CH701203B1 - The portable apparatus and method for securely exchanging data with a remote computer. - Google Patents

Abstract

In a portable device (1) comprising a storage medium connectable to a computer (2), a browser (120) is stored in a read-only memory area (12). When connected to the computer (2), the browser is loaded from the portable device (1) for execution in the computer (2). The browser is adapted to encrypt any working data generated or received by the executed browser (20) at runtime and to store it in a hidden memory zone of a read / write memory area (13) in the portable device (1) and in that hidden memory area stored working data (131) as needed at runtime and decrypt. The secure storage of the run-time work data by the executed browser (20) protects the work data (131) from being maliciously intercepted, copied and / or altered. The saving of the work data in the external portable device (1) does not leave any traces in the computer (2) during and / or after the execution of the browser.

Description

Technical area

The present invention relates to a portable device and a communication method for securely exchanging data over a telecommunication network between a local computer and a remote computer. More particularly, the present invention relates to a communication method using a portable device, comprising: a storage medium connectable to a computer, a browser module stored in a read-only storage area of the storage medium, and a launcher adapted to Browser module when connected to the computer for execution in the computer to load.

State of the art

For securely exchanging data over a telecommunications network, particularly over a public network such as the Internet, measures must be taken to prevent malicious and / or unintentional manipulation of participating software applications potentially having a negative impact on integrity and / or privacy exchange data. It is common and popular to provide Internet applications and services for access by conventional browsers. This has the advantage that users do not need to be provided with any special client programs to access these services. The flexibility of traditional browsers makes them vulnerable to malicious attacks. For example, the ability to change the configuration of a browser through plug-ins and add-ons makes it possible to include malicious programs in the browser. In addition, it is possible to perform security and data integrity attacks by using working data used by a browser at runtime, e.g. session-specific data such as session logs, cookies (ie HTTP cookies, tracking cookies or web cookies used to authenticate or track and maintain specific information about users) or cached data (eg cached web documents , HTML pages, images, etc.).

US 2008/0 034 210 describes a device having a storage medium connectable to a computer and a hardened standalone browser stored on the storage medium. Traditional web browsers can not run in standalone mode. The hardened browser of US 2008/0 034 210 is a modified web browser designed for stand-alone operation on a read only medium. According to US 2008/0 034 210, the browser is hardened by specific security settings, such as limiting communication to a list of browsable addresses, enforcing encrypted communication, enforcing mutual authentication and / or preventing access to security-related browser options. The device further includes a loader stored on a read-only portion of the storage medium and performs an integrity check on the browser before the browser is launched in debug mode to thereby use a debug handle and prevent other programs debug the browser software components. Although the stand-alone browser of US 2008/0 034 210 ensures improved security, the functionality and / or flexibility of the standalone browser is reduced, since runtime work data can not be stored by the stand-alone browser in a strict stand-alone implementation on read-only memory.

Summary of the invention

An object of the present invention is to provide a portable device and a communication method for securely exchanging data over a telecommunication network between computers, wherein the disadvantages of the prior art do not exist in such a portable device and such a communication method. In particular, it is an object of the present invention to provide a portable device and a data communication method using the portable device, the portable device comprising: a storage medium connectable to a computer stored in a read only memory area of the storage medium A browser and a launcher adapted to load the browser into the computer when connected to the computer while not preventing the running browser from saving and retrieving runtime work data.

According to the present invention, these objects are achieved by the features of the independent claims. In addition, further advantageous embodiments follow from the dependent claims and the description.

