Help
The symmetric, cryptographic encryption algorithm 3-DES (Triple-DES) is a further development of the Data Encryption Standard DES and uses 112-bit symmetric keys. DES is a widely implemented encryption algorithm with a key length used of 56 bits. However, this key length is considered insecure today. With 3-DES, DES Encryption is performed three times one after the other with two independent cryptographic keys which are generated from the 112-bit key. DES is standardized as the Federal Information Processing Standard FIPS 46-3 and becomes 3-DES by means of ANSI X9.52-1998.
A
If you are registered in My ELSTER with a certificate file, you will need a so-called access code for the retrieval and approval of requests of another person. This code is a 10-digit PIN and serves as an additional security feature in addition to the existing password for the certificate. The access code will be sent to you by post by the Tax office as part of the registration for participation in the document retrieval process or in the case of a separate application. The sending of the code by post takes place within a few days. However, in individual cases it may take up to two weeks. Please do not apply for another access code in the meantime, as this invalidates the access code that is already on its way to you. If you already have an access code when you log on to the document retrieval, it will retain its validity (no new one will be created and sent).
Depending on the activity, you will be asked to enter the access code. The 5th incorrect entry leads to a blocking of the currently valid access code. You will then need to apply for a new access code. Should it be lost in another way, you can of course apply for a new access code.
The activation code is used when approving the request of another person if the person whose data/documents are to be retrieved has not registered in the ElsterOnline portal with an identification number or has not yet registered for the document retrieval process or requested an access code. The activation code is sent by post to the person whose data you want to retrieve. The 12-digit code is a single use code that is valid only for the approval of one request. After receiving the letter, the recipient can decide whether to pass on the code to the applicant and thereby enable him or her to retrieve the corresponding documents. The activation code automatically expires if it is not given to and used by the applicant within 90 days.
The activation code is a 12-digit alphanumeric value generated by the Tax office, which serves the user once to activate a personal access to My ELSTER. It can only be effectively used in combination with an associated Activation ID. The individual activation code will be communicated to you by post upon registration.
Activation data is used by a user of My ELSTER to activate his or her personal access. Activation does not mean that the user receives immediate access to their personalized services. For this the user first needs an initialized Authentication tool (certificate file, security stick or signature card) in order to be able to provide authentication. The activation data consist of the Activation code and the Activation ID which the user receives from the Tax office.
The activation ID is a number generated by the fiscal authorities with up to 20 digits, which allows the user to activate a personal access to the ElsterOnline portal. It can only be effectively used in combination with an associated Activation code. The individual activation ID will be sent to you by email upon registration.
The Advanced Encryption Standard AES is a symmetric encryption algorithm that can operate with 128, 192, and 256-bit symmetric keys. It was developed by the cryptographer Dr. Joan Daemen and Dr. Vincent Rijmen under the name Rijndael cipher. The algorithm is considered sufficiently secure for the 21st century. It was standardized in 2001 as the Federal Information Processing Standard FIPS 197.
The asymmetric key pairs contained on an advanced signature card are uniquely assigned to an owner through recognized Trust centres or through contractual relationships and are generated in accordance with internationally recognized guidelines. They allow the owner to create Electronic signatures which clearly allow the identification of the signature for others. The signature card is assigned to the owner personally and must be under his or her control.
With asymmetric cryptographic procedures, a person or a system always receives two keys, meaning an Asymmetric key pair for example, for signature, authentication or Encryption functions and are assigned a public key and a private key. The public key is accessible to everyone, the private key only to the respective person or system. For example, with the private key, data may be signed or authenticated and checked by anyone with the associated public key. In addition, data can be encrypted with the public key for the corresponding communication partner and decrypted only with its private key. Known asymmetric cryptographic procedures are for example RSA, DSS and ECC.
An asymmetric key pair is individually assigned to a user or a system. It consists of a public key and a private (= secret) key. The private key may only be known to the owner and is used for individual authentication or decryption of electronic information by means of asymmetric, cryptographic procedures. The public key is used by the general public to verify an electronic signature performed with the private key or for individual Encryption. The cryptographic procedure ensures that Encryption and decryption as well as signature and signature verification or authentication only work with the corresponding key pair.
