angles through an array of cylindrical lenses. The images then appear depending on the angle of vision.

A combination of chip, chip module and antenna which is integrated into the passport cover or into one of the inside pages of the passport booklet.

This term refers to an IT concept where the employee can choose a mobile device with which they access a company's IT infrastructure. The company provides a limited product list and the employees can usually also use the devices for private purposes too. CYOD is an alternative to BYOD and COPE.

In the world of IT, the cloud is a virtual room in which users store, process and exchange files and programs. Cloud providers make internet-based services and resources available in the cloud. Private clouds are reserved exclusively for a defined user gr

Enables the user to virtually access and to use the resources of the cloud at any time and from any place. The following types must be distinguished: private clouds, public clouds, hybrid clouds and community clouds.

Cloud provider refers to providers of services – in this case, clouds. 

This term refers to different services and service models that can be used by cloud users. These services include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).

This term refers to the possibility to store data, files and entire programs in a cloud instead of a physical storage medium.

The term refers to the entirety of measures and processes taken by a company or an institution in order to ensure compliance not just with laws and regulations but also with voluntary codes. Compliance management should help to ensure that rules are not violated.

Contact cards must be slid through a card reader or placed on a reading device. The chip module in this smartcard is visible on the card. The data is transferred via the contact surface.

Contactless cards, also called transponder cards, are fitted with an antenna and RFID technology (Radio Frequency IDentification) and can be read from a certain distance without direct contact to the reader. Examples of contactless cards include credit cards, access cards or season tickets for public transport, which only need to be held near to the respective reader.

Cookies are text files that websites store on an Internet user's computer. They usually contain the name of the website where they originated and register the user's behaviour, for instance, automatic personal user data, passwords and the websites visited.

Corporate Digital Responsibility (CDR) refers to entrepreneurial responsibility in the digital society. The term is derived from the voluntary commitment to responsible handling of digital projects within a company. Principles of data ethics that go beyond the protection of personal data are also relevant here. This means that data and algorithms are handled according to the principle of sustainability in order to create added value for society and increase confidence in digitalization.

This term describes an IT concept where a company provides its staff with mobile devices that are integrated in the company's own network. The devices remain the employer's property, however, they can be used privately in line with the respective guidelines. COPE allows companies to stay in control of the devices that access their IT resources. COPE is an alternative to BYOD and CYOD.

A certificate issued by the Country Signing Certification Authority (CSCA) that is used to certify the chip in sovereign documents of this country. The CSC is part of a public key infrastructure (PKI).

Cyber security in principle refers to the same area as IT security, but it also applies to the entire area of the Internet and any networks. Since many data and things are today connected to each other and to the internet via networks, cyber security includes all network-based communication, applications, processes and processed information – and thus also infrastructures, such as power supply or telecommunications.

This refers to all forms of attack in cyberspace, i.e. within the data level of connected IT systems. Under the German Criminal Code, cyberattacks are a crime and are subject to prosecution. These include data manipulation (section 303a), data espionage and interception (section 202a and b) as well as preparations for such attacks (section 202c).

This term refers to all crimes that are 'committed using or against information and communication technology'. As understood by the Federal Criminal Police Office, cybercrime refers to specific phenomena and manifestations where elements of electronic data processing are primarily used to commit the crime.

The term “cybertrading” is often used in the context of scams which involve criminals constructing a virtual stock market for trading shares, foreign exchange and cryptocurrency. There is a lot of hype around Bitcoin and the like, and large profits are often promised on seemingly legitimate trading platforms. As a result, victims of these scams sometimes invest significant sums of money. However, the money never ends up in one of the investment products, instead lining the pockets of the fraudster concocting the lie. 


Also referred to as: Certification Authority (CA); a service provider registered with the Federal Network Agency according to the  Act on Digital Signature, in the version dated 17 July 2009, and entitled to issue qualified certificates or qualified time stamps.


Comes from the Greek words 'daktulos' (finger) and 'scopy' (look); a recognised method for identifying people on the basis of their fingerprints. A fingerprint is considered to be a permanent and unique feature of a person.

A method to protect sensitive electronic data which is used when data is saved on computers or transmitted. Encrypted data cannot be tapped and hence cannot be misused.

Widely used symmetric encryption algorithm. In 1977, the US government confirmed DES as the official standard and is now widely used around the globe. It has a key length of 56 bits which can be increased by applying it several times. (See also: Asymmetric encryption)

This refers to the correct and unchanged status of protected files. Data integrity specifically means that data is not damaged during saving, transmission and process, that it remains intact and functional. Together with data security and data protection, data integrity is part of secure information processing.

This term covers any form of electronic data misuse. It frequently refers to the disclosure or use of personal data. Users can protect themselves against data misuse by securing their hardware and software with the latest security technology against cyberattacks and by disclosing as little personal information as possible.

This term refers to protecting the personal data of a person or institution against misuse by third parties. Data protection is based on the idea that each individual can decide for themselves on whether their personal data is to be used or disclosed. Laws and regulations at both national and international level are in place to prevent data protection violations. In Germany, the Federal Data Protection Act determines the right to handle personal data.

Determines the handling of personal data. The Federal Data Protection Act and the data protection regulations of the federal states apply in Germany. The aim is to 'protect individuals against any infringement of their rights as an individual due to the handling of their personal data'. Compared to the rest of the world, Germany has a modern data protection policy. At European level, the EU's Directive on Privacy defines uniform minimum standards for data protection.

Refers to the protection of data with a view to the respective security requirement. Sensitive data should be protected during processing against forgery, destruction and unauthorised disclosure.

Refers to the type of data to be processed (sensitivity). Sensitive data is data that particularly needs to be protected.

Data sovereignty means that citizens are empowered to make self-determined, informed and comprehensive decisions on how data their data is to be used – for example, to consent or object to data processing. This requires transparency and control over data processing. Data sovereignty is often referred to as part of digital sovereignty.

This refers to the correct and unchanged status of protected files. Data integrity specifically means that data is not damaged during saving, transmission and process, that it remains intact and functional. Together with data security and data protection, data integrity is part of secure information processing.

Data thriftiness refers to a person's caution when it comes to disclosing data that is not needed for a business, communication or other processes, especially on the Internet. In addition to the personal attitude of each individual, data thriftiness and data avoidance are a statutory requirement for data processing systems as laid down in section 3a of the Federal Data Protection Act. This means that in Germany the principle applies that the collection, processing and use of personal data and the choice and design of data processing systems must be geared to the aim of collecting, processing and using as little personal data as possible.

A data trustee is generally an independent trusted authority that transfers data between the data provider and the data user securely and in compliance with the law. The data trustee secures data access, organizes access or pseudonymizes data. The neutrality of such a trusted authority ensures that any imbalances of power between the individual stakeholders are reduced and that data is handled in accordance with the law. Neutral data trustees can be used, for example, for health data.

This term refers to a trend where many aspects of life and everyday information are being transformed into digital data, evaluated and stored. So-called self-quantifiers, for example, measure everything (such as exercise intensity, blood pressure, body weight, etc.) and thus generate valuable data. Various different technical devices are used to collect and store the data. In this way, the health and lifestyle of individuals can be extensively and accurately monitored. Datification describes the impact of big data.

This means that a service is not available and this is usually caused by an overload. There can be various reasons for this, for instance, too many requests, a weak infrastructure or an attack by a third party. In the case of DoS attacks, hackers send such a high number of requests to a service that it causes the service to collapse. This is used, for instance, to bring down websites so that they can no longer be reached online.

Means secure transmission of individual identity attributes of a German ID card with the online ID function to a mobile device. This allows users to identify themselves online. The derived identity is currently in planning in Germany.

Diem – formerly also known as ‘Libra’ or as ‘Facebook currency’ – refers to a private digital currency that the ‘Diem Association’ consortium is planning to issue. According to the Diem Association, Diem is designed to be the first global money that can be sent via WhatsApp, for instance. Diem is to be based on blockchain technology. The currency will be tied to a basket of currencies and unlike other crypto assets will thus feature a stable value (Stablecoin) .