According to the present invention, the above-mentioned objects are achieved in that in a portable device having a storage medium connectable to a computer, a browser module stored in a read-only storage area of the storage medium and a launcher therefor is configured to load the browser module into the computer when connected to the computer for execution, the executed browser module is adapted to, when executed in the computer in a read / write memory area of the portable device by the executed browser -Module safely generate stored or received work data of the portable device at runtime and safely retrieve stored in the read / write memory working data as needed by the running browser module at runtime. The running time data of the executed browser include, for example, session logs, cache data and / or cookies. For example, the portable device includes a USB (Universal Serial Bus) interface for connecting the storage medium to the computer. Preferably, the browser module is configured as a hardened browser having a facility that reduces exposure to potential security threats. Preferably, at least a portion of the read / write memory area in the portable device is set up as a hidden memory zone, and the browser module is adapted, when executed in the computer, for the working data generated or received at runtime by the executed browser module in the hidden one Save storage zone and retrieve the working data required by the running browser module at runtime from the hidden storage zone. Preferably, the browser module is designed to additionally or alternatively encode the work data generated or received by the executed browser module during runtime and to store it in the read / write memory area and the browser module executed by the executed browser module Runtime needed work data from the read / write memory area to retrieve and decrypt. The secure storage and retrieval of browser runtime data by the browser allows the protection of the work data from being corrupted by unauthorized program entities, e.g. Malicious programs designed to attempt, intercept, copy and / or modify so-called man-in-the-middle attacks. Saving the runtime work data of the running browser in the storage medium of the external portable device has the further advantage that during and / or after the execution of the running browser no traces left on the local computer ("Zero Foot Prints").

In one embodiment, the browser module is stored in encrypted form in the read only memory area, and the launcher is configured to decrypt the browser module prior to loading the browser module into the computer. This additional security feature prevents a malicious modification of the browser module.

Preferably, the browser module comprises an embedded transport layer security module for securing the browser communication over the telecommunication network. The integration of the transport layer security module into the browser prevents attacks on the data that would otherwise be exchanged on the computer between the running browser and a separate transport layer security module.

In one embodiment, the portable device further comprises an application module, e.g. an e-banking application stored in the read-only memory area and adapted to execute application data when executed in the computer, e.g. Store (e-banking) data received and / or generated by the executed application module securely in the read / write memory area, and application data, e.g. Retrieve financial (e-banking) data securely stored in the read / write memory area and route it to the running browser module. As described above in the context of the runtime work data of the running browser, the application data is saved by storing (online and / or offline) in the hidden memory zone of the portable device's read / write memory area and / or encrypted it stored in the portable device.

In one embodiment, the portable device further includes an application proxy module coupled to the browser module and configured to receive, upon execution in the computer, a login request from the application module executing in the computer, the login request forward by the browser module to a remote server, receive a login response with session-specific identification data for an accepted login request, and forward the session-specific data to the running application module. The application proxy module is further configured to receive, from the executed application module, along with the session-specific identification data, an application data request, to forward the application data request with the session-specific identification data by the executed browser module to a remote server, by the executed browser module an application data response from the remote server and forward the application data response to the running application module.

Preferably, the application proxy module is further adapted to include in forwarding the requests from the running application module to the remote server a cryptographic certificate securely stored on the portable device.

In a further embodiment, the portable device further comprises a cryptographic module adapted to receive secret personal identification data from a user of the computer when executed in the computer, to establish a secure communication connection with a remote certification server via the secure communication link with the computer to forward at least certain of the personal identification data for verification to a remote certification server, to generate a cryptographic key pair upon successful verification, to generate a certificate signing request and forward it to the certification server and to receive from the certification server a cryptographic certificate and store it securely on the portable device. Equipping the portable device with the cryptographic module allows the user to perform a self-enrollment process, making it unnecessary to personalize the portable device prior to its delivery to the user.

In addition to the portable device and a communication method using the portable device to enable secure data exchange between a local computer and a remote computer via a telecommunications network, the present invention further relates to a computer program product comprising computer program code means for controlling one or more Processors of a communication terminal, preferably a computer program product comprising a computer readable medium containing the computer program code means therein. Preferably, the computer program code means are designed and adapted to control the processors as an extension to a (hardened) browser module based on a conventional browser, such as Microsoft's Internet Explorer, Mozilla Firefox from the Mozilla Foundation, or Safari from Apple in that during the term of the browser module executed in the communication terminal, the communication terminal securely stores and stores work data generated or received at runtime in a read / write memory area of the portable device removably connected to the communication terminal by the executed browser module in the read / write memory stored work data as needed by the running browser module at runtime.