Authentication is the process of proving an alleged identity, such as a person, in relation to an electronic identifier. In most cases, proof is provided by IT systems by checking a user ID and a password. Greater security is provided by authentication Asymmetric cryptographic procedures or biometric features (for example fingerprint).
The security of ELSTER is based, among other things, on the use of digital certificates and the key pairs associated with them. These certificates and key pairs are stored either in a file or on a chip. The medium containing these certificates and keys is called an authentication medium. The following authentication tools can be used with ELSTER:
- Certificate file
- Security stick
- Signature card
Authenticity is generally understood to mean the authenticity (trueness) and credibility of data or a peer entity. Authenticity can be achieved and verified by cryptographic procedures, e.g. by means of Asymmetric cryptographic methods.
B
A black list is used by a Trust centre for the publication of Certificates which have been blocked before they expire. All Certificates listed in a black list are invalid from the date of publication.
C
An electronic ID card for a person, organization or system which is issued by a Trust centre and by means of its Electronic signature is certified and , guarantees the assignment of a public key to a person, organization or system. Usually, certificates are published in a Directory service. My ELSTER issues personal certificates for persons and certificates for organizations (also organization certificates).
Criteria for testing and evaluating the security of information technology. They are suitable for evaluating the security characteristics of virtually all information technology products and systems. By means of the International Standardization Organization (ISO) they are listed under the number 15408 as an international standard.
In technical terms, a computer virus is a non-independent program routine that self-replicates by attaching itself to other software or areas of the operating system of, for example, a computer and, once started, manipulates the host computer in a way that cannot be controlled by the user. The concept of computer viruses was derived from the biological model of viruses and gave them their name. Computer viruses often cause a change or loss of data and programs on a computer, as well as disruption of regular operation.
A crypto chip is a high-performance processor which can accelerate and safely perform cryptographic operations. It enables the secure storage of personal key resources in order to protect them from unauthorized access. For example, in the context of asymmetric cryptographic procedures, it enables individual secure storage of private keys. A crypto chip can be used in different forms such as chip cards or in computer systems.
Crypto tools designate cryptographic information which is input to the cryptographic process for Encryption, authentication and electronic signatures. In most cases, these refer to secret information in possession of a person or a system, such as a password, a PIN or even the private key of an asymmetric key pair. It can also be the unique biometric features of a person, such as a fingerprint, voice or eye features. There are also publicly known key tools of persons or systems used, for example, for the verification of electronic signatures or authentication, such as the public key of an asymmetric key pair.
Cryptoboxes usually are used for general Encryption purposes for communication connections or line encryption. All electronic information sent over a communication link is encrypted on one side in a node by a cryptobox and decrypted on the other side in a node by another cryptobox. In general, the security of line encryption is based on strong symmetric cryptographic procedures. All electronic information is encrypted with the same symmetric key known only to the relevant cryptoboxes.
The original objective of cryptography is to disguise data for unauthorized third parties by applying Encryption methods, or the doctrine of secrecy of information. The Encryption is deemed to be stronger, the more theoretical or mathematical effort would be required to carry out the reconstruction of the data by an unauthorized person. Cryptography also includes methods of Authentication, electronic signature and Authenticity.
D
Directory service in this document refers to a hierarchical (tree shaped) database according to the ITU standard X.500, in which information can be retrieved from a suitable system. This can be used, for example, in address, email and certificate directories, in which the desired information can be searched for according to different criteria. The database can also be distributed over several servers.
In My ELSTER registration can be performed with the new Identity card (nPA) or with the electronic Residence permit (eAT). By means of the "document type" attribute, the two different types of identification are technically distinguishable. The document type is "ID" for the nPA and "AR", "AS" or "AF" for the eAT.
