www.bundesdruckerei.de

COMPANY BROCHURE 2014 Contents

EDITORIAL Protection against attacks 3

Bundesdruckerei in figures 4 The Bundesdruckerei Group 5

I. FULL ID | GOVERNANCE Defence shield for companies How companies protect their data and communications and how processes can be implemented effciently 6

II. FULL ID | CITIZEN Who is it really? Identity protection: How ID documents prove identity beyond a trace of doubt and how border controls are becoming more effective and secure 24

III. FULL ID | OB JECTS Security as a brand Security makes all the difference: How highly complex security features protect against forgery and misuse 34

IV. BUNDESDRUCKEREI GMBH Be part of the future Bundesdruckerei – a popular employer in the region and an innovator for the academic sector 40

References & publishing details 48 3

Protection against attacks

What we are seeing today is the global networking of goods and services. Industry 4.0 is the topic of the day. The networked factory where machines and workpieces permanently exchange information is now reality. Many industrial companies are working with networked production sites.

However, when we produce in networks, when data is exchanged across borders together with freight and goods, when work takes place in mobile environments, we also have to ask how these processes can be made secure and how the related data fows can be suffciently protected. Furthermore, we must be able to rely on the identity of the people, objects and processes involved, i.e. we must be able to trust them. In a nutshell, what we need is authentic, secure and binding communication.

We still have work to do here. Industry association Bitkom has warned against digital carelessness. Digitised production processes not only offer huge oppor tunities, they also pose enormous risks. The increase in the number of cyber attacks is a threat to competitiveness and to the intellectual property of successful companies. The damage caused by data and identity theft is worth billions. And as easy as it is today to do business around globe, the new risks arising are often casually accepted.

We at Bundesdruckerei believe that it is a task for society as a whole to protect digital infrastructures, processes and data, as well as digital identities. As a leading high-security company, we have assumed responsibility for Germany. With our expertise in identity management and our innovative strength, we see ourselves as a technology partner for private companies and public authorities who need to secure their digital infrastructures and production workfows. With our Full ID | Governance, we not only supply technological solutions, but complete, holistic IT security strategies based on secure digital identities. After all, we ourselves are a medium-sized production company and all too aware of the need for security at companies like ours. In other words, we know what we’re talking about when it comes to digitisation.

Ulrich Hamann CEO Bundesdruckerei GmbH 4 5

The Bundesdruckerei Group Bundesdruckerei in figures

Subsidiaries Shareholdings

D-TRUST GmbH Shanghai Mite Speciality & Certifed trust service provider Precision Printing Co. Ltd. 2014 2013 2012 – Electronic signatures – ID documents for China – PKI products and services Sales 453.4 398.6 453.7 – eID service provider of which ID 391.5 333.9 391.6 Emirates German of which banknotes / other 61.9 64.7 62.1 Security Printing LLC Personnel expenses 117.8 113.3 108.7 Maurer Electronics GmbH – ID and security solutions Investment in tangible assets, software, licenses 30.8 32.4 58.0 Secure ID development centre – UAE and the Middle East – ID systems Depreciation on tangible assets, software, licenses 24.0 25.4 27.8 – Personalisation systems Earnings before interest, taxes, depreciation and 96.3 99.5 124.2 amortization DERMALOG Identifcation in € million Systems GmbH iNCO Spółka z o.o. – Automated fngerprint – Data capture and production of identifcation systems (AFIS) 2014 2013 2012 electronic publications – Scanning services Balance sheet total 840.1 824.9 808.1 cv cryptovision GmbH – Innovative cryptography Fixed assets 569.5 593.4 609.8 – Public key infrastructure (PKI) Current assets 263.9 225.5 192.2

of which liquid funds 157.4 111.9 101.6

Equity 443.7 440.4 413.1 Veridos * in € million – International ID solutions for governments * Veridos was launched on 1 January 2015. 6 7

I. FULL ID | GOVERNANCE Defence shield for companies

Cyber attacks have now become a mass phenomenon. Especially companies and operating facilities are the target of digital attacks. And yet we often see a digital carelessness when it comes to security for corporate electronic data, digital processes, online communications and IT infrastructures. But with a just a little effort, a large part of these attacks could be prevented. 8 FULL ID | GOVERNANCE DEFENCE SHIELD FOR COMPANIES 9

Damage to the German economy caused by cyber attacks each year:

n terms of economic output, Germany is the country that suffers the greatest damage caused by cybercrime. This was the fnding of the US Center for Strategic and International Studies (CSIS). VDI, the Association of German IEngineers, estimates the losses suffered by German companies every year due to industrial espionage and cyber attacks alone to be in the region of €100 billion. Industry association eco assumes that the threat for German companies will continue to grow in the years to come. That’s why it is vital, also increasingly with a view to competition, to protect critical business infrastructures, digital processes and the related data fows against unauthorised access.