Brief description of the drawings

The present invention will be explained in more detail by way of examples with reference to the drawings. Show it: <Tb> FIG. 1 is a block diagram schematically illustrating a system for secure data exchange over a telecommunications network between a local computer to which a portable device is connected and a remote computer; <Tb> FIG. Fig. 2 is a timing diagram illustrating an exemplary sequence of self-enrollment steps of a user using the portable device; <Tb> FIG. 3 is a block diagram schematically illustrating an example configuration of the secure data exchange system between the local and remote computers over the telecommunications network and an exemplary sequence of steps for login to an application server of the remote computer; <Tb> FIG. 4 is the block diagram of FIG. 3 provided with an illustration of an exemplary sequence of steps for performing an application login from the local computer to the remote computer; <Tb> FIG. 5 is the block diagram of FIG. 3 provided with an illustration of an exemplary sequence of steps for executing an application data request from the local computer to the remote computer; <Tb> FIG. 6 is the block diagram of FIG. 3 provided with an illustration of an exemplary sequence of steps for performing an application logout from the remote computer.

Detailed Description of the Preferred Embodiments

Referring to Figs. 1-6, reference numeral 1 refers to a mobile portable device that includes a storage medium and is removably connected to a (local) computer 2 via a device interface 10. The device interface 10 provides an electrical connection of the portable device 1 to the computer 2. Preferably, the device interface 10 not only enables data communication between the computer 2 and the portable device 1, but also allows the computer 2 to power the portable device 1. For example, the portable device 1 is a USB token device and the device interface 10 is a USB interface.

The (local) computer 2 is equipped with a communication module for exchanging data with the remote computer system 4 via the telecommunication network 3. As shown in Fig. 1, the local computer 2 comprises data input controls 26, e.g. a keyboard, and a display 27 for showing user interfaces and data input / output. The local computer 2 is a fully functional conventional computer with data / program memory and at least one processor for executing programs loaded in the program memory. The local computer 2 is implemented as a personal computer (PC), a personal digital assistant (PDA) computer, or a mobile communication terminal such as a mobile phone.

The telecommunications network 3 comprises the local and remote computer 2, 4 accessible by fixed networks and / or wireless networks Internet. For example, the telecommunications network 3 comprises a Local Area Network (LAN), Integrated Services Digital Network (ISDN), Global System for Mobile Communication (GSM), Universal Mobile Telephone System (UMTS) or other mobile telephone systems, and / or a wireless local area network (WLAN) for access to the Internet.

The remote computer system 4 comprises one or more computers, e.g. Web servers, each with one or more processors. As shown in FIGS. 3-6, the remote computer system 4 includes an application security gateway 40 with secure session cookie data storage 41, for example, the Application Security Gateway AirLock by Visonys AG, Switzerland, an application server 43, an application database 42, and a certification server 5. For example, the application server 43 is remotely configured for customer e-banking, and the application database 42 includes e-banking data, including customer-specific financial data, contract data, and certificate data. Preferably (but not necessarily), functional modules, including the application server 43 and the certification server 5, are implemented on the remote computer system 4 as programmed software modules. The application security gateway 40 is preferably (but not necessarily) implemented as a hardware module.

As shown in Figs. 3-6, the portable device 1 comprises a visible public read / write memory area 11, e.g. a (USB) flash drive, a read only memory (ROM) area 12, and a hidden read / write memory area 13. The hidden memory area is set up to be invisible to a computer's operating system and only through specific programming interfaces they can be accessed.

The read-only memory area 12 stores: a browser module 120 comprising an embedded transport layer security module 121 (TLS protocol), an application proxy module 122 coupled to the browser module 120, an application module 123 , a cryptography module 124, and a launcher 125. These functional modules include computer program code that is configured to control a processor of the computer 2 so that the computer 2 performs functions described later. In one embodiment, browser module 120, application proxy module 122, and application module 123 are stored in encrypted form in read-only memory area 12. The browser module 120 is implemented as a secure browser, i. a hardened browser with restrictions on features that can pose a potential security threat. In particular, the browser module 120 is configured to disable executable extensions, such as plug-ins, browser helper objects (BHO), ActiveX objects, and / or Javascript and Java applets. The browser module 120 is configured as a reduced browser that has a locked interpretation of any compiler symbols. In addition, access to browser-executing external objects is blocked, for example, the use of external Document Object Models (DOM) is blocked. Further enhancement of security is achieved by embedding the transport layer security module 121 into the browser module 120, thereby avoiding separation between the browser core and the TLS engine.

The hidden read / write memory area 13 is used to generate working data 131 generated and / or used by the browser module 120 at runtime, application data 132 generated by the application module 123 online or offline, and / or receive one or more cryptographic key pairs 133 and one or more cryptographic certificates 134.

