SEVEN FACETS OF DIGITISATION - Bundesdruckerei · SEVEN FACETS OF DIGITISATION 1. ... – eID...
Transcript of SEVEN FACETS OF DIGITISATION - Bundesdruckerei · SEVEN FACETS OF DIGITISATION 1. ... – eID...
www.bundesdruckerei.de
SEVEN FACETS OF DIGITISATIONDIGITAL TRANSFORMATION IN DETAIL
SE
VE
N F
AC
ET
S O
F D
IGIT
ISA
TIO
N
Contents
EDITORIAL
The details of digitisation 3
Bundesdruckerei in figures 4
The Bundesdruckerei Group 5
SEVEN FACETS OF DIGITISATION
1. Thinking outside the box 6
2. Digital business processes within the company 12
3. The end of carefree communications 18
4. Co-operation with the best experts: your own customers 24
5. Reinventing communication 30
6. Investing in creative innovation 36
7. Securing digital identities 42
REFERENCES & PUBLISHING DETAILS 48
If we take a step back and look at the big picture, it appears to be clear that the
digital transformation of business and society is coming. In some industries,
it arrived some time ago, other sectors are still in the throes of transformation and
the areas that remain will have to undergo it even if they don’t yet know it.
According to a recent representative survey by Bundesdruckerei among CIOs at
German companies with at least 20 employees, almost nine out of ten companies
in Germany are open to digitisation.
That being said, only nearly every third company considers itself to be well-
prepared for the digital transformation. According to the survey, every fifth
company is losing sales because it is not moving forward fast enough with its
digital transformation.
You could say that there are some clouds hovering in the supposedly clear big
picture of the digital era. We see founded and unfounded fears as well as the many
small, allegedly annoying details of digitisation in everyday working life. After
all, there is no such thing as a little bit of digitisation. Digitisation concerns all
departments and processes of a company.
That’s why the Company Profile 2015 focuses in word and images on the seven
facets of digital transformation, each presented with an example from
Bundesdruckerei which itself underwent this process in just a few years and
continues to pursue it as a strategic corporate goal. As part of this strategy,
we offer holistic solutions “Made in Germany”, especially for medium-sized
companies, accompanying them on their way to a secure digital future.
By the way, the images used to depict the facets of digitisation are close-ups of
solutions and products from Bundesdruckerei’s portfolio. That’s because you have
to pay attention to the details of a company’s everyday work in order to achieve
a coherent “big picture” for digitisation.
Ulrich Hamann
CEO of Bundesdruckerei GmbH
The details of digitisation
3
2015 2014 2013
Sales 464.7 453.4 398.6
of which ID 388.8 391.5 333.9
of which banknotes / other 75.9 61.9 64.7
Personnel expenses 127.6 117.8 113.3
Investment in tangible assets, software, licenses 46.2 30.8 32.4
Depreciation on tangible assets, software, licenses 27.3 24.0 25.4
Earnings before interest, taxes, depreciation and amortization*
123.4 96.3 99.5
in € million
* EBITDA
2015 2014 2013
Balance sheet total 868.0 840.1 824.9
Fixed assets 593.4 569.5 593.4
Current assets 268.4 263.9 225.5
of which liquid funds 116.9 157.4 111.9
Equity 444.8 443.7 440.4
in € million
The Bundesdruckerei Group
2015 2014 2013
Research and development expenditure 46.5 34.7 30.0
Employees (not including interns, apprentices, working students) 1,868 1,821 1,715
in € million (except number of employees)
Bundesdruckerei in figures
Shanghai Mite Speciality & Precision Printing Co. Ltd.– ID documents for China
Veridos GmbH– International ID solutions for governments
DERMALOG Identification Systems GmbH– Automated fingerprint
identification systems (AFIS)
cv cryptovision GmbH– Innovative cryptography– Public key infrastructure (PKI)
Maurer Electronics GmbH– Secure ID development centre– ID systems– Personalisation systems
iNCO Sp. z o.o.– Data capture and production of
electronic publications– Scanning services– Business portal with administration services
genua GmbH– Firewall systems– High-security gateways– VPN systems– Mobile security solutions
D-TRUST GmbH– Electronic signatures– PKI products and services– eID service provider– Qualified trust service provider
SUBSIDIARIES
SHAREHOLDINGS
4 5
1Thinking outside
the box
Digitisation is by nature open. In order to benefit from digitisation, companies are opening their
organisational structures and forming networks with each other. One example of this is the promotion
of interdisciplinary collaboration, for instance, with scientific institutions and universities.
T oday, digital data forms the basis for many business models at companies
and is a precondition for an effective value chain. The networking of data
is also everywhere, but the real potential often only surfaces when data is
connected beyond the boundaries of a specific product or service and can be used
to create new applications and service models. This means that producers are
increasingly becoming providers of services and new business models are emerging.
Anyone wanting to stay innovative in this field must co-operate with external
partners while warranting the security of their own data and that of third parties.
