Woman is smiling in close-up, half-covered by a computer screen.

Identity security

Digital business processes in the context of organizations, end users, and machines in shared systems require robust identity security management

The digital me

More and more cybercriminals are discovering identity theft as a new business model. The aim is to take over an identity (institution/end user/machine) and use it to damage the affected entity. Insiders in your organization could of course have a similar aim. Some 80 % of all security cases are caused by inadequate handling of privileged accounts. The protection requirements for availability, confidentiality, integrity, and authenticity are growing continuously.

Coveted goods on the dark web

Woman lying on her stomach and typing something in her tablet. She is holding a gold credit card in her hand.

Is the person logging into the intranet actually authorized to do so? Is the software which issues a command to a computer authorized to do this? In the analog world, we prove our identity with ID cards at police checks, insurance card at the doctor, and driver's license when renting a car. And in the digital world? People or objects are clearly identified using a digital identity. This protects against misuse and makes work hard for hackers.

However, on the web there is one commodity for which sellers are consistently achieving higher prices: digital identities and digital certificates. Machine identities are particularly popular on the dark web. On marketplaces such as Dream Market, BlockBooth, and Galaxy3, SSL/TLS certificates cost up to several thousand US dollars. At the start of 2019, IT security researchers from Kaspersky Lab Material found more than 60,000 stolen, actually existing digital identities on the dark web shop Genesis. 

If misuse of a digital identity is to be prevented, identity data must be securely generated, securely stored, and securely processed. But users are already complacent when choosing the right password. Four out of five data attacks take place due to simple and hackable character combinations. T-Systems offers various processes and solutions with which companies can generate digital identities, secure websites, and passwords.

Your requirements are important to us

Industry

Protect your company passwords and processes. We also help you to securely use the rapidly growing number of connected "things" on the web.

Health

High compliance requirements require professional planning and certified operations. T-Systems takes on the responsibility for the protection of your data and infrastructure.

Public sector & education

Public facilities are a particular target of IT attacks. T-Systems supports you through competent specialists and delivers 'made in Germany' security with the highest safety requirements.

Finances

IT Systems are the backbone of the finance sector and are therefore strictly regulated by international compliance standards. We will protect you and help you to securely fulfill these standards.

Telecommunications

Communication is the beating heart of modern IT. As a leading provider of telecommunications services and IT security, we will also secure your exchange of information.

Energy

The energy supply is one of the critical infrastructures with the highest threat potential. Telekom Security prepares tailor-made and BSI-certified solutions for you.

Let’s get in touch

We are happy to provide you with the right experts and to answer your questions – by phone or email.

Your digital ID: certificates & public key infrastructure

Man stands in a room next to a glass and looks directly into the camera.

In addition to issuing certificates, the full-service Trust Center also develops complex public key infrastructures (PKI) for industrial customers, authorities, countries, and organizations. The security and performance of individual solutions and products from the Trust Center is safeguarded through regular certifications. The team works in conformance with European Ordinance on electronic IDentification, Authentication and trust Services (eIDAS) as well as the specifications of the European Telecommunications Standards Institute (ETSI). Furthermore, gematik approval for the electronic health card is available.

The Internet of Things (IoT) and machine-to-machine communication in conjunction with cloud and Industry 4.0 applications are only possible if millions of communicating things and machines are biuniquely mapped through the automated mass issuance of digital identities.

IoT / M2M PKI service

Highly automated issuance and management of certificates for the “things” on the web. 

  • Secure operation of the PKI service platform in the T-Systems Trust Center
  • Issuance & management of digital identities for IoT/M2M end devices
  • Automated renewal of certificates
  • Standardized interfaces
  • Modular high-performance service

No matter whether they are for corporate identity, shop systems, online banking, or authorities, TLS/SSL certificates enable clear identification of the web server and provide secure and encrypted data transmission and the assurance of communicating with the right receiver.

TeleSec Server Pass

SSL/TLS web server certificates for the secure communication on the web. Categorized as safe in all browsers.