Germany rightly claims to be a country of thinkers and inventors. It is German engineering and innovations from medium-sized companies that are held in high esteem the world over, but which also whet criminal appetites. According to a survey by Forsa Institute from 2013, 77 percent of medium-sized industrial companies consider their intellectual property to be at risk. It appears to be possible for hackers to gain access at any time to corporate networks and most attacks are not noticed until it is too late. According to KPMG Consulting, 48 percent of German companies have already fallen victim to data theft. 50 billion euro This is what motivated Bundesdruckerei to develop a holistic range of solutions for companies and institutions under the name “Full ID | Governance” that bundles consulting services and technical systems to provide effcient protection of digital business workfows against attacks from both outside and within. 10 FULL ID | GOVERNANCE DEFENCE SHIELD FOR COMPANIES 11

The entire concept centres around using secure identities as keys to infrastructures, digital processes as well as electronic communications and data – from issuing The ten most frequent visitor badges at the reception desk right through to frewalls and handling of (and hence least secure) electronic invoices.

passwords world-wide GoID – The employee ID card for tomorrow

Secure ID for all applications In order to enter a company, there is usually a “key”, i.e. the employee ID card. It opens doors and cabinets. It can also often be used to log into the protected network. But this also means whoever has possession of the card, also has 1. 123456 access, even if this person is not an employee. And that’s where the risk lies. Bundesdruckerei has now developed a card that enables one particular thing: 2. 123456789 the unambiguous, personal identifcation of an employee.

GoID is the name of this employee card for tomorrow, a card that can only be 3. 12345678 used by the authorised holder. Since the card can only be activated with the right fngerprint, theft or intentionally passing the card on to another person is now 4. password no longer a problem. The biometric data needed for this is stored directly on the card. This data is captured here only, safely stored and, when used, compared with the user’s fngerprint. Verifcation of the biometric data is carried out on and 5. qwerty with the card itself. All the holder of the card has to do is to place their fnger on the integrated sensor for doubt-free identifcation. This is referred to as “verifcation 6. adobe123 on document” and offers high data protection and security.

The identity vault for your wallet 7. 1234567 What may appear to be small and insignifcant is in fact the result of several years of research. The challenge was to pack complex technology into the tiniest of space. 8. 111111 GoID is shaped like a credit card and with its 2.5 mm is only slightly thicker. That’s because room was needed to ft everything onto the card: in addition to a fnger- print sensor and a chip where the biometric data is safely stored, GoID comes with 9. 12345 an integrated display for status messages. How to power the card was the next challenge. The solution: GoID runs without batteries. The power needed is taken 10. 1234567890 from the electromagnetic feld that is generated by the reading device antenna.

The card is a “universal genius”, offering the perfect balance between security and user-friendliness for every application. For instance, when entering the employee car park with its low security level, all the employee has to do is place the card on the barrier. However, access to sensitive areas, such as a server room, can be linked 12 FULL ID | GOVERNANCE DEFENCE SHIELD FOR COMPANIES 13

Six hacker attacks that 2. During the News of the World made history eavesdropping scandal, 12,800 people had their phones hacked, including thousands of celebrities and politicians. The journalists had hacked into the victims’ voicemail messages.

3. In 2012, hacker group Antisec stole from the FBI and then published a total of 12 million ID codes containing personal details of their owners. 1. Gary McKinnon, a computer hacker with Asperger’s syndrome, was obsessed 4. Stuxnet has been causing trouble with the idea of searching the Pentagon since 2010. The Stuxnet IT worm has, for for plans that would prove that the US instance, been identified in Iran’s uranium government is working on UFO technology. enrichment plant. The worm went In 2002, he hacked into the computers undetected and was able to manipulate of the US Department of Defence and the SCADA (supervisory control and although he found nothing, he did cause data acquisition) control of the uranium damage costing $700,000. centrifuges and may have destroyed 14 FULL ID | GOVERNANCE DEFENCE SHIELD FOR COMPANIES 15 thousands of high-tech machines by the biggest theft of data up to then in the slightly altering the speed of rotation. history of the USA. It was also later said to have penetrated the IT architecture of a Russian nuclear 6. In an attack against the network of power station. Nobody knows where Sony Pictures Entertainment at the end Stuxnet originated, however, the of November 2014, hackers gained access US or Israel are rumoured to be the to data in the order of 100 terabytes: “manufacturer”. passwords, e-mails and account data. S ecurity experts believed that North 5. In 2009, cyber criminals using spy K orea was behind this attack because software stole the credit card data of the regime there is said to have been 134 million customers of the US company displeased by the film “The Interview”. Heartland Payment Systems. This was 16 FULL ID | GOVERNANCE DEFENCE SHIELD FOR COMPANIES 17

to proof of identity using the fngerprint sensor, depending on the required level of security. The goal is clear-cut: achieving the right degree of security as effciently as possible. In other words, as secure as necessary, as simple as possible! Number of new It goes without saying that the card is also a reliable tool when it comes to viruses, trojans secure and effcient management of log-in processes, data and e-mail encryption, electronic signatures, as well as release and payment processes. and worms