The Digital Council was established in 2018 and advises the federal government on digitalization and on the political design of the digital transformation. Topics addressed by the Digital Council include Big Data, the digitalization of the working world and eGovernment. The body is composed of administrative experts, scientists and entrepreneurs and meets with members of government at least twice a year. In organizational terms, the Digital Council is based at the Chancellery.

Digital health applications (DiGAs) are low risk-class medical products with a main function rooted in digital technologies. DiGAs must be designed to detect, monitor and treat diseases. One example of this are health apps for smartphones.

When the Digital Supply Act (DVG, Digitales-Versorgungs-Gesetz) came into force on 19 December 2019, the ‘app on prescription’ for patients was introduced to the German healthcare system. Doctors can now prescribe DiGAs, and statutory health insurance companies then reimburse the costs. To qualify for reimbursement, the DiGAs must have successfully completed assessment by the Federal Institute for Drugs and Medical Devices (BfArM) and be listed in its directory of health applications.

Sometimes referred to as electronic identities, less frequently as virtual identities. This term refers to all procedures in which people, objects or processes use certain attributes to authenticate themselves online. A digital identity can be clearly allocated to the person, object or process. There are many different kinds of digital identities. The simplest way to authenticate yourself in an online account is to login using a username and password. Companies, on the other hand, often use employee ID cards to grant their staff access to the company premises or to special information. A higher level of security is achieved with so-called two-factor authentication that uses a smartcard and PIN. The terms digital and electronic identity (eID) are synonyms.

This term describes the possibility to access information irrespective of location, for instance, via the Internet using a mobile device. This refers to both private and work purposes. More and more companies are developing guidelines to cover the use of smartphones, laptops and tables both inside and outside a company's IT. BYODCOPE and CYOD are known concepts.

Digital money is a digital currency that exists in the form of a digital technology. One example of this is crypto assets which are mostly based on distributed ledger technology (DLT). The Diem currency planned by the Facebook consortium or the digital renminbi currently being tested in China are further examples. There is no digital money in the euro zone yet – beyond crypto assets – but a digital euro is being discussed intensively. Digital money is programmable.

see electronic signature

Digital sovereignty is understood to be self-determined action and decision-making on the part of citizens, companies and governments in the digital ecosystem. The focus here is on self-determined and secure communications by citizens. Irrespective of the different levels of media competence, framework conditions, such as the statutory framework, have a key role to play. Secure technology and infrastructure are indispensable for digital sovereignty. Citizens, companies and governments must be able to communicate in a digital space that is protected and can be trusted. Data protection and data security are hence vital.

A form of Denial of Service. In this case, the non-availability of a service is caused by an overload of a higher number of other systems. Unlike DoS attacks, the DDoS attack is carried out from any distributed computers to bring the service down.

Distributed ledger technology (DLT) describes a special form of electronic data storage. All participants in a network can make entries in the jointly constructed distributed database at any time. A subsequent updating process (consensus mechanism) ensures that all participants have the latest version of the database. Each transaction is therefore traceable and manipulation cannot go unnoticed. The blockchain currency Bitcoin is one of the currencies that is based on DLT.

A device that recognises whether or not a machine-readable ID document is genuine. It scans the document and reads its optical and electronic security features. The system reliably detects forged passports, ID cards, residence permits, visas and EU driving licences.

This term refers to a download that takes place unknown to the user and unintended by them. Software is then downloaded onto the computer in the background. This is usually malware that makes use of security gaps in the browser. The latest browser and virus scanner versions offer protection against drive-by downloads.

Drive-by hacking refers to hacking or data espionage using (unsecured) wireless networks, WLAN, Bluetooth, etc.

The European driving licence card has been mandatory in the EU since 2013. This move improved the security standards of the more than 110 different driving licences throughout Europe and introduced uniform driving categories. Since 1999, Bundesdruckerei has been producing the German driving licence in credit-card format on behalf of the Federal Ministry for Transport and Digital Infrastructure.

Domain validation (DV) certificates are the most website certificate type. They offer the lowest security level and only include a domain check. The requester’s identity is not checked. This means that cyber criminals can easily get DV certificates for their fake websites. DV certificates are available free of charge or at low prices from certification authorities and web hosts.


The act on secure digital communication and applications in the health care system. It shall enable the establishment of a secure digital infrastructure for the health care system and making use of the potential offered by the electronic health card.

E-Rech-V refers to Germany’s Ordinance on Electronic Invoicing in Federal Public Procurement. Under this ordinance from 6 September 2017, federal authorities must be able to receive electronic invoices for public contracts. The implementation of this ordinance is an important part of the digitalization of Germany’s public administration.

Also referred to as tapping; refers to eavesdropping data and telephone connections.

Using electronic office ID cards, companies and public authorities can make processes and workflows much smoother, more efficient and secure. Time recording, electronic signatures, access authorisation and payment functions are applications that can be integrated into this ID card. On behalf of the German Federal Ministry of the Interior (BMI), Bundesdruckerei GmbH develops and produces employee ID cards for the employees of all federal authorities. The partners in this project are the Federal Office for Information Security and the Federal Criminal Police Office.

The electronic passport is a machine-readable travel document (MRTD) with an integrated passive RFID chip. The chip stores the same information as that contained on the data page of the passport along with a digital photo of the passport holder. In Germany, fingerprints have also been stored on the chip since 2007. The electronic passport complies with the recommendations of the International Civil Aviation Organization (ICAO).

In future, doctors will not only provide prescriptions on paper, but also electronic prescriptions (ePrescriptions), for instance, when the patient is not even present at the doctor's office, but uses the doctor’s video consultation. The patient can then call up the ePrescription on their smartphone and send it to their pharmacy of choice. The medication can then be delivered to the patient's home. The law, which is intended to make ePrescriptions possible, came into force on 16 August 2019. It is already possible in some European countries, for instance in the Netherlands, Sweden and Switzerland, to use a prescription electronically.

In 2011, the electronic residence permit in credit-card format was introduced to replace the conventional residence permit. The permit comes with a contactless chip inside the card where the biometric features, such as the photo and two fingerprints, additional provisions and the personal data are stored. Under Council Regulations 1030/2002 and 380/2008, all EU Member States are required to introduce an electronic residence permit.

The electronic seal is an EU-wide recognized signature tool for legal entities, such as companies and organizations. Put simply, the seal is the digital counterpart to the analogue company stamp. Pursuant to the eIDAS Regulation, it reliably proves the origin (authenticity) and integrity of documents. In technical terms, e‑­­­seals are comparable with electronic signatures. While the electronic signature enables natural persons, such as employees, to sign digital documents, the electronic seal of a legal entity serves as proof of origin. It can be used wherever a personal signature is not required but proof of authenticity is desired, for instance, for official notices, certificates or bank statements.

see Electronic signature

The electronic signature, also called 'digital signature', guarantees the authenticity and integrity of digital information and ensures that the sender is in fact who they claim to be. It warrants that the information, for instance an e-mail or an electronic document, was not manipulated on its way from the sender to the recipient.

This is understood to be methods to conceal information so that it cannot be read without special knowledge (keys). Encryption can be used to ensure that secrecy is maintained.

This term refers to encryption along all stages of a transmission. The data is encrypted by the sender and is not decrypted until it arrives at the recipient. PGP and S/MIME are examples of end-to-end encryption.

In 2004, the European Union Agency for Cyber Security was established: European Network and Information Security Agency, ENISA). It is based in Heraklion, Crete. Its core task is to support and advise the European Commission and the Member States with guidelines on technical aspects of network and information security. It is also entrusted with promoting the implementation of Union policy and legislation in the field of cyber security. To this end, it provides opinions, advice and best practices on issues such as risk management, incident reporting and information exchange. In 2019, ENISA's mandate was extended to include the development and implementation of European data protection. The Agency advises the European Data Protection Authority on the preparation of guidelines, in particular, in the technical field.

The crypto currency or Ethereum system is based on blockchain technology. Unlike Bitcoin, however, Ethereum is not a pure crypto currency, but also a so-called distributed system that can be used as basis for smart contracts. Ethereum is currently the ‘second largest’ crypto currency in the world after Bitcoin.