In the following sections, with reference to Figs. 2-6, possible sequences of steps performed by the functional modules to exchange data securely over the telecommunications network 3 between the local computer 2 and the remote computer 4 will be described specifically between a browser and / or an application running on the local computer 2 and an application server 43 running on the remote computer 4.

In preparation steps, the user of the local computer 2 is registered as a customer with the application provider. A custom password, i. a personal identification code (PIC), and a contract number are generated and stored in the application database 42. As part of the registration process, a portable device 1 is provided to the customer. The PIC and the contract number are supplied to the customer separately through a communication channel such as paper mail, electronic mail or SMS (Short Messaging Services).

To access services provided by the application server 43, the user connects the portable device 1 to his local computer 2.

As shown in Fig. 2, in step S1, the launcher 125 is started either automatically or manually by the user of the local computer 2 when the portable device 1 is connected to the local computer 2. The following sections describe the functionality of the launcher 125 with respect to the running launcher 25, which is decrypted, loaded, and executed on the local computer 2.

In step S2, the executed launcher 25 checks whether a cryptographic certificate 134 is present in the respective hidden read / write memory area 13.

If there is no cryptographic certificate 134, the running launcher 25 initiates a self-enrollment process in step S3 and displays a dialog on the display 27 in step S3, prompting the user to define a PIN. The PIN is stored for the customer in a respective hidden storage area 13 of the portable device 2. On the other hand, if the cryptographic certificate 134 is present and the customer does not choose to update the certificate, the running launcher 25 prompts the customer to enter his PIN. After the correctness of the PIN has been checked and verified, the launcher starts the browser module 120 in step S12.

In step S4, the executed launcher 25 establishes a Secure Socket Layer (SSL) session with a certification server 5 running in the remote computer 4.

In step S5, the running launcher 25 displays a dialog on the display 27 prompting the user to change his password, i. Enter your personal identification code (PIC) and your contract number. The PIC and the contract number are securely transmitted to the certification server 5 by the running launcher 25.

In step S6, the certification server verifies the received PIC and the received contract number in the application database 42 and reports the verification result to the running launcher 25.

If the executed launcher 25 determines in step S7 that the PIC and the contract number have been positively verified by the verification server 5, the executed launcher 25 generates a cryptographic key pair in step S8 and stores this cryptographic key pair 133 in the respective hidden read / write Write memory area 13.

In step S9, the executed launcher 25 generates a signing request for the respective customer and transmits it to the certification server 5. For example, the signing request is a request for certification (PKSC # 10, PEM format) of the Public Key Cryptography Standards (PKCS) certification of the public key and includes a session identifier.

In step S10, the certification server 5 generates a customized (signed) cryptographic certificate based on the received signing request, stores it for the respective customer in the application database 42, and returns it to the running launcher 25. For example, the digital certificate is provided in PEM format (Privacy Enhanced Mail, Base64 encoded DER certificate [Distinguished Encoding Rules], enclosed between -BEGIN CERTIFICATE- and -END CERTIFICATE-).

In step S11, the executed launcher 25 installs the custom cryptographic certificate 134 by storing it in the respective hidden read / write memory area 13.

In step S12, the executed launcher 25 starts the browser module 120. Optionally, the running launcher 25 decrypts the browser module 120 prior to starting its execution in the local computer 2. In the following sections, the functionality of the browser module 120 becomes (including the transport layer security module 121) with respect to the executed browser module 20 (including the executed transport layer security module 21) which is decrypted, loaded, and executed in the local computer 2.

When the executed browser module 20 is started, it uses the embedded running transport layer security module 21 to establish a Secure Socket Layer (SSL) session with the application server 43 (mutual authentication) implemented on the remote computer 4.

As shown in Figure 3, in step S14, the executed browser module 20, using the executed transport layer security module 21, transmits a login request to a login URL on the remote computer 4. The request includes the custom cryptographic certificate 134. The application security gateway 40 receives the request to the login URL and checks the customer's certificate.

In step S15, the application security gateway 40 forwards the login request to a login control module of the application server 43 if the certificate is valid. The certificate information is routed to the control module in a so-called environment cookie.

In the application server 43, the login control module reads the certificate from the environment cookie and in step S16 queries the application database 42 for the contract associated with the respective certificate. In addition, the contract number and the password (PIC) are checked.