Securing mobile communications threatening

One mobile phone and that’s secure computers on the Communications are becoming more mobile and many employees now use their smart phones to access company data while on the move. Although this boosts net every day: effciency, it also poses risks. With trust-me, Bundesdruckerei has created a security technology for Android smart phones and tablets that secures mobile phones that are used for both private and work purposes. Using trust-me, several separate areas can be set up on one device, for instance, a “work” area and a “private” area. By entering a PIN, the user can switch from one area to the other. This means that private apps have no access to confdential company data while the user can of course communicate and work in the corporate network.

The consultants – with 250 years of experience Bundesdruckerei’s strength is down to its roots in high security that have existed for hundreds of years. Over the course of its history that dates far back into the 18th century, the company has produced offcial documents, such as passports and ID documents, as well as other printed products for the government. Since then, the company has been a guarantee for security, whether in the form of protection for products against forgery and manipulation or as protection for highly sensitive personal data. Over the years, Bundesdruckerei has earned its reputation as a trusted partner for holistic security architectures. Bundesdruckerei has set up its own Consulting unit around this holistic approach that combines information, 350 infrastructure, product and process security. Bundesdruckerei’s consulting team thousand is made up of highly reputed security experts who have the experience and knowledge to advise medium-sized companies when it comes to security checks, IT security, demand analyses and strategic solutions.

It is these medium-sized companies with their innovative products who are frequently the target of cyber attacks. That’s because they themselves rarely have the know-how and resources needed to take care of their security. At the same 18 FULL ID | GOVERNANCE DEFENCE SHIELD FOR COMPANIES 19

time, digitisation offers them enormous opportunities which they want to and have to use. A small company today, for instance, can operate and provide services The top 10 world-wide. The lack of security combined with global exchange poses a risk to the company’s competence and intellectual property, i.e. its key assets. Medium-sized unsolved encryptions* companies especially are threatened by the copying of products and innovations. Not least of all, potential customers should be able to trust in secure business handling and not become victim to illegal access.

1. The Voynich manuscript Consultants for critical infrastructures Companies are increasingly required to meet with IT security specifcations and 2. The mystery of the Somerton man standards. The regulator has turned its focus to critical infrastructures. In June 2015, the German Bundestag adopted the so-called IT Security Act: Operators of 3. The Anthon Transcript critical infrastructures in the felds of energy, IT and telecommunications, transport, health, water, food and fnance will be required in future to adhere to a minimum 4. The IRA code IT security standard and signifcant IT security incidents will have to be reported to the Federal Offce for Information Security (BSI). This is challenging, not just in 5. The Double Transposition Challenge terms of the time needed, and many medium-sized companies simply do not have 6. Cryptograms from the crypt the personnel needed for this. Up to 10,000 companies in Germany are now facing this task. And that’s where 7. The murder of Ricky McCormick Bundesdruckerei Consulting comes into play. The team has already proven its worth as consultants for critical infrastructures, for instance, in the energy sector 8. The Ohio ticket office thief and with fnancial services providers. Apart from helping to implement existing 9. The Zendian problem laws and standards, it is also about being able to foresee future developments. In this context, Bundesdruckerei sees itself as a partner with an offer from companies 10. Van Gelder cryptogram for companies. The consulting experts can offer solutions to meet different security budgets and for companies of all sizes. In addition to so-called security awareness training, which focuses on analysing the current situation at companies and public authorities, i.e. Where do risks exist? Where is data theft likely to happen?, frst solution proposals are drawn up to secure and protect against cyber ??? attacks. Apart from training, Bundesdruckerei also offers security checks. In this case, the company’s security needs are frst identifed together with the customer. An examination is subsequently carried out to determine what is possible on a technical and organisational level in order to set up an information security management system – all based on national and international standards.