  • Organization validated SSL /TLS certificates
  • Standard, wildcard, SAN, as well as EV and EV SAN (extended checks)
  • Tap into a new business area with our partner program.
  • Order the TeleSec Server Pass online here

Everything is becoming digital – this also applies to documents and forms, whether this be in the form of electronic transactions, e-folders, or digital maintenance reports and advice notes for goods. To ensure that these documents are legally binding and to protect them against manipulation, qualified signatures are an absolute must.

TeleSec Public Key Service

Qualified electronic signature and remote signature in compliance with eIDAS, as a replacement for the hand-written signature.

Company internal identity management can be mapped via a multi-client capable company PKI. All digital certificates are mapped and managed here – whether electronic signature and encryption for emails or the protection of company and router network.

TeleSec Shared Business CA

The cloud public key infrastructure (PKI) for flexible and fast inclusion into your company.

  • Multi-client capable company PKI for issuing and managing various certificate profiles in compliance with X.509v3
  • Secure operation of the PKI service platform in the T-Systems Trust Center
  • Certified operation in compliance with ISO 27001 and ETSI 319 411-1

The Energy CA provides certificates for the secure communication between public services, providers, or services providers and thus guarantees confidentiality, integrity, and authenticity within the smart metering environment.

Smart Meter Energy CA

Issuance and management of certificates certified according to BSI (TR3109) in smart meter ECO system.

  • Sub-CA service as part of the smart metering PKI in accordance with BSI specifications.
  • Certificates for gateways or external market participants.
  • (1) Operation of Shared Energy CA [subsidiary of T-Systems Energy Sub CA]
  • (2) Operation of Dedicated Energy CA [Customer-specific Sub CA]

Special regulatory requirements for the authentication and exchange of digital signatures and encrypted documents, for example in the healthcare or energy sector, can be mapped via individualized PKI applications.

Individual PKI

Planning, development, and operation of customer-specific PKI solutions in the Trust Center or on the customer's premises.

  • Comprehensive requirement analysis processes and technology
  • Conception for all phases PLAN – BUILD – RUN
  • Creation of all required documents
  • Planning and implementation of audits
  • Transition and operation of the PKI

Your secure authentication: access management

Input field for password against a green background

The use of an access management solution enables companies to optimally secure the access to their data in line with their protection requirements. Using policies, access management simply gives access to authenticated and authorized communication partners using a zero-trust model up to and including a federated approach.

A key advantage of well-functioning access management from a user's point of view is single sign-on. It enables users to access many systems and services with a single login process.

For strong authentication of identities, companies can use credential management platforms to flexibly configure various methods as a second factor for their users (such as FIDO token or one time password generators)

TeleSec One Time Pass

The cloud authentication solution allows strong two-factor authentication using one time passwords. 

  • Dynamic 2-factor authentication based on a one-time password system
  • Various authentication methods: app, SMS token, HW token, and others
  • Key management via web portals
  • User self service
  • 24/7 hotline

Securing your most valuable identities: privileged account management

A passport is on a boarding card.

Privileged account management allows companies to safeguard access to their most critical IT resources (on premises or in the cloud). PAM solutions help companies through the storage, management, and monitoring of privileged accounts and their credentials in a secure digital safe when fulfilling compliance requirements (ISO 27001, BSI basic security...).

By creating a central secure storage place for privileged identity information, companies can:

  • check and monitor the use of privileged accounts (where necessary also using third party providers)
  • Eliminate hard-coded plain text passwords in machine-to-machine communication
  • Equip automated processes with one-off, scalable identities
  • React to identity theft of admin identification in real time

Privileged Identity Protect Pro

Risk-based authorization and session management for privileged account for protection against attacks.

  • Scanning for privileged accounts
  • Central security of admin passwords and SSH keys
  • Role-based access controls
  • Dynamic rotation of admin passwords 
  • Session monitoring
  • Continuous threat analysis

Secure keys for digital identities: smart cards & secure elements

A man with a laptop in his hand and a woman standing in a server room. The woman points to visualized records.