This idea is the foundation for collaboration between Bundesdruckerei and the
Hasso Plattner Institute (HPI) in Potsdam. Together, these two partners have
developed the cloud-based pilot project titled “online data vault” (see interview on
p. 9). Data and software are today no longer stored locally but on external servers
that are connected by networks, i.e. the cloud. In order to enable high-security
cloud computing, HPI and Bundesdruckerei have developed a technology with
which user data can be securely stored and made permanently available on servers
in Germany. The basis for this pilot project was the highly efficient CloudRAID
technology developed by HPI and Bundesdruckerei’s Trusted Service Platform that
users can use to authenticate themselves.
One important goal of the pilot project was to explore and develop potential
solutions for companies and the public administration. “The public sector can
especially benefit from stronger integration of cloud-based solutions,” explains
Ulrich Hamann, CEO of Bundesdruckerei. “The Hasso Plattner Institute is a
strong partner who is accompanying us in our efforts to combine cloud solutions
with secure identities for people and processes,” says Mr Hamann. In this project,
HPI and Bundesdruckerei are focusing on one of the decisive challenges of
digitisation: While misuse poses a threat to every data-based business model,
secure solutions are paving the way for new business concepts.
1 | Thinking outside the box 6 7
Dr. Meinel, how did the CloudRAID
project come about?
Our goal was to create a high-security
cloud solution and we needed a
competent partner for this ambitious
research project. Bundesdruckerei is
one of the leading suppliers in the field
of identity management and so it was
natural that we should co-operate.
With CloudRAID, we have come up
with a solution that will reach product
development once the pilot phase has
been completed.
How does your institute
benefit from co-operating with
Bundesdruckerei?
Our scientific collaboration has been
underway for some time now and has
led to a number of PhD projects.
Thanks to this kind of collaboration,
we can provide our students with
a close look at the latest business
app lications in IT.
What other kind of benefits
does this kind of collaboration
offer your students?
Due to close personal exchange,
they have dealings with companies
and get to know potential employers in
the Berlin-Brandenburg region.
For companies like Bundesdruckerei,
on the other hand, this kind of
colla boration makes sense because
it allows them to get to know new
talented IT people.
How can the cloud be made truly secure?
Together with the Hasso Plattner Institute (HPI) in Potsdam, Bundesdruckerei is currently developing the trailblazing
CloudRAID solution. HPI Head Prof. Dr. Christoph Meinel sees this as a challenge with enormous potential.
T-SHIRT WITH A DATA CONNECTION
Today, secure data is even important for clothing. Manufacturers of sports goods
not only sell sports shoes and functional garments, they also sell fitness based on
data. This data is generated, for instance, by so-called wearables. A wearable can
be a bracelet, a smart watch or smart garment, for instance, a functional T-shirt
fitted with sensors.
While the wearer is jogging, the wearables measure performance, distance and
calories consumed, along with vital signs, such as heart rate. They send the
performance and vital data to smart phones or the cloud. And that’s where
collaboration with Bundesdruckerei comes into play.
Together with the Design Research Lab research group at Berlin’s Universität
der Künste (UdK), Bundesdruckerei developed solutions in 2015 that can make
connected wearables more trusted and more secure. As part of this move,
Bundes druckerei has enhanced the Trusted Service Platform which enables
secure data access and transfer.
The platform also features access to a cloud solution that is based on secure identity
management. With its high-security solutions, Bundesdruckerei hence ensures
secure authentication, identification and secure data transfer for platform users.
The main reason for collaborating with UdK, however, was to make Bundes druckerei’s
services more user friendly. “We develop highly innovative solutions for people
and these solutions must then be easy to use,” says Mr Hamann.
LOGICAL CONTINUATION OF THE INNOVATION STRATEGY
The projects with HPI and UdK are good examples of a general trend that can
be seen with the digital transformation: mastering technological challenges
through clever collaboration. Partnerships like these are the logical continuation
of Bundesdruckerei’s innovation strategy. As a leading ID systems supplier, the
company welcomes technology partnerships and interdisciplinary exchange, both
inside and outside the company. For Bundesdruckerei, thinking outside the box
is certainly nothing new.
1 | Thinking outside the box 1 | Thinking outside the box 8 9
THESE INKS CONTAIN SECURITY
Ink as a security feature: Depending on the angle of vision, the special ink shimmers green or blue. It also glitters in light and forms stable bubbles due to its creamy consistency. Bundesdruckerei uses this ink, for instance, in the production of official documents such as passports and ID documents – for customers world-wide.
2Digital business processes
within the company
There are limits to the added value that is possible with many physical products and today more and more companies are
adding digital services to their business fields, thereby becoming solution providers. The best way to achieve
this is to cleverly digitise key processes within the company.
T he pace of technical development is rapid. Today’s state-of-the-art
solutions could already be obsolete by tomorrow. Companies like
WhatsApp or Airbnb are good examples of how small suppliers can
become global market leaders. An app that nobody had heard of yesterday
could already be installed on millions of smart phones by tomorrow.
Therefore, it’s essential that you act fast. But when it comes to making the
right decisions, strategic expertise is needed. This is especially true for many
small and medium-sized companies who are hesitant to undergo digital
transformation.