Experts with practical experience What’s special about Consulting is that Bundesdruckerei has not only been a technology leader in high security for 250 years and a trusted partner for companies * explained on page 23 and governments, it uses its own security technologies to protect its own corporate 20 FULL ID | GOVERNANCE DEFENCE SHIELD FOR COMPANIES 21

The five latest corporate solutions from Bundesdruckerei

1. Secure digital identities Made in Germany: 3. GoID – The employee ID card for tomorrow. A smart Certificates from Bundesdruckerei’s accredited trust card with an integrated fingerprint sensor and display service provider mean unambiguous, secure identities. that needs no batteries. It protects the holder’s digital They provide reliable keys for digital signatures, identity against theft and misuse and grants the holder secure server commu nications, in electronic business only secure access to buildings and IT systems. transactions, as well as access to VPN networks and servers. Via standardised interfaces and user-friendly 4. Data exchange in a legally recognised and confidential GUI, companies and public authorities themselves can manner. Bundesdruckerei offers solutions for the electronic request and manage certificates in realtime. exchange of data and business transactions within and outside organisations. State-of-the-art encryption 2. One-stop security consultancy: In order to secure methods and digital signatures protect electronic a company’s assets and its reputation, workflows must invoices, documents and electronic transactions. be protected throughout and security gaps (both physical and digital) must be identified. This is where possible 5. Secure e-mail encryption: Bundesdruckerei offers simple threats and risks are analysed in order to identify the end-to-end encryption for e-mails which, as a plug-in, specific need for security and protection. Bundesdruckerei warrants a high degree of user-friendliness in conventional also helps with the introduction of suitable workflows e-mail programs. The keys can be managed either by the and is at hand with advice and support during customer or by Bundesdruckerei’s accredited trust service implementation. provider. The encryption certificates are 100 % Made in Germany and are issued by Bundesdruckerei’s trust service provider. 22 FULL ID | GOVERNANCE DEFENCE SHIELD FOR COMPANIES 23

processes. This means that the consulting experts have practical experience. They are familiar with the products and solutions from their everyday work and not just in theory. A company that secures sensitive data for offcial documents like ID cards or passports and develops border-control and verifcation solutions is synonymous of security. The top 10 unsolved encryptions in detail But this is not just about digital security, it is also about the seemingly everyday threats that exist within a company. In other words, it’s about: “Who has access to production halls, how are server rooms secured?” It is often the allegedly small matters that allow data thieves to access sensitive areas. In any case, the Consulting 1. The Voynich manuscript 6. Cryptograms from the crypt team looks for individual solutions, providing their customers with a decisive The around 500-year old Voynich manuscript In 1948, British parapsychologist Robert Thouless continues to be a mystery today. For decades now, wanted to prove that there was life after death. advantage over competitors, i.e. more time for their core business, more time for experts have been asking themselves whether the He encrypted a message and announced that after his product developments and innovations. book is a text in an unknown language or a mysterious death he would send the solution from beyond the encrypted ciphertext. grave. Up to now, it has not been possible to decipher the message – Mr Thouless has not been heard from. 2. The mystery of the Somerton man A man found dead in very expensive clothes in 1948 in 7. The murder of Ricky McCormick Australia who has remained unidentifed up to now. In 1999, the police found two encrypted messages in An encrypted message found by police in the dead the pockets of murder victim Ricky McCormick. Up to man’s pocket could help to solve the mystery. However, today, it has not been possible to decipher the mes- nobody has been able to decipher the text. sages, even the renowned FBI cryptology department with its clearance rate of 99 % failed to break the code. 3. The Anthon Transcript For Mormons, the Book of Mormon is Holy Scripture 8. The Ohio ticket office thief that is equivalent to the Bible. The original Mormon Following a robbery of an Ohio ticket offce in 1916, text, however, has been lost. This transcript of a short a local newspaper published a cryptogram that had section remains intact. Unfortunately, nobody is able to been sent in by an unknown person. Up to now, it has read it because it is written using unknown characters. not been possible to decipher this cryptogram which many believe could shed light on the robbery. 4. The IRA code In 2001, two historians discovered several encrypted 9. The Zendian problem texts from the Irish liberation organisation IRA. These Young NSA employees were given the cryptograms appeared to be messages to and from IRA activists who of the fctitious island nation of Zendia to work with. were active in the UK. It has not been possible up to Their task in this exercise was to cryptographically now to decipher all of the texts. manage an “invasion” of Zendia. Up to today, it is still not possible to decipher all of the 375 messages that 5. The Double Transposition Challenge were “intercepted” at the time. The double transposition cipher is an encryption method that can be carried out using just a pen and 10. Van Gelder cryptogram paper. This kind of encryption was very important On 9 February 1809, the Dutch Ambassador to Turkey, during the Cold War even though computers already Dedem van Gelder, wrote an encrypted letter. The existed at that time. so-called Van Gelder cryptogram comprises around 1,500 one to four-digit numbers. Status to date: unsolved. 24 25

II. FULL ID | CITIZEN Who is it really?

The number of people who travel is rising. Last year, 3.2 billion passengers travelled by air around the world. The International Civil Aviation Organization (ICAO) expects to see annual passenger numbers even double by 2030 to 6.4 billion. More people travelling means greater demands on security. With its EasyPASS system, Bundes druckerei GmbH and its partners have created a new and faster form of border control. 26 FULL ID | CITIZEN WHO IS IT REALLY? 27