We carry it in our wallets and coat pockets, use it on our travels, or use it for checking into our office PC. But hardly anyone is aware that, by doing this, they are entrusting their personal data to one of the most secure operating systems on the IT market: Telesec Chipcard Operating System – in short TCOS. The highly-secure smart card operating system certified by the Federal Office for Information Security (BSI).
TCOS for passports or ID cards has been checked in accordance with the internationally recognized process of "Common Criteria". It is therefore one of the most secure systems for international travel documents. More than 100 million passports, personal and company ID cards, digital tachographs, and electronic tickets in Europe are equipped with the highly secure TCOS operating system.

TCOS encrypts personal data

The PACE protocol provides protection against unauthorized uploading of data via a contactless interface. The chip on identity documents has a passport photo and fingerprints stored on it, among other things. The software organizes the encryption, the secure readout of personal data, and protects these against unauthorized access. TCOS is also able to safely store keys and calculate the cryptographic algorithm within the chip. Securely imported keys never have to leave the chip card again.

TCOS fulfills the toughest requirements

The combination of Telesec chipcard operating system and security chip has been conceived with international requirements for electronic documents in mind. But we don't stop there: in conjunction with various chip manufacturers, we are continuously checking the use of new smart card technologies as well as application areas. Examples of implementation areas are mobile security, ID cards in companies, electronic driving licenses (European driver's license), the security for cloud solutions and security for data in web solutions such as the intelligent electricity meters (smart meter).

TCOS Smart Cards

Identity systems for electronic passports and national ID cards. Smart card-based project solutions.

  • Smart card-based identity systems for electronic passports and ID cards (e.g. nPa)
  • Token & services in various form factors (e.g. ID1, µSD, embedded), also as standard products (IDKey Card, NetKey etc.)
  • Individual all-in-one services and project solutions, e.g. health, tolls, tachographs, administrative radio communications, IoT, Industry 4.0, and automotive

TCOS Secure Elements

Secure storage and security anchor for digital identities of people and devices.

  • Secure elements as secure storage and security anchor for digital identities of people and devices
  • Individual all-in-one services and project solutions including conception, specification, production, and rollout (e.g. for e-energy, till systems, IoT, Industry 4.0, tolls, automotive, administrative radio communications)

De-Mail: German state-tested email encryption

The classic email communication previously reached its limits if companies, private individuals, or authorities had to exchange confidential and traceable post and documents. Using De-Mail for secure, confidential, and traceable online communication has changed this. The De-Mail law has for the first time allowed the legislative authority to create a framework to enable companies to replace their letter and fax-related linked correspondence with an electronic medium, while maintaining a comparable level of liability and resilience in case of a dispute. A De-Mail with the sending option of a return receipt can replace the previously required signature. Whether contracts, health data, tax certificates, or pay slips, De-Mail enables the cost-effective, fast, and environmentally-friendly way to send without media discontinuity. All De-Mail users are clearly identified, which ensures verifiable communication within a closed user group. This creates trust in the transmitted data and information while protecting against malware, spam, and phishing.

Identity security of the highest level: trusted IT operations

Trust Center

A trust center serves as an independent certification point and trusted authority for the electronic exchange of data. T-Systems is accredited by the German Federal Network Agency (Bundesnetzagentur) as a trusted service provider. In order to guarantee the highest possible security, all Trust Center services are based on the latest technologies from the security sector – whether it be for the encryption of data and networks or for two-factor authentication.

As the first German Trust Center, T-Systems offers security services as an independent trusted service provider based on an ISO-certified security concept. The Trust Center accredited by the German Federal Network Agency serves as an independent certification point and trusted authority for the electronic exchange of data. 

Behind all services there is a highly secure environment across geographically redundant computing centers, based in Germany. If one area has an outage, a second computing center automatically steps in. All data, the entire IT infrastructure, and all network connections are mirrored in this data center. In this way, not only are we safeguarding a reliable and highly-available operation, we are also complying with the highest German and European requirements for data protection and security.

The creation of the certificate for this is carried out in our own Trust Center and exclusively by trained and security-screened personnel. This ensures that certificates of the highest security level are created. T-Systems guarantees a secure, electronic exchange of data, even for highly sensitive information.

Digital ecosystem

Future-proofing a company requires four building blocks: connectivity, cloud and IT infrastructure, security, and digitalization. With a digital identity, you are securing access to your IT systems and machines.

To our strategy