So-called extended validation certificates (in short: EV) offer the highest level of security. In addition to checking the domain and the organization, these certificates require proof of identity from the requester. A check is carried out to ensure that this person is in fact employed by the company and is authorized to purchase an EV certificate. EV certificates are the most expensive certificates, but offer online banking-level security. Like OV certificates, they are available from trust service providers and web hosts.

The EAC protocol was developed by the European Union to protect sensitive data in biometric travel documents, especially the document holders' fingerprints. EAC is made up of two different steps, i.e. 'chip authentication' and 'terminal authentication'. During the chip authentication process, secure communication is established between the chip and the reader. During this process, an implied security check is also carried out on the information stored. This method enables the authentication of elements that were allocated during personalisation. Since only a 'genuine' chip is capable of establishing communication with the reader unit which is protected via both keys, chip authentication also ensures automatic copy protection of the stored contents at the same time. During terminal authentication, only authorised readers with precisely defined access rights can obtain access to the information stored in the chip. Every time the chip and reader are about to communicate, the authorisation certificate of the reader is automatically checked.


Comprehensive border controls due to an increased need for security as well as the increase in worldwide flight connections and passenger numbers: These trends mean that queues at passport control gates are getting longer.

With our electronic gates, eGates, passenger flows can be handled faster. That’s because passengers themselves can conveniently check their own documents: The electronic passport is placed on the reader integrated into the eGate. A background system then checks the authenticity and validity of the document. The glass door to the gate opens and the passenger stands in front of a camera which then takes a photo. The live image is compared to the photo stored on the chip of the passport. If the images match, the second gate opens and the passenger can pass through. This entire procedure takes less than 18 seconds. If the images do not match, a border control officer will take the traveler for further clarification.

Since 2014, Bundesdruckerei and its partner secunet Security Networks AG have been equipping German airports with innovative eGates. These systems have now been installed at the airports in Frankfurt am Main, Munich, Düsseldorf, Hamburg, Berlin Brandenburg and Cologne/Bonn. The EU only permits these gates to be used by adult passengers with an electronic passport from the European Union, the European Economic Area and Switzerland.

eGovernment or electronic administration refers to administrative services irrespective of time or place. This is specifically geared to simplify processes and communications between citizens and public authorities and between the authorities themselves. This includes the electronic data exchange, online communications and the use of the online ID functions, for instance, of the German ID card or the electronic residence permit. In Germany, the Act to Promote Electronic Government which was passed in 2013 forms the legal basis for eGovernment. It requires of the administration that they install electronic processes, for instance, with qualified electronic signatures (QES).

Abbreviation for 'electronic identity'. Also referred to as 'digital identity' and means the digital representative of a person, object or process. The electronic identity, which can be derived from the (analogue) ID card, can be used to prove a person's identity during online transactions, for instance, in login processes or for online banking.

A hardware and software infrastructure that enables communication between ID card holders and service providers on the basis of the online ID function of the German ID Card.

eIDAS is the abbreviation for the "Regulation on electronic identification and trust services for electronic transactions in the internal market". Since 17 September 2014, this regulation has been in effect in all EU Member States and can be adapted by Iceland, Lichtenstein and Norway. eIDAS provides a uniform legal framework that is valid throughout Europe for electronic proof of identity and for trust services, i.e. for electronic signatures, seals and time stamps. When it comes to electronic identification, the regulation relies on mutual recognition of different national eID systems. EU-wide interoperability of electronic identification, harmonisation and standardisation of signatures and the establishment of new trust services enable secure and trusted electronic business processes between companies, public authorities and citizens. 1 July 2016 was an important day: Since this day, it has been possible to offer new trust services.

Electronic invoicing aims to automate the entire invoicing process – from creation, dispatch and acceptance to further processing and payment, thus simplifying and accelerating the process. For this to succeed and for everyone to be able to create and process eInvoices, the data must be structured and standardized. The relevant requirements have been laid down in EU directives (2010/45/EU and 2014/55/EU). eInvoices must contain the same mandatory information as paper invoices and must also be stored for ten years. In the case of an eInvoice, authenticity of origin and the integrity of the content must be guaranteed, for example, by means of a digital signature.

Electronic participation (eParticipation) refers to the use of information and communication technology (ICT) and the Internet to enable citizens to participate in political decision-making processes.  In other words, citizen participation using digital tools. These include online petitions and digital citizens’ decisions. Numerous cities and federal states now operate platforms for digital citizen participation. eParticipation emphasizes the role of the citizen as a responsible partner in political decision-making.

This term refers to electronic services that allow security and data protection to be maintained during business processes in the digital world. High-security technologies are helping to ensure that users can be reliably authenticated and that only authorised parties can access digitally stored data. eServices include, for instance, secure business communications with digital signatures and electronic invoicing, TSP solutions and implementation of public-key-infrastructure products, the provision and management of certificates or the eID service and authorisation certificates in conjunction with the German ID card.


A biometric method in which the face of the person being checked is compared with one or more stored photos. This technology is used, for instance, at electronic gates (eGates) at airports. A live photo of the traveller is taken and then compared to the image saved on the chip of the traveller's electronic passport. This photo must comply with the standard of the International Civil Aviation Organization (ICAO). More advanced facial recognition technologies are currently being developed, such as three-dimensional facial recognition, in order make recognition even more reliable.

A person's fingerprint is made up of papillary lines (ridges) and minutiae (branches) and is unique for each person. During fingerprint recognition, the fingerprint scanner first takes a picture of the fingerprint. Either an image or a template of the fingerprint is then stored. By storing the fingerprint of both index fingers in the electronic passport, the identity of the holder can now be verified with even greater certainty than with just the facial Image.


Fake news is misinformation or hoaxes that are spread quickly, especially on the Internet. It serves different purposes: On the one hand, fake news is spread because the author has a financial interest. If it is often clicked, the website operators earn money with the ads published there. On the other hand, fake news is used by people to misinform and split society. The German Act to Improve Enforcement of the Law in Social Networks (NetzDG) is designed to combat this: Big networks on the Internet, for instance, now have to block or delete illegal content within one day after receiving a complaint.

The FIDO (Fast IDentity Online) initiative, which was founded by Google and PayPal, aims to replace customary Internet login procedures with improved security concepts. The goal is to establish a new standard that will not only significantly raise the security level of customary user-name/password methods, but which will be just as simple and easy to use.

FinTech is short for financial technology and usually refers to an innovative company offering technologically advanced – usually digital – financial services or instruments. FinTechs, most of which do not have a banking licence, operate in financial areas such as payments, insurance, investments, provisions, financing or consulting.

A security system that protects computers or entire computer networks against unauthorised access. All data communications are monitored in this case.

When something is forge-proof, this means that it cannot be manipulated and is hence an original. This is important when it comes to ID cards, which are used prove a person's identity, or products which must be original products if the manufacturer is to provide a warranty.

A reading device that scans the entire data page of a document and displays the data on the screen. This device is used to read ePassports.


GAIA-X is a project designed to create a sovereign and trusted European data infrastructure. Originally initiated by representatives from politics, business and academia from France and Germany, other European countries have now come on board. One of the main goals of GAIA-X is to reduce Europe’s technological dependence on non-European companies and services, while creating a secure and connected data infrastructure that meets the highest standards for digital sovereignty and promoting innovation. The project is to help secure value creation and employment in Europe and in the first half of 2020, an organization was set up specifically to promote the project. The extended project phase involving more than 300 hundred companies and organizations began in June 2020. Services for the general public are set to become available in 2021.

This serves as a point of connection between different networks that work together using different protocols and addresses.

The European General Data Protection Regulation (GDPR) contains rules for companies and public authorities on how personal data is to be protected. At the same time, it also ensures the free exchange of data within the European internal market. The regulation came into effect on 24 May 2016 and must be applied since 25 May 2018 at the latest. It is part of the EU’s reform of data protection rules. The regulation establishes the legal basis for data protection activities and defines the rights of data subjects and the obligations of companies. One new element is the ‘right to be forgotten’. The GDPR is also binding upon companies based outside the EU but used by EU citizens.


From the word 'to hack', this term refers to people who access IT systems and infrastructures without authorisation and for different reasons. They do this by tracking down security gaps. Hackers use malware, for instance, to bypass security equipment. So-called hacks may be aimed to change system settings, to steal data and digital identities or to draw public attention to security loopholes.