Germany’s business sector in flux – how IT and telecommunications have increased their share in gross domestic product: olidays, short trips or traditional business trips – air travel is increasing continuously. Traffc experts expect that in just a few years more than four billion people will board a plane each year. According to fgures by Hthe Federal Statistical Offce, a total of 186.4 million airline passengers 1. 2004: 6.8 percent took off or landed at German airports in 2014. That’s 3.1 percent more than in the previous year and the trend continues to rise. The reason for this development is 2. 2010: 8.3 percent not just falling prices for fights, but also the wide range of airlines in operation. The Gulf-state airlines especially are on a course of expansion. Travelling by plane 3. 2015: 11.8 percent has long since become an everyday event, and continues to be the fastest form of transport, but unfortunately it is not always the most comfortable form. (forecast)

In an effort to make border control at airports faster in the future, Bundesdruckerei joined forces with government authorities and secunet Security Networks to develop the EasyPASS system. As the name already suggests, this system is one thing and that’s easy to use. It makes life easier for control offcers and passengers can pass through controls faster. Germany’s fve major airports now use the Easy- PASS system which has been working smoothly since it was installed. That’s because EasyPASS offers fully automated control with an improved security level.

A live image for checking The core of this new type of border control is a gate which passengers pass through. The passenger places their electronic passport on the reader at the entrance to the gate. The data and information are checked here. If the passport is accepted and no 28 FULL ID | CITIZEN WHO IS IT REALLY? 29

irregularities are detected, the frst doors open and in the short distance through the gate, a camera is directed to the passenger’s face and takes a live picture of the Number of passengers passenger. This live image is compared with the image stored on the chip of the electronic passport as well as with wanted lists. If the system does not detect any world-wide who irregularities, the gate exit opens and the border control is complete. This entire process normally takes no more than 18 seconds.

will travel by plane It should be noted that the data captured during the control process is not stored. And the system can in no way replace the trained eye of the border control offcer. in 2020: The offcers are also present with EasyPASS; they monitor the gate and can, for instance, be connected with a tablet PC to a control centre on the airport premises. This central background system enables optional comprehensive monitoring and control of eGates and control stations. Border control offcers can intervene at any time and, despite ever-more demanding checking procedures, they can focus on their key tasks. With EasyPASS, the Federal Police now have one of the most advanced and secure border control systems in Europe. Around 100 EasyPass gates are already in use at Germany’s busiest airports. Over the course of 2015, this fgure is set to rise to 140 eGates at six airports in Germany. In the summer months of 2015, around 1 million people will use this system every month.

Accelerating control With this new technology, airports can respond to rising passenger numbers by accelerating passenger fows while maintaining a high level of security. But no passenger is forced to use the eGates. Passengers who do not wish to or are unable to use the system can go to the border control offcers present. But these passengers also beneft from shorter waiting times. Experience up to now at the frst EasyPASS airports showed that control procedures generally took much less time.

EasyPASS on trains too EasyPASS is part of Full ID | Citizen, a term that refers to all products and services which Bundesdruckerei provides for nations and governments. These include highly complex national ID documents, such as ID cards or ePassports, as well as technologies to verify government documents and for effective management of 3.7 border control processes. Bundesdruckerei also advises its customers when it comes billion to setting up suitable scenarios and selecting the appropriate hardware and software, also in an effort to ensure fexibility. That’s because new border control requirements can be integrated at any time into the EasyPASS system. The technologies developed with EasyPASS allow border control in mobile scenarios. In the future, border control offcers could use a tablet PC to check identity documents of passengers on board trains and ships. 30 FULL ID | CITIZEN WHO IS IT REALLY? 31

The answer to the question: who is in front of you?

Theft with forged documents The six airports “Who is really in front of me?” This is a question that is also being asked more and more by employees at private companies. That’s because forged identity documents where E asyPASS is are becoming a greater threat with the risk of both economic and legal damage. In 2013, the crime statistics for Germany reported a total of 65,000 document forgeries with an average loss of up to €50,000. And it is not just the person using a customary sight the forged ID document who can be prosecuted, anyone who fails to correctly verify documents is in fact committing a crime because such a violation of identity verifcation obligations can lead to economic loss. This applies particularly in the retail sector and for services companies: whether a stolen rented car, a mobile phone contract that was unlawfully signed or a new car stolen during a test drive. In other words, car dealers not only have to suffer a fnancial loss when a car is stolen, they may also have to face legal action.