Bundesdruckerei, once a traditional and specialised producer of banknotes and
government documents, has transformed into a supplier of IT security solutions
and can now use its experience to help other companies that are currently in the
process of digitisation.
HIGH DEMAND FOR SECURE SOLUTIONS
In recent years, Bundesdruckerei has successfully undergone its own digital
transformation, not just in terms of its services and products, but also with a
view to the company’s internal workflows. When correctly implemented, digitised
processes mean much more efficient workflows and time-consuming changes
in media become a thing of the past.
The advantages of this are particularly evident in the ordering process used by
public authorities: All orders sent to Bundesdruckerei are digital. All the data
needed to handle the order arrives at Bundesdruckerei through high-security
channels and is quickly passed on, for instance, to the department responsible
for the production of ID cards and passports.
2 | Digital business processes within the company12 13
FORGERS CAN’T OUTSMART THIS EXPERT
The white space around the camera enables reflection-free images to be taken, so that the VISOTEC EXPERT 600 reader is better at verifying the increasingly complex optical security features of passports and ID documents. The VISOCORE Inspect / Verify software that comes with it contains the security features of more than 1,600 documents from around 200 countries.
From the production line to the washing machine: the number of connected devices is rising rapidly. The world now has more machines, sensors, etc. in the Internet of Things than people with an Internet connection. A good two thirds of these machines are appliances in private households while a third are applications in the business sector.
Source: Gartner; figures rounded
* Estimate
The same can be said for the invoicing process, as well as the entire production and
logistics processes which Bundesdruckerei has also digitised with determination
in recent years. The transformation process is always based on warranting secure
identities, not just of people, but also of processes, products, materials and
machines. This ensures that all the process participants are in fact who or what
they claim to be.
MANY COMPANIES DO NOT MAKE USE OF THEIR DIGITAL POTENTIAL
In spring 2016, Bitkom, Germany’s digital association, published a remarkable
study showing that eight out of ten German companies still frequently use a fax
machine to communicate internally and externally. Only the telephone and e-mail
were more popular. It appears that the fax machine continues to be used despite
digital transformation. Fewer than half of the companies surveyed work with
video or online conferences. And only one in six companies also use social media
to communicate.
Digitisation is completely transforming our lives, at home and at work. While
companies in Silicon Valley are pushing ahead at full steam and major players
like Amazon, Facebook or Google are setting up and continuously expanding
3.8 billiondevices
2014
4.9 billion devices
2015
20.8 billion* devices
2020
6.4 billion* devices
2016
their global, digital ecosystem daily, many companies in Germany are still using
fax machines to communicate. One thing is for sure, anyone who fails to get on
board with digitisation now will be left behind. After all, the era of digitisation
by its very nature is not only open but also fast.
DIGITAL CHANGE STARTS AT THE TOP
Digitisation is not just for IT, it is in fact a strategic matter. As part of their digital
transformation, companies undergo comprehensive change. Digitising a “little
bit” is not enough. After all, transformation always means a new start with clear
strategies, holistic concepts and solutions that must keep pace with permanent
change.
The signal for this new start must come from the top, and it is up to management
to steer digital transformation processes. The change triggered by the CEO,
however, is just one precondition. Sound digital training for staff is also necessary
so that new work processes can be mastered with confidence. Digital change is
hence something that affects the entire company.
Connected devices
2 | Digital business processes within the company 2 | Digital business processes within the company16 17
3The end of carefree
communications
To avoid falling prey to cyber attacks, companies have to be able to protect sensitive data,
intellectual property, digital processes and connected systems and they must be able to
unambiguously verify the identity of business partners and customers.
W hen the Federal Office for Information Security (BSI) published
its report on The State of IT Security in Germany 2015, it focused
on one particular topic: the protection of so-called critical infra-
structures, i.e. all facilities and systems that could lead to a significant disruption
in public security, supply problems or dramatic impairment should they fail.
These include power and water supply, hospitals and telecommunications.
BSI warns of high risks for the German economy. The report states, amongst
other things, that the number of attacks on industrial control systems is rising.
Because more and more systems like these rely on IT to operate, it was essential for
companies and institutions to see IT security as part of corporate risk management.
Although system failures can have “far reaching consequences” for companies,
IT security was still not a high priority. This matches the results of a survey of
556 companies with at least 20 employees conducted on behalf of Bundesdruckerei
in spring 2016. Almost every fifth company admitted to not having an IT strategy.
CHALLENGE POSED BY REMOTE MAINTENANCE
Bundesdruckerei is a trusted partner for governments and companies when it comes
to protecting highly sensitive processes, data and electronic communications.
A central factor of this is the management of identities. Secure identities warrant
that individuals, machines and objects can be unambiguously identified and access
is only granted following correct authentication. This begins on the company’s
website, extends to digital communications and reaches right out to the gate to
the company car park.