Hexadecimal comes from Greek and Latin. 'Hexa' is Greek and means six and 'decem' is Latin and means ten. A hexadecimal system is a numbering system containing 16 sequential numbers as base units. The hexadecimal system is frequently used in data processing. In the world of computers, data words are usually made up of octets which can be presented as just two-digit hexadecimals rather than eight-digit binary numbers.


Abbreviation for Information and Communication Technology. This term refers to technology related to information and communications, such as hardware and software, or telecommunications.

The ID card in credit-card format for citizens in the Federal Republic of Germany; equipped with a security chip and available since November 2010. The card not only serves as photo ID but can also be used as electronic ID on the Internet.

A document issued by an official authority containing information that enables verification. This document proves the identity of the holder.

This term refers to the deliberate and targeted handling of identities. In the digital world, identity management primarily means managing user data and can help companies, for instance, to define access and use rights.

An ID system secures the entire identity value chain. This includes collecting and registering identity data, processing and sending the data in a secure manner, producing and issuing identity documents, as well as their reliable verification. Bundesdruckerei is one of the world's leading suppliers of ID systems.

Methods used for identification, to capture, collect or transmit data. These include, for instance, smartcards, RFID (radio frequency identification) or biometrics.

International format for identity documents. ID1 measures 85.60 × 53.98mm and is used, for instance, for the German ID card, the EU driving licence and also for bank and credit cards. ID2 measures 105 × 74mm and corresponds to DIN A7 format. This was the format used for the 'old' German ID card (produced up to 2010). ID3 measures 125 × 88mm and corresponds to DIN B7 format. This is the format used the world over for passports.

The identity of a person or object describes the entirety of all of their specific features that distinguish them from all others.

This term refers to a crime where a person, a company or another entity uncovers a company's operational processes and information which the targeted company keeps secret for economic reasons. Industrial espionage focuses on processes that are not apparent and are only known to a select group of people.

Also referred to as the Fourth Industrial Revolution, Industry 4.0 describes the development towards a smart factory. In these smart factories, individual components are connected to each other and can exchange data. This allows them to respond to changes in the process and to autonomously organise and optimise workflows in production. The Internet of Things forms the foundation for Industry 4.0.

This collaboration by industrial associations BITKOM, VDMA and ZVEI aims to shape the Fourth Industrial Revolution and to promote the smart connection of production-relevant components. The focus of this collaboration is on exchange across different industries.

A part of cloud computing where the cloud provider makes hardware services available to users. These services are generally IT resources, such as processing power, servers, memory capacity or other systems on which the user can use his own programs. The provider provides the secure and current environment and takes care of maintenance and operation of the infrastructure. Using encryption or two-factor authentication, the users protect their digital identity in the cloud. Platform as a Service and Software as a Service are other cloud services.

Symmetric encryption algorithm; is a block cipher with a 128-bit key.

Abbreviation for Information Security Management System. This system is used to manage and demonstrate IT security standards. It contains methods and rules that help to define, steer, control and optimise IT security.

The IT Planning Council coordinates cooperation on the use of IT by the federal government and the federal states. The aim is to bundle structures at federal-government, federal-state and municipal levels in order to speed these up and boost performance.  The Council is made up of the Federal Commissioner for Information Technology and the IT representatives from each of the federal states. The representatives of three of Germany’s leading municipal organizations and the Federal Commission for Data Protection and Freedom of Action are also involved in an advisory capacity. The chair alternates each year between federal government and the federal states. 

The tasks of the IT Planning Council include adopting IT standards for transdisciplinary and interdisciplinary interoperability and security, as well as steering eGovernment projects that are part of the national eGovernment strategy.

Further information about the IT Planning Council can be found on the website.


IT security is a sub-area of information security and refers to electronically stored information and IT systems. The aim of IT security is to protect companies and organizations from unauthorized access to data by third parties. The three protection goals are confidentiality, availability and integrity. Possible IT security measures include antivirus solutions, firewalls and backups.

An act introduced to boost the security of IT systems; part of the Federal Government's Digital Agenda. The draft by the Federal Ministry of the Interior from December 2014 includes a requirement for service providers and operators of critical infrastructures, such as utilities, to protect their plants against unauthorised access and to report IT security incidents to the Federal Office for Information Security (BSI). This act aims to improve exchange between government, private business and academia in order to boost cybersecurity.


Finding a dataset, for instance, the biometric identifier of a person, from a large parent population (1:n).

Some situations in private or business life require that citizens prove their identity, for instance, when they want to conclude a contract or open a bank account. Usually, they present their ID card and staff at the bank or insurance company check to see if the card and the card holder match. Identity checks like these can also be carried out online as an alternative to the PostIdent procedure. There are various procedures available for this, such as AusweisIDent ( or VideoIdent.

This term refers to the deliberate and targeted handling of identities. In the digital world, identity management primarily means managing user data and can help companies, for instance, to define access and use rights.

Also called intermodal mobility, this is a transport management concept that refers to transport that combines several means of transport. With a view to passenger transport, for instance, this can be a combination of carsharing, local public transport and long-distance transport, air transport and bike rentals. Smartphones inform users about the latest disruptions, congestion and travel times and combines this data to find the best means of transport to the destination. Intermodal travel offers greater flexibility, especially in cities, and enables smart transport management.

This term refers to a network in which objects usually have their own digital identities and are connected to the Internet so that they can exchange information online. This means that they can sometimes operate autonomously. The Internet of Things is, for instance, the basis for industry 4.0, smart mobility, smart factory, smart grid and smart home.

In short IP; is a connection-free protocol and its task is to transport data packages from one sender to a different recipient via several Networks.

The ability of different (IT) systems or components to work together, in particular, to exchange data.

The iris is the cover of the eye that is coloured by pigments and which regulates the amount of light to enter the eye. The iris pattern is unique for each individual. Iris recognition is a biometric identification method where a live photo is taken of the iris of the person to be checked and then compared with the reference image previously stored. No laser beam is used in this method.


An application protocol that enables the requesting and modification of information stored in a repository.


In the context of artificial intelligence, ‘machine learning’ is often spoken of – but what exactly does it mean? Machine learning means that new knowledge within a given task is artificially created from experience. A computer algorithm recognizes patterns in existing data, generalizes them and thus independently finds solutions to problems. The software must be programmed beforehand by humans with the necessary data, algorithms and rules. Self-learning systems are able to make predictions, calculate probabilities of occurrence or optimize processes. Machine learning is already being used today, for example, to detect spam, to determine the relevance of websites for search terms, and for facial recognition or the automatic detection of credit card fraud.

A machine-readable zone on ID documents that can be read by way of optical character recognition. This zone can contain personal or document-related data, depending on the type of ID document.

Is an abbreviated form of the term 'malicious software'. Just like worms and trojans, malware is specifically developed for criminal purposes or for sabotage. Anti-virus software can sometimes detect malware and prevent it from accessing the computer and networks.

Using the maturity level analysis, the actual state of a technical system or process, for instance, the digitalization process of a company, can be checked in a standardised way. Basis for the check is the evaluation of the individual requirements of all parties involved. Previous actions and measures along with the methods applied and existing deficiencies are all analysed. The requirements are defined, risks classified and the sequence of further steps determined. This allows to clearly define if and how a system or process can be optimised.

Data that provides information about features of other data, but not the data itself. This information includes information about the structure, size, format or storage location.

A person's identity which is securely derived from an ID card and can be used when on the move. The identity is linked to a reliable 'security element', such as a SIM card or a provider-independent smartphone microSD card, and used via an app. The German ID card with the online ID function activated is inserted into a connected reader and the app is started using the ID card PIN. The user then releases their smartphone microSD card using the card PIN and the ID card data is securely connected to the card and hence to the smartphone. The online ID function of the German ID card could be installed on a security element, for instance, using a specially authorised third party ('trusted service manager') and released for use.

This term refers to electronic payment processes where at least the payer uses mobile technology. The data is transmitted without contact. There are several providers of mobile payment services in Germany. With mobile payments, smartphones or tablets become so-called mobile wallets.