In step S17, the application server 43 login control module returns to the application security gateway 40 a response indicating a control cookie indicating that access is granted and a contract cookie indicating the particular customer contract , contains. The application security gateway 40 receives the response, releases access to the current session contract based on the control and policy cookie, and stores the contract cookie in secure session cookie data storage 41.

In step S18, the application security gateway 40 returns to the executed browser module 20 a response containing a session cookie provided by the application security gateway 40.

In step S19, the executed browser module 20 receives the response and securely stores the session cookie provided by the application security gateway 40 as browser work data 131 in the respective hidden storage area 13. Preferably (but not necessarily) the executed browser encrypts Module 20 stores the session cookie before storing it in the portable device 2.

In subsequent steps, the customer uses the established session between the executed browser module 20 and the application server 43 to perform data transfer and / or data request requests (using the stored session cookie for reference).

For a logout, the customer uses the executed browser module 20 to transmit a logout request to the application server 43. The application server 43 closes the session to the application security gateway 40, which in turn closes the SSL session to the running browser module 20.

[0045] In one embodiment, if the browser configuration allows the start of the running browser module 20 to be released with the application proxy module 122 enabled, and if that feature is set, then the browser module 120 will open in step S12 with the application application enabled. Proxy module 122 started. Optionally, the launcher 125 also decrypts the application proxy module 122 and the application module 123 prior to starting their execution on the local computer 2. In the following sections, the functionality of the application proxy module 122 and the application module 123 will also be described with respect to FIG executed application proxy module 22 and the executed application module 23, which are each decrypted, loaded and executed in the local computer 2.

As shown in Fig. 4, when the application module is started by the running launcher 25, in step S21 the executed application module 23 sends a login request using a login URL, e.g. to the running application proxy module 22. To prevent an unauthorized (malicious) application from using the executed proxy application module 22, the login request includes custom credentials, contract number and password (PIC).

In step S22, the executed application proxy module 22, using the executed browser module 20, forwards the login request to the actual (real) login URL at the remote computer 4. The forwarded request contains the custom cryptographic certificate 134. The application security gateway 40 receives the request to the login URL and checks the customer's certificate.

In step S23, the application security gateway 40 forwards the login request to a login control module of the application server 43 if the certificate is valid. The certificate information is routed to the control module in a so-called environment cookie.

In the application server 43, the login control module reads the certificate from the environment cookie and in step S24 queries the application database 42 for the contract associated with the respective certificate. In addition, the contract number and the password (PIC) are checked.

In step S25, the application server 43 login control module returns to the application security gateway 40 a response indicating a control cookie indicating that the access is granted and a contract cookie containing the respective custom contract indicates contains. The application security gateway 40 receives the response, releases access to the current session contract based on the control and contract cookie, and stores the contract cookie in secure session cookie data storage 41.

In step S26, the application security gateway 40 returns to the running application proxy module 22 a response containing a session cookie provided by the application security gateway 40.

In step S27, the executed application proxy module 22 receives the response from the executed browser module 20 and forwards the response to the running application module 23.

In step S28, the executed application module 23 reads the response and stores the session cookie provided by the application security gateway 40 as application data 132 in the respective hidden read / write memory area 13.

According to user requirements and / or application logic, the executed application module 23 sends application requests to the application server 43 in the remote computer 4, e.g. a request to transmit or query application data, such as e-banking data (financial data). It should be emphasized that the application data may be given online by the customer or retrieved from the respective hidden storage area 13, for example, previously stored as application data 132 by the executed application module 23 in offline mode. As shown in FIG. 5, before generating an application request in step S31, the executed application module 23 retrieves from the read / write memory area 13 the session cookie previously provided by the application security gateway 40.

In step S32, the executed application module 23 sends an application request to the running application proxy module 22. The application request contains the application request to an application URL, e.g. https: // localhost: 1234 / application / [...] addressed the session cookie previously provided by the application security gateway 40.

In step S33, the executed application proxy module 22 forwards the application request along with the customer's certificate to the application security gateway 40. The application security gateway 40 reads the session cookie included in the application request and retrieves the corresponding contract cookie from the secure session storage data 41.

In step S34, the application security gateway 40 forwards the application request containing the contract cookie to the application server 43. The application server 43 identifies the customer based on the contract cookie.