Secure and reliable remote maintenance of industrial systems poses another
major challenge. According to BSI, break-ins through remote maintenance access
points are among the “top 10 threat scenarios in production and process
3 | The end of carefree communications18 19
THESE MIRRORS SEE EVERY DETAIL
Fingerprints are a key com ponent in many systems from Bundesdruckerei. Thanks to highly sensitive light sourcesand optical technologies, this scanner can quickly and precisely scan the prints of all ten fingers.
auto mation”. Remote maintenance is now part of everyday life for many companies.
Complex and highly sensitive systems, such as gas turbines and industrial robots,
will no longer be serviced and monitored by a company’s own staff, but need to
be attended by the machine manufacturer or specialist service providers. Many
companies have also moved their production abroad, so that while the production
system is located in Asia, for instance, the company’s headquarters continues to
operate in Germany.
To keep machines running and to cut costs, companies often service the machines
via the Internet. But this means opening their networks to a certain degree. If,
however, the machine data is sent via the Internet or if operating parameters are
even changed and software updates imported from outside, this makes the
systems in question susceptible to attack. Remote access using a non-encrypted
Internet connection or even an old ISDN modem is extremely risky anyway. Under
such un favourable conditions, attackers can penetrate deep into the company
network and at worst even stop or manipulate production.
SECURE RENDEZVOUS IN THE SERVER ROOM
Companies now need holistic approaches and comprehensive security concepts in
order to effectively protect their critical infrastructures. Bundesdruckerei has a
holistic solution – developed by its subsidiary genua – that allows user companies
to enjoy the benefits of remote maintenance without having to expose themselves
to such enormous risks. The heart of this solution is a so-called rendezvous server
(see box on p. 22) outside the critical network area where the maintenance service
and the industrial company meet using encrypted connections and can initiate
remote maintenance in a secure and targeted manner.
Long-distance relationships can work
Remote maintenance is first and
foremost a matter of security. This
applies both to companies with big
machine facilities and to suppliers
of remote maintenance services.
The problem here is that remote
maintenance staff have access to
external company networks and hence
enter into sensitive IT security areas.
Bundesdruckerei and its subsidiary
genua have a joint solution on offer
that provides comprehensive security
for remote maintenance. The most
important aspect of this solution is
that it does not allow the remote
maintenance service to independently
access the customer network. Instead,
all maintenance connections run via a
rendezvous server which is installed
in the so-called demilitarised zone
(DMZ) in addition to the firewall. The
DMZ is a neutral zone between the
company network and the public
network. Strongly encrypted point-to-
point connections, which are protected
by secure authentication, are generated
for access to the rendezvous server.
With this solution, companies have
control at all times over maintenance
access to their networks. The encryption
and authentication methods used by
genua are practically impossible
to bypass with the technology currently
available. Installing the solution itself
is not very complicated: The required
genuboxes must be integrated into the
legacy network, cryptographic
keys have to be generated and firewalls
configured.
Remote maintenance of machines can be made more secure using a so-called rendezvous server outside the actual company network.
Technology from the Bundesdruckerei Group has a key role to play here.
Firewall Firewall
Rendezvous server
DMZ
Machine under remote maintenance
IT system under remote maintenanceRemote main te nance
provider
genubox
genubox
Network service provider Network customer
3 | The end of carefree communications 3 | The end of carefree communications
genubox
22 23
4Co-operation with the best experts:
your own customers
What does the customer want? This question can be answered directly
and quickly today – by customers themselves. Clever companies today work
with their customers as partners to develop solutions for the digital era.
O ut-of-the-box solutions are seldom suitable for developing products
and services that truly meet the needs of the customer. A company
determined to master the digital transformation should develop tailored
solutions at an early point in time and together with the customer. Companies
often no longer have the time to develop innovations and services at a leisurely
pace behind closed doors. If they want to come up with useful and user-friendly
solutions, they have to involve partners and customers from the beginning.
Together with EWR AG, an energy supplier based in Rhineland Palatinate,
Bundes druckerei has developed precisely tailored solutions. EWR AG is currently
working on the complex challenges of digitisation: As a regional utility, the
company provides important infrastructures and is bound by the Federal Network
Agency’s so-called IT Security Catalogue which just recently came into effect.
SECURITY CATALOGUE FOR THE ENERGY SECTOR
This Catalogue is the first list of precise rules for information and IT security
which companies must observe and which are verified in an external audit. With
this Catalogue, the Federal Network Agency aims to ensure that electricity and
gas are always available. Companies operating in the energy sector are also
obliged to name a contact person for the Federal Network Agency (see box
on p. 26). Moreover, they also have to introduce a so-called Information Security
Management System (ISMS) by 31 January 2018.
DIGITAL SECURITY IN LINE WITH INTERNATIONAL STANDARDS
The purpose of the ISMS is to ensure that a company’s information security is
both transparent and sustainable. Energy grid operators must gear their activities
to the international ISO 27001 standard and be certified according to this standard
within two and a half years after legislation has come into effect. Experience shows,
however, that it takes at least 15 months to introduce the system. In the case of
4 | Co-operation with the best experts: your own customers24 25
utilities, the task at hand is also complex because the infrastructure-related
security of decentralised components must be combined with the IT security
of different networks. This is where a partner is needed who can accompany
the company through this intensive process.