Information, communication, transaction and all other kinds of services which are offered by companies via mobile networks (GSM, GPRS, UMTS) as well as supporting transmission technologies (wifi, Bluetooth and infrared) and tracking technologies (GPS, cell tracking) and which consumers with a mobile device can use no matter where via SMS, MMS, WAP and the mobile Internet.

Public registers in Germany are to be modernized in order to meet the requirements of digitalization. Up to now, the register landscape has been distributed and heterogeneous, with data unnecessarily captured more than once. With this modernization, registers will be connected, so that data can be exchanged in line with data protection requirements. This will boost efficiency and economy. Connected register data is essential when it comes to implementing the once-only principle. This calls for a high-security, trusted infrastructure.


This is when an unauthorised party secretly intervenes in communication between two parties who trust one another. The man in the middle leads both parties to believe that they are in fact communicating with each other. The aim of this attack is to control the communication channel and hence data traffic in order to gain access to sensitive data.


The term ‘New Work’ stands for the change in the world of work – triggered by developments, such as digitalization, globalization and demographic change. It is also related to how work can be defined and organized in the future. The term describes a mindset or culture, in the sense of forward-looking and meaningful work. This is characterized by modern management with appreciation and coaching as well as classic work structures giving way to flexible working hours, organizations and work locations. New Work should offer more freedom for creativity, self-determined action and personality development. The term was coined by social philosopher Prof. Dr. Frithjof Bergmann.

No-Stop-Shop is based on a change of perspective: It is no longer citizens who become active when they need an administrative service. Instead, the administration takes the initiative and initiates procedures that are inevitable or customary in a known life situation. One example: The office automatically pays child benefit once the birth of a child has been reported. The new parents no longer have to submit an application. If documents are missing, the administration requests them from citizens. Analytical tools and data-based forecasting could ensure that the administration recognizes whether a service is important for citizens.


‘Once only’ is a term from eGovernment and means that citizens only have to send their data to the administration once and public authorities will then exchange this data with each other as required. Nowadays, citizens have to submit their data to the relevant office for every administrative process, for example, when applying for a birth certificate or registering a child at a daycare center. Up to now, public authorities have simply not been permitted to send data to each other unless there is an explicit legal basis for doing so. For ‘once only’ to work in Germany, a register modernization act is needed. Its aim is to allow the individual registers that exist to be linked to each other. This would be particularly helpful in order to exchange frequently required basic data, such as name, place and date of birth or registered address. Such an act could provide the necessary legal framework to allow exchanges between authorities for all administrative services. Without this legislative step, the ‘once only’ principle will be impossible to implement.

A one-stop-shop (OSS) means that all the bureaucratic steps needed to achieve a certain goal can be carried out in a user-friendly way through a single point of contact. Numerous authorities and institutions, but also companies, are currently working on integrating a one-stop shop into their administrative processes. In the administration, a one-stop shop can mean that citizens only need one point of contact to apply for a birth certificate or pension benefits, or to renew their identity card. Companies with headquarters in the EU and branches in one or more Member States can use a one-stop shop to clarify data protection issues with the supervisory authority at the location of their headquarters. The aim is to shorten and optimize processes and to simplify communications between stakeholders.

Serves authentication. Each one-time password is valid just once and cannot be used again. A new one-time password is needed for each new authentication.

The ‘Law on the Improvement of Online Access to Administrative Services’ (in short: OZG, Online Access Act) came into force in 2017 and aims to improve how citizens and businesses handle their administrative matters. To facilitate this, the administrative portals of the federal, federal-state and local governments are being merged. All administrations must also offer their services online by 2022. Citizens and companies should be able to access these services via a central user account without barriers or media disruption. Once the account has been set up, users will then be able to use all digital administration services nationwide in the future. It makes no difference whether they use the account of the federal government or of a federal state. If citizens do not wish to set up their own user account, they can also use a guest account. The implementation of the Online Access Act is part of the coalition agreement.

This protocol makes it possible to query the status of a certificate with a server or a so-called OCSP responder; is usually operated by the certificate issuer.

Part of the German ID card that makes it possible for the first time to prove one's identity without a trace of doubt on the Internet. Using the integrated online ID function and together with a PIN, the German ID card can be used to login to and register for online services. This proof of identity allows users to clearly identify themselves on the Internet or at vending machines. This electronic identity ensures secure use, for instance, of online services provided by private companies (e.g. online shops, banks, e-mail providers, social networks) and the administration (German Pension Insurance Association, motor vehicle registration offices). Identification using the online ID function is offered as a secure and user-friendly alternative to current login and registration methods that use username/password methods.

With organization-validated SSL certificates (in short: OV), the identity of the organization is checked along with the domain. The owner of the domain provides documents, such as an excerpt from the commercial register, as proof of identity. In this way, misuse can be largely ruled out. Due to the greater verification effort, they are more expensive than DP certificates. They are issued by certification service providers and web hosts.


A document that allows travellers entering a different country to prove their identity during border control checks. This document is issued by the state and is produced in Germany by Bundesdruckerei. The passport also entitles its holder to return to their own territory. The passport serves as identification and legitimisation before government authorities. The data page contains a photo of the holder as well as their personal data, such as name, nationality or date of birth. The German passport, which is 125 x 88mm in size (ID3 format), also features a security chip in the passport cover where two fingerprints are additionally stored. The passport also comes with empty pages that are provided for additional official observations by the issuing country, for entry and exit stamps or for visas. German passports are valid for a ten-year period.

A security protocol that protects the contactless security chip in the German ID card against unauthorised Access.

A program that is used to manage passwords. It generates secure, strong passwords for various accounts and stores these, usually in encrypted form. This database is protected by a central master password. This means that users of password safes and managers only need to remember one strong password in order to manage all online accounts protected by passwords.

The goal of the Act to Protect Electronic Patient Data in the Telematics Infrastructure, i.e. Patient Data Protection Act (PDSG), is to protect sensitive health-related data. This act, which was adopted by the German government in July 2020, primarily foresees the use of digital offers in the health sector. These include, for instance, electronic prescriptions on smartphone apps, electronic referrals to specialists and the electronic patient file. The electronic patient file will enable patients themselves to determine what happens with their data and who can access it.  The PDSG also stipulates additional rules for data protection and data security in the Telematics Infrastructure (TI): This means that every TI user, be it a doctor, hospital or pharmacist, is responsible for protecting the patient data processed by them.

Details that refer to a specific person. According to the Data Protection Act, the term includes information, such as name, address, e-mail address and account number, as well as previous convictions, customer, patient and personnel data.

A personal identification number which a person uses in order to identify themselves to a machine.

Used to unblock a signature card or the German ID card; the number is sent to the holder together with the PIN letter. It is used to unblock the card or the online ID function if the wrong PIN is accidentally entered three times in succession.

Comes from 'password fishing' and refers to a method where attackers obtain personal access data. They do this by sending e-mails which often appear to be from a trusted party, such as a bank, requesting that the recipient submit their user data. Phishing e-mails use attachments that install malware or contain links that lead the recipient to fake websites. In this way, they steal the user's digital identity. Spear phishing is one form of sending.

 A part of cloud computing that is primarily designed for system architects and application developers. It allows users to access a development environment with standardised interfaces, the latest software and suitable computing power in the cloud. Users use PaaS, for instance, to develop apps. With encryption or two-factor authentication, the users protect their digital identity in the cloud. Infrastructure as a Service and Software as a Service are other cloud services.

An asymmetric encryption method where the authenticity of the public key is confirmed by the PGP user rather than by a central certification authority.

Also referred to as 'embedded privacy', is a concept developed by Ann Cavoukian in the 1990s that describes integrated privacy for IT systems. It is based on 7 foundational principles: Privacy is 1. proactive not reactive; 2. a default setting; 3. embedded into design; 4. remains part of the overall positive result even in the event of necessary trade-offs between functionality and privacy; 5. warranted throughout the entire lifecycle; 6. visible and transparent; 7. individual and user-centric.

The counterpart to the public key; is used to generate electronic signatures and must be kept secret; usually protected by a password or PIN.