The aggrieved party is also at fault A series of legal provisions, such as the money laundering act, require that companies check the identities of individuals before signing contracts with them. But HAMBURG experience shows that many companies are not able to check whether or not an ID document is genuine, not least because they do not have the equipment to do so. We also have to remember that there are currently 110 different identity documents BERLIN-TEGEL in circulation in Europe. Without modern tools, it can be extremely diffcult to know what’s what. ID documents and passports with optical and electronic security features can be checked directly at the POS using special verifcation devices and DUSSELDORF systems. Bundesdruckerei offers an entire range of such systems which help staff COLOGNE / BONN to quickly and reliably see whether an ID document is genuine and the person in the passport photo is in fact the person who wants to rent a car, sign a mobile

phone contract or buy a car. FRANKFURT

Is the photo genuine or forged? With the help of verifcation software, staff can compare the facial image on the ID document and screen with the real person and quickly determine whether they match. The devices and systems are user-friendly and easy to use. Since MUNICH the verifcation software is automatically updated, it is always able to check all document requirements and security features. This puts an end to time-consuming staff training and security courses. 32 FULL ID | CITIZEN WHO IS IT REALLY? 33

Average time for automated border control with EasyPASS:

18seconds 34 35

50

50

50

III. FULL ID | OBJECTS Security as a brand

Money counterfeiting is on the rise. In Germany alone, around 63,000 forged euro banknotes were taken out of circulation in 2014, that’s 63 percent more than in 2013. On a global scale, the number of forged euro notes rose by a quarter to 838,000. This development poses a permanent challenge, especially to producers of new security features. 36 FULL ID | OBJECTS SECURITY AS A BRAND 37

The five most important innovations by Bundesdruckerei

1. Full ID | Governance solution kit offering technologies, services and know-how to support customers implementing processes in order to protect data, knowledge and technologies

2. T rusted service platform for self-management of a digital identity ou can feel it. There’s a raised section that you can run your fnger across, often telling you whether or not a banknote is forged. Euro banknotes have tactile properties, this means that you can feel these 3. ID document with an integrated fingerprint sensor Yproperties when you touch them. But that’s not all, you can also see for user-friendly verification on document and security features. They become visible when you hold the banknote up to the light: informational self-determination the watermark, the security thread and the incomplete number. But this number is only incomplete at frst glance. Parts of the denomination (e.g. 20 euro) are printed in the upper left section on the front and parts in the upper right section 4. EasyPASS, the efficient border control solution on the back of the banknote, so that when you look closer they form the whole with state-of-the-art control gates (eGates) denomination, something that can be easily detected.

“Forgeries have not gotten better” 5. D-TRUST SSL certificates for secure transmission Anyone who can touch and look at a banknote, can also tilt it. If you tilt a euro of payment data, personal information or passwords banknote slightly forwards, different motifs appear in the integrated holograms, depending on the angle of vision. The 5 and 10 euro banknotes also have a shiny strip. Touching, looking and tilting make it possible to quickly discover whether a banknote is genuine or forged. According to Deutsche Bundesbank, the damage caused by forged money in Germany rose from €2.1m in 2013 to €3.3m in 2014, especially with “forged ffties”. A good 29,000 forged ffty-euro banknotes 10010110010111010001101001011001010001110110000111001011001011101000110100101100101000111011000011100101100101110100011010010110010010110010111010001101001011001010001110 11000011 were confscated; almost twice as many as in the previous year. But Deutsche Bundesbank has some good news too: “Forgeries have not gotten better,” they reported in January 2015. 38 FULL ID | OBJECTS SECURITY AS A BRAND 39

Security even back in the days of the Kaiser Bundesdruckerei is considered to be one of the leading developers and producers Feeling, seeing, tilting – of security features for banknotes. The increase in forged banknotes has posed a huge challenge for security printing. Printing money has always been an important the most important feld of business for Bundesdruckerei. Back in the 19th century, the Royal Prussian State Printing Offce was responsible for printing banknotes, securities and postage stamps. As early as 1883, the company produced a 100-mark banknote for the security features of German Empire containing security features and delicate motifs. During the Weimar Republic’s period of infation, the printing company experienced a less a banknote laudable “record” in its history when people needed banknotes amounting to billions and trillions to buy bread and butter. At that time, people could sometimes be seen carrying money around in wheel barrows.