Rather than providing EWR AG with a finished product, Bundesdruckerei’s
experts worked with the customer to develop an individual solution step
by step. Several joint workshops were needed in order to master the complex
require ments of an ISMS. The first step involved identifying the status quo
in terms of infor mation and IT security and the project ended with the
implementation of a complete ISMS.
An important part of this process was the support provided by the best experts,
i.e. the customer’s staff working in the security-relevant areas. Thanks to this early
involvement, it was possible to create a solution that meets the requirements of the
new Security Catalogue, provides the company with additional security and is
accepted by staff.
Call for security
The Federal Network Agency’s Security
Catalogue lists special rules for energy
suppliers. One key requirement is the
introduction and certification of an
Information Security Management
System (ISMS).
The central element of an ISMS, on
the other hand, is the information
security officer. He is responsible for
monitoring and controlling the ISMS
and is the first point of contact for all
matters related to IT and information
security, also during external checks,
for instance, during an audit. His task
is also to heighten awareness among
management and employees.
This officer regularly updates
management on the status of the ISMS,
the IT security risks that exist and on
their potential impact on business
operations, as well as on progress in
implementing the counter measures
adopted. If security-relevant incidents
occur, the information security officer
takes over. He checks which additional
measures are necessary and how the
ISMS is to be expanded.
Using company-spanning concepts,
he also ensures the uniform implemen-
tation of security rules, for instance,
for classifying information, telework,
mobile applications or using smart
phones.
Such a diverse work profile calls for
extensive technical, methodological,
social and managerial skills. That’s why
it often makes sense to commission
an external information security officer
just like the data protection officer.
However, such a decision needs to be
considered carefully since the tasks
described require that the information
security officer work closely with
the company.
Why responsibility for security cannot be simply passed on to algorithms and machines.
4 | Co-operation with the best experts: your own customers 4 | Co-operation with the best experts: your own customers26 27
THIS FOIL BRINGS COLOUR TO PASSPORTS
Applying an individual security foil on a personalised passport has two advantages: The laminated holographic foil both protects the datapage against wear and provides the passport with further security features. The solution offered by Bundesdruckerei includes passport design and production as well as the control and system software.
5Reinventing
communication
Thanks to the digital transformation, work and production at companies are no longer tied to time and place. Platforms for mobile communications
are becoming more important. If companies enable digital mobile exchange for their employees, this
calls for the highest security standards.
Bundesdruckerei’s subsidiary genua works on securing networks and focuses
on customers with special IT security requirements, especially mechanical
engineering firms and public authorities. The services offered by genua
include the development of firewalls, virtual private networks (VPNs) for secure
data exchange via the Internet, remote maintenance solutions for machine systems
and IT systems, as well as solutions for mobile security.
Using the popular messaging service WhatsApp as an example, genua founder
Dr. Magnus Harlander explains the hidden risks in digital communications.
Communications via the app are now protected by end-to-end encryption. This
encryption is supposed to protect the user’s privacy and WhatsApp itself is also
unable to see the users’ messages and photos.
“The problem, however, is that users already make their complete address book
available when they register,” says Dr. Harlander, “even though they don’t want
every contact to appear there.” genua and Bundesdruckerei are currently working
on secure communication solutions that are suitable for everyday business (see
interview on p. 35).
THE IDEAL PARTNER FOR BUNDESDRUCKEREI
“genua’s portfolio perfectly rounds off Bundesdruckerei’s products and services,”
says Bundesdruckerei CEO Ulrich Hamann, “the takeover is part of our strategy
to offer one-stop IT security solutions for public authorities and medium-sized
companies.” In August 2015, Bundesdruckerei acquired a majority interest
(52 percent) in genua. This merger means enormous increase in industrial know-
how for both companies.
Bundesdruckerei now offers complete digital security systems for public
authorities and private companies, as well as system solutions and services for
5 | Reinventing communication30 31
THIS BOX OFFERS PROTECTION FROM INQUISITIVE GLANCES
The genubox is a component of an overall solution that protects production machines during remote maintenance. It is the receiving point for an encrypted connection and includes an integrated firewall. In this way it protects the machine and prevents access to other systems in an organi-sation’s network during remote maintenance.
identity management. The takeover of genua was important in order to create
efficient and user-friendly one-stop solutions for new areas of business.
The companies in which Bundesdruckerei has invested in recent years include
fingerprint specialist DERMALOG Identification Systems as well as cv cryptovision,
a supplier of cryptographic methods. Bundesdruckerei and Giesecke & Devrient
have also launched Veridos, a joint venture that bundles the companies’ secure
identification solutions for foreign governments.
THE SECURE IPAD AND THE SECURE SMART PHONE
There is no stopping smart phones. In 2010, around 300 million smart phones were
delivered world-wide. This figure had already risen to 1.4 billion devices in 2015.
Smart phones and tablets have become a firmly established part of everyday work.