The term ‘programmable digital currency’ describes various concepts of digital forms of currencies. A programmable digital currency is typically based on distributed ledger technology (DLT), such as the blockchain. A digital, programmable currency would enable the automation of payment transactions. In today’s business transactions, the merchandise delivery process and the payment process are handled separately. A DLT-based digital, programmable currency would make it possible to program cash flows and to integrate delivery processes and payment transactions into a single system. This could enable the automation of payment transactions via smart contracts. Although we already have automatic processes that control payment flows, such as standing orders and interest payments, DLT technology could significantly boost the degree of automation and efficiency. With a programmable digital currency and by connecting machines, the digital transformation of industry or logistics, for instance, could be raised to a whole new level.

This term is derived from the words 'producer' and 'consumer' and refers to a person who both produces and uses. It describes a new consumer role that has been strongly formed by social media, blogs and rating portals where users are both producers and consumers. The aspect of producing also includes the process of disclosing personal data and preferences for marketing purposes. The term 'prosumer' is also used in the context of distributed energy supply in the smart grid and refers, for instance, to individuals who generate power with their own small systems, feed this power into the public grid and then buy power from the same grid.

The second Payment Services Directive (PSD2) is an EU Directive of the European Commission that regulates payment services. The aim of PSD2 is to increase competition throughout Europe and non-bank participation in the payment industry. It obliges banks and third parties to grant access to their customers' accounts as of September 2019. They must also provide an interface for this purpose. This interface is secured by qualified website authentication certificates (QWACs). Third-party providers identify themselves to the bank as holders of a BaFin license using a qualified website certificate. The certificate encrypts communications between the bank and the payment service provider – thus securing data transmission. In addition, the bank may require the use of a qualified electronic seal (Q‑­seal) that secures the data at user level. This seal documents all requests from the service provider and protects the signed data from changes.

An alias that anonymises users. In the Internet, they are often used as so-called nicknames, for instance, in chats or social networks, where they protect the user's identity.

Pseudonymization is a measure of data protection in which a personal identification feature, for example, a person’s name, is replaced by an identifier. The aim is to make it more difficult to link an identity to a person. In contrast to anonymization, however, an identity can be linked to a person if the corresponding ‘tracking code’ is known. One example: If a lecturer wants to make the results of a written examination easily accessible to students, he asks them to note a pseudonym of their choice on the examination sheets. The lecturer publishes the examination results, in which all results are listed with <pseudonym> and <grade>. This means that – besides the lecturer – only the respective student can identify his or her result.

The counterpart to the private key. Is made available publicly, for example, on a public key server. Is used to verify signed messages from the owner of the public key.


Stands for 'Quick Response' and describes a method that is used to make information machine-readable. With this internationally recognised square code, information can be scanned, for instance, using a smartphone. The QR code is primarily used in industry, in production systems and stock-taking, but is also being increasingly used in other more every-day areas (for instance, in advertising).

An electronic signature which, pursuant to the Act on Digital Signature, is based on a qualified certificate that was valid at the time the signature was generated and is generated by a secure signature creation device. The QES is legally equivalent to the personal, hand-written signature.

Classical computers calculate with zeros and ones, i.e. on the basis of physics or computer science, whereas quantum computers use quantum mechanical states. This makes them faster, more efficient and more powerful than conventional computers. Certain calculations can be performed much faster than with a classical PC. This means that large amounts of data, such as that generated in the age of ‘big data’, can be processed quickly.

Up to now, there is still no functioning universal quantum computer that can be programmed for large computing capacities. However, experts estimate that, by 2030 or 2035 and as a result of extensive research work by large corporations, quantum computers will be so powerful that they will be able to break the encryption methods used today and thus render them unusable.

Qualified Website Authentication Certificates (QWACs) are a special type of certificate. They are equivalent to EV certificates on a technical level, but carry much higher legal force throughout the EU. The Regulation on Electronic Identification and Trust Services (eIDAS) introduced QWACs to increase the security of electronic communication throughout the EU. QWACs are based on thorough identity verification through a qualified trust service provider (QTSP) which must meet stringent requirements in terms of security and reliability. The information stored in the certificate about the identity of the website operator is equally trustworthy.
QWACs are an attractive option for applications with the most stringent security requirements, such as banking in line with the EU PSD2 payment services regulation. 


An identification method that uses electromagnetic waves and does not require any direct contact. See also RFID chip.

Is a combination of 'ransom' and 'software'; this malware encrypts valuable data or the victim's entire hard disk. The user can only access their data again after paying a certain amount of Money.

Part of the basic equipment needed in order to read data from signature cards or ID cards. A class III reader with its own keypad is required for signature cards.

This function enables drivers to access their cars through mobile radio networks. Using an app, they can, for instance, open the doors or switch on the block heater. Even car-related data can be queried remotely.

Remote work means working from outside a traditional work environment. In contrast to working from home, remote work can be carried out anywhere as long as certain requirements are fulfilled. These typically include an Internet connection and a secure line to the office server. Remote work provides employees with a high degree of flexibility. This working model has been shaped by digitalization and changing work activities.

Contains information as to which certificates were revoked by the certificate holder or other authorised parties.

Software (rogue anti-virus program) that is designed to make users uncertain and to scare them. It is a form of social engineering. Malware pretend that the computer is infected with a virus and offer suitable anti-virus software to solve the problem. At best, the buyer will simply buy a completely useless program, but normally users end up downloading malware.


A microprocessor chip that can be used to store or process data. They are divided into active and passive RFID chips. Active chips have their own source of energy (battery) while passive chips draw energy from the reader by way of induction. Simple chips are used for logistics only. Highly developed chips, on the other hand, contain a crypto-controller for processing data.

Remote maintenance means that IT systems or machines connected to the Internet are monitored, maintained, administered or repaired at separate locations. The service technician is at a different location than the systems themselves. This approach offers many advantages. The specialized technician does not have to travel to the maintenance location, thus eliminating travel time and costs. If a problem suddenly occurs, the technician can start the repair much faster. With modern remote maintenance systems, the actions of the technician are recorded and stored on video. This boosts transparency for remote access. Systems to which remote access is permitted must be specially protected to prevent access by unauthorized third parties.

Remote signatures are used to sign documents that require a legally secure signature – such as powers of attorney or contracts – on a mobile device, i.e. on a tablet or smartphone. The EU Regulation on Electronic Identification and Trust Services (eIDAS) enables this simplified procedure for electronic signatures. The components used to generate the signature are stored in a secure IT environment of a qualified trust service provider (previously referred to as a trust center). This means that signature cards, readers and signature software are now a thing of the past.

Remote signatures can be used online in public tenders on electronic awarding platforms, for applications for subsidies and building permits, in hospitals for surgical consents, information sheets and elective service agreements or at banks for opening accounts and granting loans.

To sign a document electronically, the user logs on to the trust service provider and transfers the document. Once the user has been authenticated with this provider, the user receives a TAN, e.g. via a text message, so that two-factor authentication can be carried out. The user then enters the TAN and triggers the actual remote signature for the document, which is performed by the service provider. The document signed in this way can then be sent back to the user or also to the contract partner.

With sign-me, Bundesdruckerei is the first German company to offer a remote signature solution that meets the requirements of the Regulation on Electronic Identification and Trust Services (eIDAS).

Part of a public key infrastructure. It is used to publish certificates and their validity status in the form of certificate revocation lists and OCSP (Online Certificate Status Protocol) Responses.


This stands for Secure/Multipurpose Internet Mail Extensions; a special protocol for encrypting and signing e-mails. The standard is based on a cryptographic method. Along with PGP, S/MIME is a widely used e-mail encryption method. It also works on mobile devices.

A secure element is a hardware security module that is used in modern smartphones. This can be a chip or a SIM card. The secure element ensures a high level of security for sensitive processes, such as payments made using a smartphone. It is also required when an ID card is to be used on a smart phone. In this case, the unique identity attributes are taken from the electronic ID card, transferred to the mobile device and embedded in the secure element. All users then need is their smartphone to identify (register) or authenticate (log in) themselves online with a high level of security. Access to the originally secure source, i.e. the ID card, is no longer necessary. Neither the OS nor the apps stored on the smartphone can read or copy this information.

A secure identity means that the identity cannot be manipulated or forged, nor can it be misused. It guarantees that a person is in fact who they claim to be. The identities of objects or processes can also be secured.