Feeling Microlettering and UV light 1. Banknote paper One thing is certain, however – security printing is still an important part 2. Tactile reliefs of Bundesdruckerei’s business. The new security features developed by the company itself are highly sought after. But it’s not just about producing features to prevent forgeries. Banknotes also have to be durable and robust. And when Seeing touching, looking and tilting aren’t enough, there are other security features 3. Security thread that can help to distinguish “good” from “bad”. Some sections of the banknote 4. Watermark feature tiny letters. This microlettering can be deciphered using a magnifying glass. The lettering is not blurred, but razor-sharp. And when looked at under 5. Number that appears UV light, it can be a real eye-opener: under this kind of light, the banknote paper complete against remains dull while the small fbres worked into the paper appear fuorescent. the light It is security feature innovations like this that make security printing a stable pillar of Bundesdruckerei’s business. Tilting 6. Optically variable ink 7. Hologram

Other security features 8. Fine guilloche lines 9. Inks fluorescent under UV light 10. Inks visible under IR light 11. Microlettering 40 41

IV. BUNDESDRUCKEREI GMBH Be part of the future

Innovative and exciting – working at Bundes druckerei offers enormous opportunities for development, making the company one of Berlin’s most popular employers. Collaboration with universities and scientifc institutes is also underway, setting new standards in high security. 42 BUNDESDRUCKEREI GMBH BE PART OF THE FUTURE 43

Share of women executives at top management level at Bundesdruckerei GmbH:

hen the Institute for Management and Economic Research (IMWFI) and the Berliner Morgenpost newspaper get together each year to fnd “Berlin’s Best Employer”, there is one company W that always leads the feld: Bundesdruckerei. In addition to being a high-security technology leader, the company is also a popular place to work in the Berlin-Brandenburg region. Bundesdruckerei is a top address for engineers, scientists and IT experts hoping to fnd a place at Kommandantenstraße 18 where innovations are developed for tomorrow’s world. And because all of this takes place in an attractive setting, the company received the bronze award for “Berlin’s Best Employer” in 2014 followed by the prestigious silver award in 2015. 33.3 Higher than average number of women in executive positions A good employer is one who offers a secure job, is fair in his dealings with staff and percent helps employees to develop their full potential. But a good job today means so much more: What about the balance between work and family? Is child care offered? Does the employer support staff when they take care of relatives? And what about help when there’s a personal crisis? Since all of these questions can be answered at Bundesdruckerei in a very positive manner, the “work and family” initiative launched by the Federal Ministry for Family Affairs, Senior Citizens, Women and Youth awarded the “audit berufundfamilie” certifcate to the company in 2014. This also took into account that Bundesdruckerei offers its staff not just fexible working hours and part-time schemes, but also individual training and management training programmes. When it comes to selecting executives, a focus is on diversity 44 BUNDESDRUCKEREI GMBH BE PART OF THE FUTURE 45

and equality, so that at the end of 2014, women accounted for 33.3 percent of executive staff at Bundesdruckerei, which is far above the average fgure for the rest of the country. The three most important Because it is diffcult today to strictly separate work and private life, employer prizes and Bundesdruckerei operates according to the maxim: “We must respect and value our employees”. We have to offer them more than just a salary and a place to work, we must offer them quality of life which includes health offers, such as the “health certificates awarded to initiative” featuring sports and ftness offers. If employees feel comfortable, if they feel that their employer takes them seriously and, even more important, Bundesdruckerei understands them, they will be committed and motivated in their work. These are the reasons why Bundesdruckerei is so popular as an employer. These are also the reasons why many young people begin their professional training at the company. Last year, we helped a total of 45 trainees to qualify, for instance, as mechatronics engineers and IT specialists. 1. “audit berufundfamilie” certificate (2014)

Collaboration in the future field of secure identity 2. Berlin’s Best Employer –

Digital identity as a study subject silver (2015) Digital identities are part and parcel of everyday life. We shop online, we pay “with our good name” – and we have to protect it because identities are 3. Fair Company (2014) permanently at risk. That’s why it is so important today to invest in R&D in security identities and to make young academics aware of this topic. After all, now is the time to research and develop future-orientated processes and technologies. This has motivated Bundesdruckerei to once again endow a visiting professorship in identity management for the 2014 / 2015 winter semester at Berlin’s Freie Universität, this time focusing on “digital identity”. The purpose of this visiting professorship, which has been taken on by Professor Marian Markgraf, is to nurture new ideas for one of the key technologies of the future. Back in 2009, Bundesdruckerei had already endowed a professorship for Secure Identity at Berlin’s Freie Universität which expired after the agreed fve-year term at the end of the 2013 / 2014 winter semester. This tradition is now to continue with a new focus.