Mobile devices allow employees to stay in contact with their company headquarters,
but they can now also offer services for their customers no matter where they are.
Mobile devices are fast and flexible, but when used at companies, they do have
to meet high security standards. This is not already the case when the devices
are delivered.
That’s why Bundesdruckerei and genua have begun working on developing the
“secure iPad” and the “secure smart phone”. The aim of these efforts is to ensure
that the mobile devices work smoothly while the data sent and received is reliably
protected. This is not a trivial task by any means. “Most attacks directly target weak
points in the operating system,” says Dr. Harlander, “and the security- relevant
settings can be manipulated from there.” That’s why it is necessary to additionally
secure susceptible areas and to develop secure address books as well as secure
e-mail apps. This will enable comprehensively protected mobile communications
no matter where.
How do you expect to benefit
as a new member of the
Bundes druckerei Group?
As part of the Group, we can now
offer new one-stop solutions. We
can combine security solutions from
Bundes druckerei that focus on the
reliable identification of individuals
with high-grade IT security solutions
from genua. This will allow us to
further expand our good standing
with public agencies and will pave the
way for considerable growth in a
sector that is becoming increasingly
connected.
What is the task for IT security
today?
Companies like Apple, Facebook or
Google primarily earn money with
data. But we believe that companies
have nothing to give away, especially
when it comes to their data. That’s
why we really need to pay attention to
mobile communications and the devices
used for this. Many users are not aware
of how many apps process data in the
background and automatically pass this
data on to third parties while the user
is writing an e-mail, for instance, or
sending a message.
Where does your company see
the solution to this problem?
We are currently working on the
“secure iPad” and on the “secure smart
phone”. The idea is to separate and
encrypt important data so that other
apps cannot access this data. These
solutions offer business functions in a
protected area, such as address book
and a mail app, thus providing real
security on mobile devices.
“Companies have nothing to give away”
Smart phones are not secure enough for use at companies. Bundesdruckerei’s new subsidiary genua and one of its founders,
Dr. Magnus Harlander, are determined to change that.
5 | Reinventing communication 5 | Reinventing communication34 35
6Investing in
creative innovation
D o we now really fully understand materials?” asks Dr. Manfred Paeschke,
Head of Bundesdruckerei’s Innovation Department. The next step in
technological development will focus primarily on how new functional
materials can be used to connect new products and applications. In the field of
digitisation, distributed and artificial intelligence, new security principles or even
post-quantum cryptography will accompany and support users in the future.
Dr. Paeschke’s department at the headquarters in Berlin is much like a workshop;
work is permanently underway testing and developing new ideas. This area is
Bundesdruckerei’s technological trend scout.
“How will we be able to identify ourselves in ten or twenty years from now?”,
“What’s privacy today, what will it be tomorrow?” And: “Which data will still
have to be protected tomorrow, and which won’t?” These are just some of the
questions which Dr. Paeschke and his team are working on. Another aspect that
is always present is the question regarding the technological challenges that
Bundes druckerei will have to face in the years to come. These questions are the
starting point for developing approaches for new products and solutions. “The
health sector is currently a huge topic. The use of big data is enabling completely
new diagnosis strategies, but privacy must be considered here, for instance, when
managing patient data,” says Dr. Paeschke. Solutions from Bundesdruckerei could
also help here to ensure greater security in the future.
WHAT WILL ID DOCUMENTS LOOK LIKE IN TEN YEARS FROM NOW?
More than 20 employees at the innovation department are working on new ideas
for identification and authentication (see also box on p. 40). These employees
come from many disciplines and include physicists, mathematicians, engineers,
communications engineers and cryptologists. Dr. Paeschke, himself a physicist,
has been with Bundesdruckerei since 1999 and during that time has initiated
6 | Investing in creative innovation
Where is the digital transformation taking us? In order to find an answer to this question, companies today
are setting up think tanks and innovation departments where multi-disciplinary and, most importantly,
ambitious work is being carried out across departments in search of new ideas.
36 37
THIS ALL-ROUNDER BOARD COMES WITH BIOMETRIC SKILLS
A smart card serves as a kind of electronic key for doors and gates, and provides digital access for log-in processes, data encryption and similar applications. The complete biometry is integrated onto this so-called “system on document”: 3D fingerprint sensor as well as minutia scan and comparison. The authentication process takes place on the card.
co-operation with a number of universities and scientific institutions, for instance,
the BeID Lab at Berlin’s Humboldt University, collaboration with the Hasso
Plattner Institute and a number of co- operation projects with various Fraunhofer
institutes. New security features for ID documents and banknotes are also
developed at the innovation department. Holograms and nano structures are
an important part of these developments.
One of the latest ideas is related directly to the use of a new employee ID card
and is called GoID Card. The smart card prototype has a user interface so that it
can interact with the user and enables holders to identify themselves using their
fingerprint and an integrated sensor. Solutions like these are useful for companies
that want to and have to restrict access to critical areas. Thanks to its so-called
“match on card” feature, no personal biometric data is sent to the background
system and the data is stored and verified on the card only.
