More and more cybercriminals are discovering identity theft as a new business model. The aim is to take over an identity (institution/end user/machine) and use it to damage the affected entity. Insiders in your organization could of course have a similar aim. Some 80 % of all security cases are caused by inadequate handling of privileged accounts. The protection requirements for availability, confidentiality, integrity, and authenticity are growing continuously.
Is the person logging into the intranet actually authorized to do so? Is the software which issues a command to a computer authorized to do this? In the analog world, we prove our identity with ID cards at police checks, insurance card at the doctor, and driver's license when renting a car. And in the digital world? People or objects are clearly identified using a digital identity. This protects against misuse and makes work hard for hackers.
However, on the web there is one commodity for which sellers are consistently achieving higher prices: digital identities and digital certificates. Machine identities are particularly popular on the dark web. On marketplaces such as Dream Market, BlockBooth, and Galaxy3, SSL/TLS certificates cost up to several thousand US dollars. At the start of 2019, IT security researchers from Kaspersky Lab Material found more than 60,000 stolen, actually existing digital identities on the dark web shop Genesis.
If misuse of a digital identity is to be prevented, identity data must be securely generated, securely stored, and securely processed. But users are already complacent when choosing the right password. Four out of five data attacks take place due to simple and hackable character combinations. T-Systems offers various processes and solutions with which companies can generate digital identities, secure websites, and passwords.
In addition to issuing certificates, the full-service Trust Center also develops complex public key infrastructures (PKI) for industrial customers, authorities, countries, and organizations. The security and performance of individual solutions and products from the Trust Center is safeguarded through regular certifications. The team works in conformance with European Ordinance on electronic IDentification, Authentication and trust Services (eIDAS) as well as the specifications of the European Telecommunications Standards Institute (ETSI). Furthermore, gematik approval for the electronic health card is available.
The Internet of Things (IoT) and machine-to-machine communication in conjunction with cloud and Industry 4.0 applications are only possible if millions of communicating things and machines are biuniquely mapped through the automated mass issuance of digital identities.
The use of an access management solution enables companies to optimally secure the access to their data in line with their protection requirements. Using policies, access management simply gives access to authenticated and authorized communication partners using a zero-trust model up to and including a federated approach.
A key advantage of well-functioning access management from a user's point of view is single sign-on. It enables users to access many systems and services with a single login process.
For strong authentication of identities, companies can use credential management platforms to flexibly configure various methods as a second factor for their users (such as FIDO token or one time password generators)
TeleSec One Time Pass
The cloud authentication solution allows strong two-factor authentication using one time passwords.
Privileged account management allows companies to safeguard access to their most critical IT resources (on premises or in the cloud). PAM solutions help companies through the storage, management, and monitoring of privileged accounts and their credentials in a secure digital safe when fulfilling compliance requirements (ISO 27001, BSI basic security...).
By creating a central secure storage place for privileged identity information, companies can:
Privileged Identity Protect Pro
Risk-based authorization and session management for privileged account for protection against attacks.
We carry it in our wallets and coat pockets, use it on our travels, or use it for checking into our office PC. But hardly anyone is aware that, by doing this, they are entrusting their personal data to one of the most secure operating systems on the IT market: Telesec Chipcard Operating System – in short TCOS. The highly-secure smart card operating system certified by the Federal Office for Information Security (BSI).
TCOS for passports or ID cards has been checked in accordance with the internationally recognized process of "Common Criteria". It is therefore one of the most secure systems for international travel documents. More than 100 million passports, personal and company ID cards, digital tachographs, and electronic tickets in Europe are equipped with the highly secure TCOS operating system.
The PACE protocol provides protection against unauthorized uploading of data via a contactless interface. The chip on identity documents has a passport photo and fingerprints stored on it, among other things. The software organizes the encryption, the secure readout of personal data, and protects these against unauthorized access. TCOS is also able to safely store keys and calculate the cryptographic algorithm within the chip. Securely imported keys never have to leave the chip card again.
The combination of Telesec chipcard operating system and security chip has been conceived with international requirements for electronic documents in mind. But we don't stop there: in conjunction with various chip manufacturers, we are continuously checking the use of new smart card technologies as well as application areas. Examples of implementation areas are mobile security, ID cards in companies, electronic driving licenses (European driver's license), the security for cloud solutions and security for data in web solutions such as the intelligent electricity meters (smart meter).
Identity systems for electronic passports and national ID cards. Smart card-based project solutions.
Secure storage and security anchor for digital identities of people and devices.