In step S35, the application server 43 retrieves the requested application data from the application database 42 or stores the submitted application data in the application database 42, respectively.

In step S36, the application server 43 returns a response to the application security gateway 40.

In step S37, the application security gateway 40 forwards the response to the running application proxy module 22.

In step S38, the executed application proxy module 22 forwards the response to the executed application module 23.

As shown in FIG. 6, the executed logout application module 23 sends a logout request to the executed application proxy module 22 in step S41.

In step S42, the executed application proxy module 22 forwards the logout request along with the customer's certificate to the application security gateway 40.

In step S43, the application security gateway 40 forwards the logout request to the application server 43.

In step S44, the application server 43 closes the web session and the session in the application database 42.

In step S45, the application server 43 returns a response with a control cookie to end the session.

The application security gateway 40 receives the control cookie and closes the session. In step S46, the application security gateway 40 sends a logout response to the running application proxy module 22.

In step S47, the executed application proxy module 22 forwards the logout response to the executed application module 23.

In step S48, the executed application module 23 removes the session cookie from the respective hidden storage area 13.

It should be noted that in the description the computer program code has been associated with specific function modules and the sequence of steps has been presented in a specific order. However, it will be appreciated by those skilled in the art that the computer program code may be otherwise structured and that the order of at least a portion of the steps could be changed without departing from the scope of the invention.

Claims (18)