Following extensive in-house testing at our own company, other companies and
public agencies are soon to be able to use the system. The card can also serve as
an additional security element for the Internet of Things. Thanks to extremely
innovative and efficient software, it can work with limited resources, needs very
little time or energy to process data and is still very secure.
HOW WILL WE PAY TOMORROW AND WHAT WILL WE USE?
Mobility is another topic. “When it comes to driverless cars, for instance, we need
strong security solutions in order to prevent dangerous manipulation,” says
Dr. Paeschke. The head of innovation believes that mobility and smart home offer
just as much potential for new secure solutions from Bundesdruckerei as do cloud
computing, Industry 4.0 and identity management for banks. The financial sector
is also on the move: The question now is how will we pay in the future?
“I believe that we can always learn something from history,” says Dr. Paeschke.
More than 100 years ago, a technological transformation took place that was just
as comprehensive as today’s transformation. Cars were built, electrification was
promoted and electricity grids were set up. Dr. Paeschke: “What we are dealing
with today are networks, but in a different context. If we can manage to think as
progressively as the technology pioneers from 100 years ago, then we will be
well-equipped to address the future.”
Sweating at the touch of a button
Odour is something very unique.
Every person has their own genetically
determined, individual odour that
clearly identifies them. It is a biometric
feature that’s almost impossible to
forge. But that is precisely what makes
it a possible means for identification
and verification. Bundesdruckerei
recently filed a patent application that
was simply titled “Method and system
to provide an identity carrier function”.
But what this in fact refers to is the
biometric measurement of odour.
The aim is to be able to identify a person
based on their odour. A sensor is to
be developed that can electronically
measure human odours and clearly
assign them to the respective “ID
bearer”. In addition to today’s capturing
and verification of biometric features,
such as fingerprints, height and facial
geometry, the new devices could
micro-electronically verify a person’s
identity on the basis of their odour.
Although there is still a long way to go
before this will be implemented, the
German Patent and Trade Mark Office
and the European Patent Office are
currently examining the patent applica-
tion. What is, however, likely is that in
the medium term Bundesdruckerei will
actually be able to enable odour verifi-
cation, for instance, for access to the
server room.
In future, it could be possible to unambiguously identify people not just by their fingerprints and face, but also by
their individual body odour.
6 | Investing in creative innovation 6 | Investing in creative innovation40 41
7Securing
digital identities
In order to benefit from the enormous opportunities offered by digitisation, a company’s data and documents
must be effectively protected, for instance, using smart ID documents, encrypted e-mails and security certificates.
W hat in fact is a digital certificate? A question that appears to be quite
difficult to answer. Only one in six Internet users can explain the
term and more than half of them have never even heard of it. This is
the result of a representative consumer survey commissioned by Bundesdruckerei
early in 2016.
But practically all of today’s authentication, encryption and electronic signature
methods are based on digital certificates. Digital certificates are – in short –
notarised documents that confirm identity on the Internet. People, companies and
even individual devices can use them to prove their identity which is confirmed
by a trusted and independent third party. They provide protection against forgery
and manipulation. Based on another survey by Bundesdruckerei, only around
one in three German companies with at least 20 employees use certificate-based
cryptographic solutions. Every tenth company is currently planning to
introduce such measures.
D-TRUST AS A PARTNER FOR MICROSOFT’S SECURE CLOUD
Saving data and applications in the cloud gives companies greater flexibility
and allows them to respond faster. Instead of expanding their own capacity at
con siderable cost, companies can simply and quickly purchase additional storage,
additional computing power, etc. from their cloud service provider. But out-
sourcing also poses risks. It is essential for companies that the data stored in the
cloud is safely protected against any kind of third-party access and can be sent
from the company to the cloud and back again in a secure manner. This is where
certificates have a key role to play.
A good example of this is the co-operation between Bundesdruckerei and
Microsoft. In the second half of 2016, the US company will offer a number of
cloud services, including Azure and Office 365, also from German data centres.
7 | Securing digital identities42 43
THIS CODE CONTAINS A NOTARY TO GO
Digital certificates are – in simplified terms – notarised documents which are used to confirm identities on the Internet. Bundesdruckerei’s trust service provider acts as the notary here: The D-TRUST signature card can be used for secure identification and authentication on the Internet – thanks to the cryptographic certificate shown here.
Microsoft will rely on D-TRUST, Bundesdruckerei’s trust service provider, to
encrypt and secure data communications between customer applications and
cloud servers. D-TRUST’s digital certificates are hence a central part of Microsoft’s
security concept for its future public cloud services offered on the German market
(see box on p. 46).
THE LOCK IN THE BROWSER
As a normal user, how can you recognise that a certificate is currently being
used? If the connection to a website is secured by a certificate and hence the
identity of the provider is confirmed by an independent third party, the web
browser usually displays a lock icon in the address line. This icon is only displayed
when the website has a valid certificate that was issued by a trusted third party
like D-TRUST which verifies the assignment of the website and the existence
of the owner using trusted sources, such as the commercial register, before issuing
a certificate.
