T-Systems-Claim-Logo
Search
Woman is smiling in close-up, half-covered by a computer screen.

Identity security

Digital business processes in the context of organisations, end users, and machines in shared systems require robust identity security management

Coveted goods on the Darknet

Woman lying on her stomach and typing something in her tablet. She is holding a gold credit card in her hand.

Is the person logging into the intranet actually authorised to do so? Is the software which issues a command to a computer authorised to do this? In the analogue world, we prove our identity with a passport and a driver's licence. In the digital world, people or objects are clearly identified using a digital identity, which protects against misuse and makes work difficult for hackers.

However, on the web there is one commodity for which sellers are consistently achieving higher prices: digital identities and digital certificates. Machine identities are particularly popular on the Darknet. On marketplaces such as Dream Market, BlockBooth, and Galaxy3, SSL/TLS certificates cost up to several thousand US dollars. At the start of 2019, IT security researchers from Kaspersky Lab Material found more than 60,000 stolen existing digital identities on the Darknet shop Genesis.

If misuse of a digital identity is to be prevented, identity data must be securely generated, securely stored, and securely processed. But users are already complacent when choosing the right password. Four out of five data attacks take place due to simple and hackable character combinations. T-Systems offers various processes and solutions with which companies can generate digital identities, secure websites, and passwords.

Your requirements are important to us

Industry

Protect your company values and processes. We also help you to securely use the rapidly growing number of connected “things” on the web.

Health

High compliance requirements require professional planning and certified operations. T-Systems takes on the responsibility for the protection of your data and infrastructure.

Public sector and education

Public facilities are a particular target for IT attacks. T-Systems supports you with competent specialists and delivers “Made in Germany” security with the highest safety requirements.

Finances

IT Systems are the backbone of the finance sector and are, therefore, strictly regulated by international compliance standards. We will protect you and help you to securely fulfil these standards.

Telecommunications

Communication is the beating heart of modern IT. As a leading provider of telecommunications services and IT security, we will also secure your exchange of information.

Energy

The energy supply sector is one of the critical infrastructures with the highest threat potential. Telekom Security prepares tailor-made and BSI-certified solutions for you.

We look forward to your project!

An expert will answer your questions about the planning, implementation and maintenance of your digitalisation projects.
Contact us today.

Your digital ID: certificates and public key infrastructure

Man stands in a room next to a glass and looks directly into the camera.

In addition to issuing certificates, the full-service Trust Centre also develops complex public key infrastructures (PKI) for industrial customers, authorities, countries, and organisations. The security and performance of individual solutions and products from the Trust Centre are safeguarded through regular certifications. The team works in compliance with EU regulation on electronic identification and trust services (eIDAS), as well as the specifications of the European Telecommunications Standards Institute (ETSI). Furthermore, gematik approval for the electronic health card is available.

The Internet of Things (IoT) and machine-to-machine communication in connection with cloud and Industry 4.0 applications are only possible if millions of communicating things and machines are clearly virtually mapped through the automated mass issuance of digital identities.

Magenta Security IoTm2m.ID – PKI Service

Highly-automated issuance and management of certificates for the “things” on the web.

  • Secure operation of the PKI service platform in the Trust Centre of Deutsche Telekom Security
  • Issuance and management of digital identities for IoT/M2M end devices
  • Varied and standardised interfaces for automated certificate management
  • A modular PKI service that is optimised for its intended use

The ideal solution for all of those who wish to equip their IoT/M2M end devices with digital identities (“passports”) and, therefore, fulfil the requirement for communication partners to interact authentically with one another in modern digital infrastructures. 

The vast number of current IoT/M2M devices, including typical office devices like printers, client workspaces, servers, and phone systems, can be managed very efficiently thanks to automation with the authorisation backend automated through the PKI service.

Magenta Security Server.ID

SSL/TLS web server certificates for secure and encrypted communication on the web. In addition, internet web servers will receive an identity to interact authentically.

  • Categorised as safe in all browsers
  • “Made in Germany” security
  • Certified operation in compliance with ISO 27001, ETSI 319 411-1, and eIDAS
  • Product variants with an annual operating time:
    • organisation-validated (or OV) SSL-/TLS certificate standard, Wildcard, and multi-domain (SAN)
    • Extended validation (or EV) TLS/SSL certificate standard and EV multi-domain (additional check to OV)
    • Special feature: extended validation TLS/SSL certificates can be upgraded for free to a qualified website certificate according to eIDAS
  • Additional domain-validated (or DV) TLS certificate product via ACME interface (fully automated certificate management possible)

Magenta Security Qualified.ID

Qualified electronic signature and remote signature in compliance with eIDAS, as a replacement for the hand-written signature.

  • Operation of signature services based on eIDAS and VDG
  • (1) PKS signature card
  • (2) PKS remote signature

Magenta Security Business.ID

The cloud public key infrastructure (PKI) for flexible and fast integration in your company.

  • Multi-client capable company PKI for issuing and managing various certificate profiles in compliance with X.509v3
  • Secure operation of the PKI service platform in the Trust Centre of Deutsche Telekom Security
  • Certified operation in compliance with ISO 27001 and ETSI 319 411-1
  • Classified as safe by all known email clients and browsers
  • “Made in Germany” security

Magenta Security Energy.ID

Issuance and management of certificates certified according to BSI (TR-3109) in the smart meter ECO system.

  • Sub-CA service as part of the smart metering PKI in accordance with BSI specifications
  • Certificates for gateways or external market participants
  • (1) Operation of Shared Energy CA [client of T-Systems Energy Sub CA]
  • (2) Operation of Dedicated Energy CA [customer-specific Sub CA]

Special regulatory requirements for the authentication and exchange of digital signatures and encrypted documents, for example, in healthcare or the energy sector, can be mapped via individualised PKI applications.