The endowed professorship marks the determined continuation of Bundes druckerei’s traditional role as a partner to the scientifc community. In addition to the research conducted by the company’s own innovation department, which now boasts a highly competent innovation team, the company is working hard to establish networks with universities and research institutes, 46 BUNDESDRUCKEREI GMBH BE PART OF THE FUTURE 47

always pursuing an interdisciplinary approach. This means that fndings, for instance, from nanotechnology, biotechnology and neuroscience make their way The five most important into research and the development of new ID products and ID systems. scientific collaboration Cards and art Everything on one card – that was the starting point for the SeManTiK (“Secure and long-life eID applications for man / machine interaction”) research project projects by Bundesdruckerei launched by Bundesdruckerei and its partners Infneon Technologies AG and Fraunhofer Institute for Reliability and Microintegration (IZM). The focus of this project was to create the foundation for a smart card which serves not just as proof of identity, but can be used in many other ways, for instance, for access to 1. Germany’s first-ever chair for Secure Identity at Berlin’s a company’s premises or as ID when using local public transport. After two years Freie Universität of research, this project, which was backed by the Federal Ministry for Research and Technology, was successfully completed in 2014. The results of the project are now used in the standardisation of smart cards. 2. Establishment and expansion of a strong network in the Fraunhofer “Next Generation ID” cluster for Berlin- Another co-operation project was launched in 2014 with Universität der Künste Brandenburg (UdK) in Berlin. Bundesdruckerei is conducting research with the Design Research Lab headed by Prof. Dr. Gesche Joost into the user-friendliness of security technologies in the online world and their design and user guidance especially are 3. U ser and design-centric product development for identity to be optimised. The “security by design” approach is to be pursued here, so that management in co-operation with the Design Research security is already taken into account in the drawing board phase of the software Lab at Universität der Künste development process. To coincide with the beginning of co-operation, a citizens’ service portal with innovative identity management will be developed along with a service for secure digital storage of administrative documents. 4. C o-operation with the Hasso Plattner Institute for secure, Internet-based technologies (e.g. cloud solutions, big Since the end of 2014, Bundesdruckerei and the Hasso Plattner Institute in data, digitisation) Potsdam have been working together to develop technologies to protect cloud applications. Research is to be carried out here into secure services for cloud computing for the public administration and private companies. This identity 5. The “BeID” Lab, a research lab operated with Berlin’s management project also underpins Bundesdruckerei’s long-standing goal of Humboldt-Universität that focuses on electronic identities developing innovative security solutions for a networked society. 48

References

Page 9 Council on CyberSecurity Germany

Page 10 HPI (Hasso-Plattner-Institut, Potsdam) Identitätschecker, https://sec.hpi.uni-potsdam.de/leak-checker/search

Page 17 Bitkom

Page 18 http://scienceblogs.de/klausis-krypto-kolumne/2013/10/13/top-25-der-ungeloesten- verschluesselungen-platz-1-bis-25-im-schnelldurchlauf/

Page 23 1. The Voynich manuscript: https://de.wikipedia.org/wiki/Voynich-Manuskript 2. The mystery of the Somerton man: https://de.wikipedia.org/wiki/Somerton-Mann 3. The Anthon Transcript: https://de.wikipedia.org/wiki/Buch_Mormon 4. The IRA code: https://books.google.de/books?id=gaNkC61RI18C&pg=PA284&lpg= PA284&dq=Moss+Twomey+Tom+Mahon+IRA&source=bl&ots=AOIWvcHXEl&sig=I6RtQBRvQOaX 4N9_PGdWMje7aIo&hl=de&sa=X&ei=AjORVdi2FsmQsAH44q2gAg&ved=0CCQQ6AEwAA#v=onep age&q=Moss%20Twomey%20Tom%20Mahon%20IRA&f=false 5. The Double Transposition Challenge: http://www.focus.de/wissen/experten/schmeh/ doppelwuerfel-entschluesselt-george-lasry-laenge-des-geheimtextes-war-guenstig_id_3486085.html 6. Cryptograms from the crypt: http://www.heise.de/tp/artikel/38/38934/1.html 7. The murder of Ricky McCormick: http://www.focus.de/wissen/experten/schmeh/der-fall-ricky- mccormick-der-tote-im-maisfeld-und-die-verschluesselte-botschaft_id_3995251.html 8. The Ohio ticket office thief: http://scienceblogs.de/klausis-krypto-kolumne/2013/ 10/13/top-25-der-ungeloesten-verschluesselungen-platz-1-bis-25-im-schnelldurchlauf/ 9. The Zendian problem: https://www.nsa.gov/about/cryptologic_heritage/hall_of_ honor/2003/callimahos.shtml 10. Van Gelder cryptogram: http://scienceblogs.de/klausis-krypto-kolumne/2013/08/08/top- 25-der-ungelosten-verschlusselungen-platz-10-das-van-gelder-kryptogramm/

Page 27 Statista

Page 28 International Air Transport Association (IATA)

Publishing details

Bundesdruckerei GmbH Kommandantenstraße 18 10969 Berlin, Germany Tel.: + 49 (0) 30 – 25 98 0 Fax: + 49 (0) 30 – 25 98 22 05 E-mail: [email protected] www.bundesdruckerei.de © 2015 Bundesdruckerei GmbH