Security management and data exchange are at the heart of our work

Security management at (((eTicket Deutschland ensures secure revenue for transport companies and transport associations. At the same time, it protects passenger data. Everything we do fulfils international security standards: our systems are encrypted multiple times and our security management is based on the guidelines of the German Federal Office for Information Security (BSI).

When a cryptographically secured ticket is checked, a lot of highly complex data flows back and forth between the smartphone, background system and control device. Our security management team is also responsible for ensuring that data such as the validity and area of validity of the ticket can be checked quickly.

Komponenten des Sicherheitsmanagements von (((eTicket Deutschland

We have also developed the Central PV System (ZPVS) for the Deutschland-Ticket, which will be introduced in 2023. It ensures system security and audit-proof tracking of all D-tickets issued. It also provides important data to enable fair and correct revenue distribution. The transmitted data records are pseudonymised, encrypted and transmitted via a secure network.

Data protection & security with the D-Ticket


How the security management of (((eTicket Germany works

In 2006, together with Deutsche Telekom Security GmbH, we developed a three-stage security system for ticketing in public transport. The basic encryption principle is also used in other applications. However, our security management system also includes a number of project and sector-specific features such as the transferability of tickets or regional validity areas.

Deutsche Telekom Security GmbH is responsible for setting up and operating our Public Key Infrastructure (PKI). This PKI has a so-called Root CA (Certificate Authority), from which all other encryption components (Sub CA) for background systems, terminals and (((eTickets are derived. These sub-CAs are used to issue certificates that can be used to verify the authenticity of mobile phone tickets, for example.

You can read about what our security management means for passenger data here.

We as VDV-ETS control the security process and the web service ASM-Tool (Application and Security Management Tool). In the ASM tool, (((eTicket Deutschland participants can order the components of our security management (including keys, SAMs and certificates).

We organise the internal data exchange between transport companies via equensWorldline SE Germany. The service provider operates the 'Central Exchange Centre' (ZVM) and the 'Interoperable Network' (ION) for us, which forms the basis for data exchange at (((eTicket Deutschland.

The second generation of our security management (2GSI) is coming

The Root CA, which protects (((eTicket Deutschland's systems against manipulation, went into operation in 2006. At that time, we specified a term of 20 years for this Root CA. After that, we need a new key that is technically state-of-the-art. We will be adapting our entire security infrastructure accordingly from 2026; the second generation of our security management will come into force. Telekom Security GmbH is also taking care of this.

As part of the transition to 2GSI, we are simplifying the key management system - and developing version 3.0 of the ticketing standard VDV core application: (((etiCORE.

Your contact for questions about safety management

Dr. Gunter Weinerth, Leiter Produkt- und Sicherheitsmanagement

Dr Gunter Weinerth
Head of Product and Safety Management

E-mail: weinerth@vdv.de