Digital certificates minimise security risks but they do pose a challenge for
com panies. That’s because companies need a public key infrastructure (PKI) in
order to create, manage and verify digital certificates. Setting up and operating
a PKI, however, is a complex and costly matter. Many small and medium-sized
com panies therefore do without a PKI and hence also without powerful encryption
and security technology. This is risky, especially for companies that have to
protect their valuable intellectual property as much as possible.
That’s why Bundesdruckerei has created its “PKI as a Service” solution that enables
small and medium-sized companies to easily use high-security encryption,
signature and authentication solutions. In other words, instead of investing a lot
of time and money in their own PKI, customers can use standard interfaces to
connect existing infrastructures to Bundesdruckerei’s PKI – another milestone
on the road to digital transformation.
Dr. Nguyen has a PhD in mathematics
and is CEO of D-TRUST, Bundes-
druckerei’s trust service provider and
one of the leading suppliers of digital
certificates in Germany. D-TRUST now
employs 73 people and the number is
growing. “Some of Germany’s major
providers have closed their certification
bodies in recent years, but for us digital
certificates are an international area of
growth,” says Dr. Nguyen.
Co-operation with Microsoft is an
important part of this: The US company
plans to offer business customers in
Germany cloud solutions that will in
fact be hosted on servers located in
Germany. D-TRUST won the contract
from Microsoft to secure communica-
tions between users and the servers in
the data centres using so-called SSL
certificates. In addition to high quality,
there were other important reasons
to choose D-TRUST: “As a company
we are absolutely trustworthy and we
have the latest state of the art,”
says Dr. Nguyen. There are also soft
factors that help to convince customers,
such as the fact that the company is
located in Berlin and belongs to the
Bundesdruckerei Group. Dr. Nguyen
hopes to see co-operation expand
where certificates are concerned, for
instance, with large groups and with
small and medium-sized companies.
Dr. Nguyen himself has been working
at Bundesdruckerei since 2004 and
thanks to his many years of experience
with cryptographic systems, he was
also involved in implementing the new
German ID card and the electronic
passport.
Your certificate please!
How Dr. Kim Nguyen, Head of D-TRUST, Bundesdruckerei’s trust service provider, is determined to make the world
of connected business more secure and why Microsoft is also relying on his expertise.
7 | Securing digital identities 7 | Securing digital identities46 47
SEVEN FACETS OF DIGITISATIONDIGITAL TRANSFORMATION IN DETAIL
Editor (within the meaning of German press law) / Publisher (also the holder of the exclusive rights of use)Bundesdruckerei GmbHAntonia MaasKommandantenstraße 1810969 Berlinwww.bundesdruckerei.deTel.: +49 (0) 30 2598-0E-mail: [email protected]
Commercial register numberAG Berlin-Charlottenburg [Berlin-Charlottenburg Magistrates’ Court] HRB 80443
VAT numberDE 813210005
Year of first publication 2016
Place of first publication Berlin Concept and realisationMarkus Albers, Stefan Kesselhut, Vera MüllerRethink GmbH, Berlin
Copy editor Stefan Kesselhut, Rethink GmbH, Berlin
Creative director and layoutVera Müller, Rethink GmbH, Berlin
Final artworkLena Jacobi
Project director and managing editorJessica Jahnke, Anna JohnRethink GmbH, Berlin
Project managerMarc Thylmann, Bundesdruckerei GmbH
AuthorChristoph Schlegel
TranslationHelen Dalton-Stein, Ralph Wittgrebe
Artistic contributionsAttila Hartwig
Printed byruksaldruckLankwitzer Straße 3512107 Berlin
Printed on heaven 42
Fonts usedMonitor and Palatino
Circulation / year of publication250 copies / 2016Publication: annually
© 2016 Bundesdruckerei GmbH
Copyright noticeUnless otherwise provided for by copyright, any utilisation – especially by copying or distribution – of the copyrighted publication or any contributions or illustrations that may be contained therein, that are protected by copyright or other laws, without Bundesdruckerei GmbH’s prior written consent is prohibited and constitutes a criminal offence. In particular, any storage or processing of the publication in database systems without Bundesdruckerei GmbH’s consent is prohibited.
IllustrationsCover, p. 10 / 11, p. 14 / 15, p. 20 / 21, p. 28 / 29,p. 32 / 33, p. 38 / 39, p. 44 / 45: Attila Hartwig;p. 9 (Prof. Dr. Christoph Meinel):HPI / K. Herschelmann;p. 11 (passport sample), p. 14 (VISOTEC EXPERT 600), p. 28 (passport sample), p. 39 (GoID Card), p. 44 (D-TRUST Card), p. 46 (Dr. Kim Nguyen): Bundesdruckerei GmbH;p. 21 (DERMALOG fingerprint scanner):DERMALOG Identification Systems GmbH;p. 33 (genubox), p. 35 (Dr. Magnus Harlander):genua GmbH
REFERENCES & PUBLISHING DETAILS
48