Security by Design means that security aspects were already considered during the development of software and hardware. The aim is to ensure that the finished product has no security gaps. As more and more devices and applications are connected to the Internet, the risk of cyber attacks increases. Unauthorized parties could gain access to infrastructures or data of companies and institutions through insufficiently secured hardware or software. This means that even the smallest security gap becomes a risk for IT systems and ultimately company reputations.

Ever-more complex IT also makes it necessary to consider security as an explicit requirement in a development process from the very beginning and to incorporate it at an early stage. The high cost of eliminating gaps at a later point in time can thus be avoided. Ultimately, Security by Design ensures better quality for newly delivered software and hardware.

A security feature protects, for instance, identity documents, such as ID cards or passports, against unauthorised manipulation. Security features in documents can include substrates, inks and in the printing itself. They can come as tactile and mechanical features or in the form of overlays and foils. They are integrated on all levels of multi-layer documents. They supplement each other and hence boost the security of ID cards even further. Thanks to an integrated chip, eID cards also include electronic security features. Chemical additives or semi-finished products, such as fluorescent fibres and security threads, are already integrated into the substrate of the ID card during production. Special inks, including iridescent, optically variable or fluorescent inks, are used to create characteristic effects and improve protection against forgery. Various printed motifs, such as guilloches, line patterns or microlettering, protect the document against unauthorised copying. Embossing and engraving create clear tactile features on the document. With a changeable or multiple laser image (CLI/MLI), a laser writes various pieces of information, e.g. photos and date of birth, into the card so that only one piece of information can be seen at any one time depending on the viewing angle. Foils and overlays, such as a holographic patch inside the card body, also protect the personal data stored on the ID card.

Defined scheme of data sequences for communication between a chip and a reader. Security protocols like EAC (Extended Access Control) or PACE (Password Authenticated Connection Establishment) ensure data protection, protection against forgery and the authenticity of the data on the ID card.

Self-sovereign identity (SSI) is a model for managing digital identities. It allows a user or organization to generate their own digital identity with personal data, to store and control their digital identity decentrally on their own device without the need for an intermediary. The user or organization controls the data and can decide for themselves who to share their identity data with and to what extent.

In the case of an Internet service provider, this term refers to the provider of online services and Access.

A signature card allows the user to electronically sign a digital transaction, such as the sending of an e-mail or the conclusion of a contract on the Internet. The so-called Qualified Electronic Signature replaces the hand-written signature from the analogue world and has the same legal standing. It clearly indicates to the recipient that the message is in fact from the person who sent it and has not been manipulated. The signature cards from Bundesdruckerei's subsidiary D-Trust contain two different certificates. The first certificate is a qualified personal certificate for the legally binding electronic signature. Then there's an advanced certificate for authentication, encryption and advanced signing. Both certificates meet with all the requirements of the German Act on Digital Signature.

Pursuant to section 2 of the Act on Digital Signature, this is unique electronic data, such as private cryptographic keys, which is used to create an electronic signature.

Southern part of the metropolitan area around San Francisco and San José in California. In the 1950ies, the most important centre for IT and high-tech industry was created and companies like Apple, Google, Facebook or Intel have their headquarters there.

In the world of IT, simplicity refers to the trend towards making systems and applications more user-friendly and to reduce their complexity. A concept that combines both easy handling and sufficient privacy is Privacy by Design.

Single Sign-On (SSO) refers to a universal strategy for logging into networks. Users only need to authenticate themselves once in order to gain access to services, computers or programs in the respective network. The advantage of Single Sign-On is that users only have to remember one password and no longer have to manage passwords or remember various, sometimes weak passwords.

Skimming is the practice of spying on electronically stored data of credit cards or bank cards and the corresponding PIN at ATMs. The data is read from the magnetic strip of the card and copied onto a card blank. The criminals then use the newly made card in order to withdraw cash from their victim’s account.

This term refers to individual data or a data package which belongs, for instance, to a person, a requested page or a GPS location and which unlike big data does not provide answers to a specific question.

Smart contracts are usually based on blockchain technology and constitute ‘smart’ contractual agreements. Under certain conditions – according to the ‘if, then’ principle – the contracts can be executed automatically. They do not require human interaction and can be concluded independent of third parties, such as notaries, while still guaranteeing legal certainty. Payment transactions are often linked to the fulfilment of the agreements. In order for these to be fully automated irrespective of their amount, a programmable digital currency is required. With a programmable digital currency and by connecting machines, the digital transformation of industry or logistics, for instance, could be raised to a whole new level.

In a smart factory all of the components and processes are connected – from production right through to logistics. Objects usually have digital identities, they can send and receive data and can respond to changes and delays. The smart factory is hence a complex system that independently organises and optimises both itself and the goods produced there. Smart factory is a sub-aspect of the Internet of Things.

This term refers to a smart electricity grid in which consumers or customers, generators, storage units as well as distribution and transmission networks are connected to each other and exchange information. Compared to conventional electricity grids, the smart grid additionally features communication, measuring and control elements and is equipped with IT components. It can record consumption and feed-in in realtime and optimise grid utilisation. Protecting sensitive personal data is extremely important in this context. Smart grid is a sub-aspect of the Internet of Things.

In the smart home, the building's systems and devices are connected to each other and to the Internet so that they can regulate and control themselves. The elements connected include, for instance, light components, heating equipment, sun protection and blinds, electricity supply, ventilation and individual household appliances. Smart home is a sub-aspect of the Internet of Things.

Smart meters are usually used for energy consumption. In addition to recording consumption, they also record the energy fed into the grid. They are hence are precondition for the smart grid. The advantage for users is that they have a clear overview of the energy consumption that allows them to identify any potential for savings. Smart meter is a sub-aspect of the Internet of Things.

Smart mobility refers to state-of-the-art mobility strategies that use data and digital access to connect road transport users with each other and to optimise the offer of services. Carsharing and intermodal travel, as well as the data-based communication systems C2C and C2X, are part of smart mobility. Smart mobility is a sub-aspect of the Internet of Things.

Smart objects can collect and store data and exchange this with third parties. They are embedded in an IT infrastructure and are part of the Internet of Things. Smart objects are, for instance, individual household appliances in the smart home, technical components in the smart grid, communication elements for C2C technology and smart meters.

A microprocessor card that can securely save information. Smartcards are plastic cards in ID1 format. They are used for various applications, for instance, for telephone calls, for authentication at banks, payment processes or to send personal data.

SMC‑B stands for ‘Security Module Card Type B’. This card is the essential access component for the digital health network. With the SMC‑B, hospitals and doctors' surgeries can now connect to the telematics infrastructure (TI) and later – in 2019 – pharmacies too. The SMC-B for medical practices is designed for doctors, dentists and psychotherapists; its counterpart for the in-patient sector – i.e. for hospitals – is the SMC-B card for medical institutions. The card in mini-SIM format ensures that digital patient data is protected when transmitted. Service providers in the healthcare sector – i.e. doctors, dentists and psychotherapists, hospitals and pharmacists – can use it to access the required patient data quickly, legally and conveniently and to integrate this data into their systems.

To do this, the doctor or pharmacist inserts their card into a terminal and enters a secret PIN. The SMC‑B proves the identity of the respective institution or practice and secures the connection to the telematics infrastructure. The card is valid for five years. The SMC‑B can be used for other applications: for example, to prove the origin of digital documents, to encrypt e-mails between institutions or to compare the master data of insured persons.

Describes a method in which criminals manipulate or influence people to disclose confidential information or convince them to take other actions. A distinction is made between human-based and computer-based social engineering. In the case of human-based social engineering, the criminal contacts the victim directly, for instance, by phone. In the case of computer-based social engineering, the information is obtained using computers. Phishing attacks are often used in this scenario.

Short for software token. These are components within a security and authentication system. Softtokens are files that contain account data, passwords or other clear identifiers which are needed by a system to identify the user.

Part of cloud computing. Programs or files that a cloud provider makes available online. The user accesses the software via their web browser and pays the fees charged for this service. The provider is responsible for updating the software and securing the data. SaaS is an alternative to conventional license models. With encryption or two-factor authentication, users protect their digital identity in the cloud. Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) are other cloud Services.