E
Electronic identity is a name understandable for the system to which a person or another system can be assigned. Often this name is referred to as user ID or account. An electronic identity is assigned rights on a system that limits the use of the system. This should ensure that the user is really the legitimate user of the corresponding identity. This is done by means of a secure Authentication process.
Electronic misuse refers to unauthorized access to systems, including unauthorized use of systems for own purposes. It should be noted that unauthorized access to the computer of any person is punishable in Germany. Laws on computer misuse are not uniformly regulated in the EU.
An electronic signature is a technical process. With the electronic signature, the author of data can be determined. It can be used electronically for a declaration of intent or for Authentication. For generating and checking electronic signatures, asymmetric cryptographic procedures can be used.
At Elster, the electronic signature is exclusively for Authentication(authentication signature).
Designates software or a file of the Tax office, which contains predefined functions for the technical access of a computer to My ELSTER for integration into other computer software.
Signature generation components (for example, signature cards) and certification service providers (for example Trust centre), which are to be used in connection with the electronic tax return in My ELSTER and other related services, must have a certain minimum standard in terms of security and comply with some technical requirements. The minimum-security standard and the technical requirements are described in the Tax office ELSTER policy.
The ELSTER SSL certificate is issued from an internationally recognized Trust centre(for example, Verisign, Symantec Corporation, Thawte or TC-Trust centre) and serves to authenticate the identity of My ELSTER to a computer or a user. The Certificate has a unique feature. This is its electronic SHA1 fingerprint, which reads: 52 EA E1 6F 40 64 38 B7 FF 02 91 C1 7D 36 82 DD 9B 41 7A 90. Should a Certificate have a different fingerprint, it is not the ELSTER SSL certificate.
Encryption is the transformation of data for their secure storage or transmission. For this purpose, the content of a document, a file or an email is made illegible for unauthorized third parties using a cryptographic key. Only the correct recipient can read the data again with the help of an appropriate (decryption) key. There are different encryption methods such as symmetric, asymmetric and hybrid encryption.
H
Hackers are people who invade networks, databases or hard drives of other users to steal information or to have access to personal data. They mostly enter systems without the knowledge of the victim to obtain access to key data, bank account numbers or credit card numbers.
The term Hardware Security Module (HSM) refers to an (internal or external) peripheral device for the efficient and secure execution of cryptographic operations. In this way it ensures the reliability and integrity of data and related information in business-critical IT systems. To ensure reliability, the cryptographic keys used must be protected by software as well as against physical attacks or side channel attacks.
Hijacking refers to the unauthorized taking over of a communication link between a computer and a server. For an attacker to take over a communication connection, he or she records all the data of an external online session. Using the collected data, the attacker may receive enough information to synchronize his or her computer with the server in question. The server does not notice that it is connected to another computer, different from the known computer that has established the communication link. Hijacking can make it possible to take over authenticated communication links if the communication link is not sufficiently secured.
An HTML page is an internet page developed or written using the Hyper Text Markup Language. Traditionally, HMTL is used to compose internet pages.
HTTPS is the security variant of the internet protocol HTTP (Hyper Text Transfer Protocol) for transmitting information over the internet. It integrates the security protocol TLS which offers Encryption and Authentication mechanisms for communication connection over the internet.
This represents a cryptographic technique that combines symmetric and asymmetric procedures. In most cases, symmetrical procedures are used as encryption mechanisms and the asymmetric procedures are used as key exchange methods (Encryption of the symmetric key with the public key of the recipient).
I
Your personal identification number can be found in the header area of each letter from your Tax office.
Falls Sie Ihre persönliche Identifikationsnummer noch nicht erhalten haben oder sie verlegt haben, können Sie diese beim Bundeszentralamt für Steuern anfordern.
Integrity is a security objective in the field of information security, which states that data should be complete and unchanged over a period of time. A change could occur intentionally, unintentionally or due to a technical error. Integrity therefore includes data security (protection against loss) and protection against forgery (protection against deliberate change).
The integrity of data is guaranteed if the data originates from the specified sender and has been transferred completely and unchanged to the recipient.