A portable device (1) for securely exchanging data over a telecommunications network (3) between a local computer (2) and a remote computer (4), comprising: a storage medium connectable to the local computer (2), the storage medium comprising a read only memory area (12) and a read / write memory area (13), a browser module stored in the read only memory area (12) ( 120) and a launcher (125) adapted to load the browser module (120) in connection with the local computer (2) for execution in the local computer (2), wherein the browser module (120) is adapted to exchange data via the telecommunication network (3) between the local computer (2) and the remote computer (4) and when executed in the local computer (2) by the executed browser module (2). 20) to store or generate work data generated or received at runtime safely in the read / write memory area (13) and to store read data (131) securely stored in the read / write memory area (13) as required by the executed browser module (20). at runtime. A portable device (1) according to claim 1, wherein at least part of the read / write memory area (13) is set up as a hidden memory zone and the browser module (120) is adapted to be executed in the computer (2). to store the working data generated or received by the executed browser module (20) at runtime in the hidden memory zone and retrieve the working data (131) required by the executed browser module (20) from the hidden memory zone at runtime. A wearable device (1) according to any one of claims 1 or 2, wherein the browser module (120) is adapted, when executed in the computer (2), for the working data generated or received at runtime by the executed browser module (20) to encrypt and store in the read / write memory area (13) and retrieve from the read / write memory area (13) the working data (131) required by the executed browser module (20) at runtime and decrypt. The wearable device (1) of any one of claims 1 to 3, wherein the browser module (120) is stored in encrypted form in the read only memory area (12), and wherein the launcher (125) is adapted to the browser module (120) before loading the browser module (120) into the computer (2). The wearable device (1) of any one of claims 1 to 4, wherein the browser module (120) comprises an embedded transport layer security module (121) for securing browser communication over a telecommunications network (3). The portable device (1) according to any one of claims 1 to 5, further comprising an application module (123) stored in the read-only memory area (12), e.g. an e-banking application adapted to receive and / or generate application data received by the executed application module (23) when executed in the computer (2), e.g. Store financial data securely in the read / write memory area (13) and securely store application data (132) stored in the read / write memory area (13), e.g. Retrieve financial data and route to the executed browser module (20). The wearable device (1) of any one of claims 1 to 6, further comprising an application proxy module (122) coupled to the browser module (120) and configured to execute, when executed in the computer (2) Receive a login request from an application module (23) running in the computer (2) and forward the login request through the browser module (120) to a remote application server (43), a login response with session-specific identification data for an accepted login Receive request and forward the session-specific data to the running application module (23). The wearable device (1) of claim 7, wherein the application proxy module (122) is further adapted to receive an application data request from the executing application module (23) along with the session specific identification data, the application data request containing the session specific identification data running browser module (20) to a remote application server (43), by the executed browser module (20) to receive an application data response from the remote application server (43) and forward the application data response to the running application module (23). The wearable device (1) of any one of claims 1 to 8, further comprising a cryptographic module (124) adapted to receive secret personal identification data from a user of the computer (2), a secure communication link with a remote certification server (5) establish, via the secure communication link with the remote certification server (5), at least a portion of the personal identification data for verification, upon successful verification, generate a cryptographic key pair, generate a certificate signing request and forward to the certification server (5) Receive the cryptographic certificate (134) from the certification server (5) and securely store it on the portable device (1). The wearable device (1) of any one of claims 1 to 9, wherein the browser module (120) is configured as a hardened browser, the working data (131) used by the executed browser module (20) at runtime, at least one of the following Alternatives include: session logs, cache data, and cookies, and the portable device (1) includes a USB interface for connecting the storage medium to the computer (2). A communication method for securely exchanging data over a telecommunications network (3) between a local computer (2) and a remote computer (4), the method comprising the steps of: Providing a portable device (1) comprising a storage medium having a read only memory area (12) and a read / write memory area (13); Storing a browser module (120) in the read only memory area (12); Connecting the storage medium to the local computer (2); Loading the browser module (120) for execution in the local computer (2); and Using the executed browser module (20) to exchange data over the telecommunication network (3) between the local computer (2) and the remote computer (4), wherein the executed browser module (20) ensures runtime generated or received work data in the read / write memory area (13) stores and the executed browser module (20) securely in the read / write memory area (13) stored working data (131) as required by the executed browser module (20) at runtime retrieves. 12. The method of claim 11, wherein at least part of the read / write memory area (13) is set up as a hidden memory zone and stores the working data generated or received by the executed browser module (20) at runtime in the hidden memory zone, and the working data (131) required by the executed browser module (20) at runtime retrieves from the hidden storage zone. 13. The method according to any one of claims 11 or 12, wherein the executed browser module (20) at runtime generated or received work data encrypted and stored in the read / write memory area (13) and the executed browser module (20) at run time retrieves required data (131) from the read / write memory area (13) and decrypts. 14. The method according to any one of claims 11 to 13, further comprising the following steps: Storing an application module (123) in the read only memory area (12); Loading the application module (123) for execution in the local computer (2); Encrypting and storing application data received from a user of the local computer (2) and / or generated by the executed application module (23) by the executed application module (23) in the read / write memory area (13); and Retrieving, decrypting and directing stored application data (132) to the executed browser module (20). 15. The method according to any one of claims 11 to 14, further comprising the following steps: Coupling an application proxy module (122) to the browser module (120); Loading the application proxy module (122) for execution in the local computer (2); Receiving a login request from the application module (23) executing in the computer (2), forwarding the login request by the executed browser module (20) to the remote computer (4), receiving a login response with session-specific identification data for an accepted login Requesting and forwarding the session-specific data to the executed application module (23) by the executed application proxy module (22). The method of claim 15, wherein the executing application proxy module (22) further receives an application data request from the executing application module (23) along with the session-specific identification data, the application data request with the session-specific identification data by the browser module (120) for remote Computer (4), receives an application data response from the remote computer (4) through the browser module (120), and forwards the application data response to the executing application module (23). 17. The method according to any one of claims 11 to 16, further comprising the following steps: Receiving secret personal identification data from a user of the local computer (2), establishing a secure communication connection with a remote certification server (5), forwarding at least a portion of the personal identification data for verification via the secure communication connection to the remote certification server (5), generating a cryptographic Key pairs upon successful verification, generating and forwarding a certificate signing request to the certification server (5), receiving a cryptographic certificate from the certification server (5) and securely storing the cryptographic certificate (134) on the portable device (1). A computer program product comprising computer program code means for controlling one or more processors of a portable device (1) for securely exchanging data over a telecommunication network (3) between a local computer (2) and a remote computer (4), the portable device (4) 1) comprises a storage medium connectable to the local computer (2), the storage medium comprising a read only memory area (12) and a read / write memory area (13), wherein in the read only memory area (12) Browser module (120) is stored, wherein the computer program code means are such that the browser module (120) is loaded in connection with the local computer (2) for execution in the local computer (2), wherein the executed browser module (20) is adapted to exchange data via the telecommunications network (3) between the local computer (2) and the remote computer (4) and by the executed browser module (20) for Run time generated or received work data safely in the read / write memory area (13) to store and read in the read / write memory area (13) securely stored work data (131) as needed by the executed browser module (20) at runtime ,