Individual PKI

Planning, development, and operation of customer-specific PKI solutions in the Trust Centre or on the customer's premises.

  • Comprehensive requirement analysis, processes, and technology
  • Concepts for every phase: PLAN – BUILD – RUN
  • Creation of all required documents
  • Planning and implementation of audits
  • Transition and operation of the PKI

Your secure authentication: access management

Input field for password against a green background

The use of a two-factor authentication solution enables companies to optimally secure access to their data in line with their protection requirements.

The intelligent service generates one-time passwords to log into online services and protected systems, is easy to integrate, and offers increased security through strong two-factor authentication, as well as cost optimisation through minimal bureaucracy. It enables users to access many systems and services with a single login process.

Magenta Security OneTimePass.ID

The cloud authentication solution facilitates strong two-factor authentication using one-time passwords.

  • Dynamic two-factor authentication based on a one-time password system
  • Various authentication methods: app, SMS token, HW token and more
  • Central management via web portals
  • User self-service
  • 24/7 hotline

Securing your most valuable identities: privileged account management

A passport is on a boarding card.

Privileged account management allows companies to safeguard administrative access to their most critical IT resources (on-premises or in the cloud). PAM solutions help companies with the storage, management, and monitoring of privileged accounts and their credentials in a secure digital safe that fulfils compliance requirements (ISO 27001, BSI basic security...).

By creating a central secure storage space for privileged identity information, companies can:

  • check and monitor the use of privileged accounts (where necessary also using third-party providers)
  • Eliminate hard-coded plain text passwords in machine-to-machine communication
  • Equip automated processes with one-off, scalable identities
  • React to identity theft of admin identification in real time

Privileged Identity Protect Pro

Risk-based authorisation and session management for privileged accounts to protect against attacks.

  • Scanning for privileged accounts
  • Central security of admin passwords and SSH keys
  • Role-based access controls
  • Dynamic rotation of admin passwords 
  • Session monitoring
  • Continuous threat analysis

Secure keys for digital identities: smart cards and secure elements

A man with a laptop in his hand and a woman standing in a server room. The woman points to visualized records.

We carry it in our wallets and coat pockets, use it on our travels, or use it for checking into our office PC. But hardly anyone is aware that, by doing this, they are entrusting their personal data to one of the most secure operating systems on the IT market: the TeleSec Chipcard Operating System – or TCOS. The highly-secure smart card operating system is certified by the Federal Office for Information Security (BSI).

TCOS for passports or ID cards has been checked in accordance with the internationally recognised process of “Common Criteria”. It is, therefore, one of the most secure systems for international travel documents. More than 100 million passports, personal and company ID cards, digital tachographs, and electronic tickets in Europe are equipped with the highly secure TCOS operating system.

TCOS encrypts personal data

The PACE protocol protects against the unauthorised reading of data via a contactless interface. The chip on identity documents has a passport photo and fingerprints stored on it, among other things. The software organises the encryption, the secure readout of personal data, and protects these against unauthorised access. TCOS is also able to safely store keys and calculate the cryptographic algorithm within the chip. Securely imported keys never have to leave the chip card again.

TCOS fulfils the toughest requirements

The combination of the TeleSec chip-card operating system and the security chip has been conceived with international requirements for electronic identity documents in mind. But we don't stop there: working with various chip manufacturers, we are continuously checking the use of new smart card technologies, as well as application areas. Examples of application areas are mobile security, company ID cards, electronic driving licences (European driver's licence), security for cloud solutions, and security for data in web solutions, such as intelligent electricity meters (smart meters).

TCOS Smart Cards

Identity systems for electronic passports and national ID cards. Smartcard-based project solutions.

  • Smartcard-based identity systems for electronic passports and ID cards (e.g. nPa)
  • Tokens and services in various form factors (e.g. ID1, µSD, embedded) as standard products (IDKey Card, NetKey, etc.), among others.
  • Individual all-in-one services and project solutions, e.g. health, tolls, tachographs, administrative radio communications, IoT, Industry 4.0, and the automotive industry

TCOS Secure Elements

Secure storage and security anchors for the digital identities of people and devices.

  • Secure elements as secure storage and security anchors for the digital the identities of people and devices
  • Individual all-in-one services and project solutions, including conception, specification, production, and rollout (e.g. for e-energy, till systems, IoT, Industry 4.0, tolls, automotive industry, administrative radio communications)

Identity security at the highest level: trusted IT operations

Trust Center

A trust centre serves as an independent certification point and trusted authority for the electronic exchange of data. T-Systems is accredited by the German Federal Network Agency (Bundesnetzagentur) as a trusted service provider. To guarantee the highest possible security, all Trust Centre services are based on the latest technologies from the security sector – whether it is for the encryption of data and networks or for two-factor authentication.

As the first German Trust Centre, T-Systems offers security services as a trusted independent service provider, based on an ISO-certified security concept. The Trust Centre, accredited by the German Federal Network Agency, serves as an independent certification point and trusted authority for the electronic exchange of data.  

All services are backed by a highly secure environment across geo-redundant data centres based in Germany. If one area has an outage, a second data centre automatically steps in. All data, the entire IT infrastructure, and all network connections are mirrored in this data centre. In this way, not only are we safeguarding a reliable and highly-available operation but we are also complying with the highest German and European requirements for data protection and security.

The creation of the certificate for this is carried out in our own Trust Centre and exclusively by trained and security-screened personnel. This produces certificates of the highest security level. T-Systems guarantees a secure, electronic exchange of data, even for highly-sensitive information.

Do you visit t-systems.com outside of Singapore? Visit the local website for more information and offers for your country.