Evaluation according to ITSec involves the testing and evaluation of the security properties of an information technology product according to defined safety criteria, guided by an evaluation manual. It goes far beyond simple compliance testing between a user manual and actual product behaviour.
J
A Java applet is an application written in the Java programming language that can be executed within an internet browser. It offers the possibility of computer-side processing of active web content in an internet based computer/server environment. The Java applet is automatically loaded as required by the server in the internet browser of the computer. Since July 2017, Java applets have no longer been used in My ELSTER.
M
Malware is any type of malicious software such as computer viruses, trojans, worms, etc. It contains functions that are not recognizable to the user, with which, for example, data can be deleted, changed or copied. In addition, data such as passwords can be uncovered.
Masquerading is the term used when a person or system assumes a false identity in electronic communications or is not the identity that it impersonates by electronic means. For example, by taking advantage of similarity of names or covert electronic redirections, without proper security measures, an external server could log into the internet site of a trusted server on a computer that the user has visited. This could allow the external server, for example, to spy on a password during the login attempt of the user or to accept files that are not intended for it, or present data that does not come from the original server.
One way of assessing the strength of cryptographic Encryption and signature procedures is to measure the length in bits of the cryptographic keys that can be used within the procedures. The higher the number of bits of the keys used, the stronger the cryptographic procedure is deemed to be. The minimum key length denotes the minimum number of bits to be used for a cryptographic key so that the corresponding procedure can still be regarded as strong.
P
A personal firewall is security software for a personal computer in order to strengthen the protection against the access of unauthorized persons from the internet. It is intended to protect the computer from outside attacks and also to prevent certain programs, such as Computer viruses, from making contact from the computer to the internet. It checks all connections to other networks and checks both the requests to the internet and the data coming into the computer.
Phishing is a deliberate attack by a Hacker for the purpose of obtaining personal information such as the credit card numbers, passwords or PIN numbers of the victim. For example, the victim receives a legitimate looking email or web page from a seemingly well-known sender, such as an authority, bank or credit institution. Therein, the victim is asked to visit an internet site and to enter the secret, personal information there, due to a necessary reconciliation or review or the like. Since this internet site is fake, the Hacker gets access to the personal information and can use this for own interests.
Phishing is a phrase made up from "password" and "fishing".
Defacto standard of the company RSA Security, which defines the format for the storage and transport of asymmetric key pairs, corresponding Certificates and other electronic key tools.
A security infrastructure that enables encrypted data to be exchanged or signatures generated in non-secure networks (for example, the internet) based on a key pair issued by a trusted authority (asymmetric encryption). Further information on asymmetric encryption or signatures can be found on the website of the Federal office for information technology security (BSI).
Plausibility refers to the syntactic and semantic or the formal and content correctness of electronic information. As part of the ElsterOnline portal, for example, only plausible information is forwarded from the portal to the state authorities.
This is the cryptographic key used in asymmetric procedures, which only the owner may have access to. The private key is used to generate electronic signatures (authentication signatures) and to decrypt data.
PSE stands for Personal Security Environment. This is a personal, electronic secure area that contains security related data, such as a Private key. A PSE can usually be found on a chip card, but can also be present as an encrypted file. The PSE is secured by a password, a PIN or by biometric methods (for example a fingerprint).
The pseudonym, also called derived identification number, serves to identify the card holder without the need to transfer personal data via the internet. The new identity card (nPA) includes a Pseudonym function. For each service provider (e.g.: ElsterOnline), the identity card generates its own pseudonym so that the same person cannot be recognized by two different service providers with the same pseudonym (also known as "restricted recognition").
This is the cryptographic key used in asymmetric procedures, which is made publicly available by the owner or the issuing trust centre, for example via a Directory service but also by diskette, internet download or by email. With the help of a corresponding electronically signed Certificate issued by a Trust centre, the public key is officially certified or assigned to an identified person or a system as belonging to it without any doubt. The public key is used to verify electronic signatures of the owner or the Encryption of electronic information that only the owner can decrypt with its associated private key.