Also called spam mail or junk mail. This term refers to unsolicited e-mails which are of no interest to the recipient. These bulk e-mails are similar to advertising circulars sent by post. Spammers obtain addresses from databases, from special dealers and using search programs. Effective spam filters in e-mail programs detect spam and filter it out.

A special type of phishing that specifically targets one person. Spear phishing is based on information, for instance, from social networks or websites, about potential victims in order to address them in a credible manner. Spear phishing is usually used when hackers want to obtain certain information from a company.

This term refers to cyberattacks in which the sender uses a false or forged identity. Both IP and URL addresses as well as e-mail addresses may be forged in cases like these. In both cases, the sender uses trusted addresses in order to gain access to the recipient's digital identity, for instance, by requesting passwords. Spoofing belongs to man-in-the-middle attacks.

An SSL certificate shows that a website operator has proven its identity to a recognised certification service provider like D-TRUST. The SSL certificate serves as a kind of electronic company ID card. The certificate also contains the Common Name (CN) which, in the case of SSL certificates, corresponds to the name of the web address or web server, for instance For Internet users, this establishes a binding connection between the website operator and the contents shown on the website.

Secure Sockets Layer or Transport Layer Security; this enables secure data transmission on the Internet. SSL/TLS certificates secure communication between service providers and users of their Websites.

Stablecoins, such as Basecoin or Carbon, are sub-types of Crypto assets. Unlike other crypto assets, they are less volatile and hence offer greater price stability. One example: Tether is a blockchain-based asset that is pegged to the US dollar, so it is a stablecoin.

A document reader that can only read the machine-readable zone. This means that the machine-readable zone of the ID document must be slid through the reading unit of the device.

In contrast to asymmetric encryption, uses only a single key for encryption and decryption.


Short for 'secure intelligent mobility – Test field Germany“; a smart mobility project. simTD is researching and testing connected C2X communication for secure traffic scenarios with a view to its functionality and suitability under real conditions. The aim of this project is to outline and prepare the boundary conditions for technology. Leading car manufacturers and suppliers, communication companies as well as research institutes are involved in this project.


Abbreviation for transaction number; a security method that is widely used in online banking. A TAN is a one-time password that authenticates the user. In the case of online banking, the account holder uses a TAN to authorise the transaction after accessing the account using their username and password.

Beginning 1 January 2020, electronic POS systems in Germany must be equipped with tamper protection, the so-called technical security device (TSE). Background: Every year, billions of euros in VAT are lost due to manipulated cash registers. This is why in September 2017 the German government adopted the ‘Ordinance establishing the technical requirements for electronic recording and security systems in commercial transactions’ – in short: Cash Register Anti-Tampering Ordinance (KassenSichV). The technical security device (TSE) is centred around the digital signature attached to each receipt. A check value for each transaction ensures the integrity of the data, and any subsequent intervention can be easily detected. The technical security device must be accredited by the Federal Office for Information Security (BSI).

The telematics infrastructure (TI) connects doctors, dentists, psychotherapists, hospitals, pharmacies and health insurance companies. Only registered users from the health care professions can access the TI with their SMC-B card. The aim is to make medical information for treating patients available faster and easily, and to improve the exchange of information and the quality of medical care. The TI is operated by Gesellschaft für Telematikanwendungen der Gesundheitskarte (gematik). The word 'telematics' combines the words 'telecommunications' and 'informatics'. It refers to the interconnection of different IT systems in the health sector.

Telemedicine refers to medical care and patient assistance using modern means of communication and up-to-date information technology. The doctor and patient can be separated in space or time during the consultation. Telemedicine, for example, enables NASA astronauts in the thermosphere to be cared for in real time by doctors who are on Earth. Telemedical methods are being increasingly used in patient care in Germany. In 2018, the German Medical Association relaxed the ban on remote-only treatment. Since then, doctors have been able to treat their patients exclusively by telephone or via the Internet without any prior personal contact. Some doctors offer video consultation hours for this purpose, which have been permitted since 2017.

Electronic data that can be used to prove the existence or receipt of certain data at a particular point in time.

In this case: a cryptographic pattern where information is stored, for instance, for encryption or smartcards. A token with a password is also widely used as a means of authentication.

Tor is a network that allows Internet users to access the Internet without restriction. Connection data is anonymized, which prevents the user’s data from being analyzed and enables privacy on the Internet. Originally, Tor stood for ‘The Onion Routing’. ‘Onion routing’ prevents the web server from recognizing the identity of the user. Node operators are also unable to map users to the requested web content. This has made Tor the world's most powerful tool for privacy and freedom on the Internet.

Track and Trace allows precise tracking of a product, starting with the raw materials used, through production and storage, right through to shipping. To ensure that products can be tracked without interruption, a unique identifier, e.g. a 2D code or RFID tags, must be applied to each item. Track and Trace is used to detect and prevent counterfeit products or tampering, for instance, of medicines, tobacco products or original components, and to increase the security of production and shipping processes.

Officially a Trojan horse; malware that hides other applications behind its real function which it does not document. Trojans use the useful functions of the host program to attract victims. They are often concealed in e-mail attachments. Once executed, they change or delete programs, for instance, system settings, they steal and transmit passwords.

Trust service providers act as a trust anchor within the digital world. They reliably confirm the identity of people who do not know each other and are in a position to securely manage the related data. They guarantee security in the complex interaction that takes place between certificates, electronic keys, signatures and biometric security features.


The eIDAS Regulation relies on qualified trust services to protect digital communications and digital data, such as electronic signatures, seals, time stamps or website certificates. These signatures, seals, etc. are issued by qualified trusted service providers, which in turn are registered in a national Trusted List. In Germany, the Federal Network Agency grants the status of qualified trust service provider. It verifies whether the trust service provider and the trust services it provides meet the requirements specified in the eIDAS Regulation, the German Trusted Services Act (VDG, Vertauensdienstegesetz) and the Trust Services Regulation (VDV, Vertrauensdiensteverordnung) for qualified providers. Following positive verification, the status of qualified trust service provider is awarded and the qualified trust service is registered in the German Trusted List.

 Once qualification status has been awarded, the trust service provider may use the EU trustmark to identify its qualified trust service as such. Qualified trust service providers are thus an important element in ensuring uniform and legally compliant digital communications in the European Union.

An authentication method that is based on two independent components. With this method, a holder of a digital identity usually uses a combination of knowledge and possession to authenticate themselves. A typical example of this is authentication at a cash machine where a bank card (possession) is combined with the individual PIN (knowledge).


This term refers to the fact that information and offers are available at all times and no matter where thanks to the Internet. In this context, ubiquitous computing refers to the omnipresence of computers and hence a central feature of the Internet of Things.

Usability is a term that refers to serviceability or operability. In software and hardware development, this term is used to describe the suitability of product design or ergonomics with a view to use. The rule here being: the easier something is to use, the higher its usability. In principle, good usability is not noticed by the user, whereas bad usability is. A high level of usability increases the chances that users will enjoy using the application.


Verifying whether or not a person is in fact who they claim to be.

A network within a public infrastructure such as the Internet that can connect several communication partners at different locations and computers. Only the communication partners who belong to the private network can communicate with each other. The network participants authenticate themselves using their digital identity in order to access data and to transmit this securely. Communication is protected in a so-called VPN tunnel.

Programs that can be used to develop individual malware. They use a host of different distribution channels in order to infect computers. They are easy to use and no special technical skills are required.

Permission to cross the border of a country. A visa is required usually to enter and rarely to exit a country – like in China. It is issued by a consulate of the country of entry and permits the holder to stay in a country or a group of countries for a limited period of time.


A web certificate, also referred to as a digital certificate, is a digital data record that confirms certain properties of an individual or object. Its authenticity and integrity can be checked using cryptographic methods. Public-key certificates according to the X.509 standard are widely used. Cryptographic checksums on online tickets are another example of digital certificates.

Phishing attacks that target top executives ('big fish').

Malware that spreads itself via the Internet and in e-mail attachments in order to damage computer Systems.


XInvoice is an XML standard for electronic invoices addressed to public-sector customers. It was decided by the IT Planning Council for federal, state and local government, thus implementing the requirements of the European Committee for Standardization (CEN). Throughout Germany, electronic invoices can be sent to public-sector customers in a standardized procedure.