Q
Qualified signature cards allow the holder to have an Electronic signature which is legally compliant in accordance with the German Signature law and has the same commitment as a manual signature. A pair of the key pairs included in the qualified signature card are uniquely assigned to an owner by means of a Trust centre accredited by the Post and Telecommunications Regulatory Authority and are processed by products for qualified signature.
R
Named after its developer Ronald L. Rivest, internationally recognized method for symmetric Encryption, in which keys of different lengths can be used. RC4 is basically a pseudo-random generator. The process was developed in 1987 by Rivest for the company RSA Security.
The RSA algorithm is an asymmetric, cryptographic method suitable for electronic signature, authentication, and key exchange of symmetric keys through asymmetric Encryption. It was developed by Rivest, Shamir and Adleman in 1977. The security of this algorithm is based in principle on the difficulty of factoring large numbers.
S
The security check of a system can be performed formally or technically. The configuration of the system for security uncertainties is always checked, resulting in recommendations for configuring the computer. For more information about internet security, refer to the page of Deutschland sicher im Netz e. V.. There are software products or scanners that check the security configuration of a computer. There are products that need to be run directly on the computer and products that check the configuration of the computer over a secure internet connection.
Secure Socket Layer (SSL) is a protocol for secure data exchange between computer and server over the internet. Computers and servers can mutually authenticate with the help of asymmetric cryptographic procedures and encrypt the data during data exchange. This protocol was developed by Netscape.
The purpose of the signature law is to provide the framework conditions for Electronic signatures in order to increase the legal security for example for business transactions over the internet. This law defines the following three types of electronic signatures: Simple Electronic signatures, advanced Electronic signatures and qualified Electronic signatures. The Regulatory Authority for Telecommunications and Postal Services monitors and checks compliance with the provisions relating to the Signature Act (Federal network agency).
In symmetric procedures, the same secret key is used for the Encryption and decryption of data. If the encrypted file is to be passed on, the secret key must be communicated to the recipient by means of a secure transmission path. As there is no really safe method apart from a private conversation, this becomes a problem. Asymmetrical methods solve the problem of key exchange.
T
TESTA (Trans-European Services for Telematics between Administrations) is an overlay network of European administrations. The primary objective of TESTA is to provide European institutions, agencies and administrations with a comprehensive, well-structured service based on recognized market standards, enabling easy and reliable data exchange and ensuring optimum interoperability. Part of this large project is TESTA Germany, the cooperation of the federal and state governments in the context of a merger of the individual provincial networks and the direct connection of individual federal authorities and the information network Berlin-Bonn (IVBB). The TESTA network thus forms the backbone of a "Corporate network administration" for international communication.
Transport Layer Security (TLS) is a protocol for secure data exchange between computers and servers over the internet. Computers and servers can mutually authenticate with the help of asymmetric cryptographic procedures and encrypt the data during data exchange.
A seemingly useful file or software that does not have the expected content. As a result, it is possible for the file or software to install functions not provided on a computer without being noticed. By means of such a process, passwords and other confidential data can be obtained, changed, deleted or sent to unauthorized persons with the next data transfer. This "data theft" usually goes unnoticed without dedicated security mechanisms.
A trust centre is an independent, trusted authority responsible for issuing and managing electronic Certificates. The trust centre digitally signs the certificates issued by it and thus guarantees the authenticity of the data on the certificate. As all participants rely on the trust centre for asymmetric procedures, they can therefore also rely on the validity of the Certificates issued and also the public keys of other participants.
U
In My ELSTER the user name is an Electronic identity of a user account. A freely selectable string (maximum 8 characters) can be used in a user name. It serves to differentiate several personal access options in My ELSTER in the case of a user registering several times. As it is not certain at the time of the first registration whether further personal access options will be desired by the user later on, a user name must be assigned with each registration.
V
A virus scanner is a software that protects a computer (computer, server, ...) to a certain extent from Computer viruses by regularly or permanently checking files. To ensure optimum protection, a virus scanner must be kept up to date by frequently and regularly updating the virus definition files included.