DE102004046847A1 - Internet transactions using a integrated circuit chip card has completion based upon reception of digital user signature - Google Patents

Internet transactions using a integrated circuit chip card has completion based upon reception of digital user signature Download PDF

Info

Publication number
DE102004046847A1
DE102004046847A1 DE200410046847 DE102004046847A DE102004046847A1 DE 102004046847 A1 DE102004046847 A1 DE 102004046847A1 DE 200410046847 DE200410046847 DE 200410046847 DE 102004046847 A DE102004046847 A DE 102004046847A DE 102004046847 A1 DE102004046847 A1 DE 102004046847A1
Authority
DE
Germany
Prior art keywords
data
user
server
signed
portable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
DE200410046847
Other languages
German (de)
Inventor
Eike Thomas Bode
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient Mobile Security GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Priority to DE200410046847 priority Critical patent/DE102004046847A1/en
Publication of DE102004046847A1 publication Critical patent/DE102004046847A1/en
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or paths for security, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention relates to a system, a portable data carrier and a method for generating a digital signature. For the data to be signed, a signature is generated by a user (8) by means of a portable data carrier (1). Identification data for the data to be signed are determined in a server (5), wherein the identification data can be derived from the data to be signed. The identification data is compared with comparison data, the user is presented at least part of the data to be signed and there is a release of the signature generation by the user before the digital signature is generated in the portable data carrier. According to the invention, display data which is displayed to the user as an indicator is determined in the server (5) as a selection from the data to be signed.

Description

  • The The invention relates to a system, a method and a portable disk to generate a digital signature and in particular the hedge a user-generated signature generation means of the portable data carrier.
  • The Creation of a digital signature by a user must be against a possible Abuse be well secured, hence the digital signature as a substitute for a Manual signature can serve. Smart cards or similar secured portable data carriers, which store the key used to generate the signature and internally generating the signature are for this purpose particularly suitable. Such smart cards are known and, for example in the "manual the chip cards "from W. Rankl and W. Effing, 4th edition, chap. 4 and chap. 14.4 described.
  • One User determines the data to be signed by his inputs on a PC. The user will see the data to be signed displayed on a screen of the PC. A chip card with signature function (in the following also signature card), which via an interface unit connected to the PC receives the data to be signed from the PC. After the release by the user, for example by entering a PIN, generates the Chipcard an electronic signature for the transmitted data.
  • There the PC is not a secure environment, but is not secured, that the transferred from the PC to the smart card Data also correspond to the data presented to the user on the screen PCs were displayed. So there is a risk that an undesirable Program on the user's PC (Trojan) arbitrary to the User display changed Transfers data to the smart card, the then be signed by the chip card.
  • From the publication DE 197 54101 C2 a device for communication with a PC is known, in which the data display unit and a processor for the execution of the signature calculation structurally form a unit. Smart cards with integrated display and integrated control panel are known and could form such devices. However, due to the limited size of the display, they offer limited possibilities for the user to display information.
  • According to one alternative approach is an additional central unit between a display unit, an interface unit provided with signature card and the PC. The central unit monitors the exchanged data streams and make sure only the displayed data for transmit the generation of a signature to the signature card become.
  • Furthermore, from the document DE 197 47 603 C2 discloses a method for generating digital signatures, in which a user's PC transmits a request for generating a signature to a server. The server transmits the data to be signed to a mobile terminal of the user. The message to be signed is visualized to the user in the mobile terminal and signed by a chip card arranged in the terminal.
  • One such process relies however completely that the mobile terminal represents a secure environment that is not just like a PC of Viruses or Trojans. However, this assumption is for modern mobile devices, the more and more often PC-like Functions, operating systems and interfaces, not more justified.
  • EP 1306 820 A2 uses a tamper resistant printer driver which prints the document to be signed to the user. The document is first transferred from the user's PC to a background system in which test data, an identifier and an output file are calculated. A chip card reader compares the check data of the background system with the test data calculated internally from the document. The identifier calculated by the background system is displayed to the user on the chip card reader and printed with the document. The user releases the signature generation if both identifiers match.
  • It the object of the present invention is a method, a system and a portable data carrier to provide secure generation of a digital signature, which independent of the protection of the output units of a terminal of the User are applicable.
  • These Task is solved through the objects the independent one claims 1, 13 and 15. Preferred embodiment of the invention are in the dependent claims described.
  • According to an approach of the present invention, identification data for the data to be signed and display data to be displayed to the user are determined in a server. The display data are selected from the data to be signed.
  • By a suitable selection of the display data is the system without loss of information for the User and thus without loss of security also applicable if as a display unit for the user a small display of a portable data carrier, one reader for portable Disk or a mobile terminal is used. For different Types of data to be signed is not an adaptation of the system components necessary for the user.
  • In Further configurations, the system, for example, to the system components adapted to the user become. A display on a display unit of a portable data carrier or a reader, whose advertisement can not be manipulated from the outside is trustworthy per se. Missing such a display unit or the possibility to use these in a suitable form, it can proceed as follows become.
  • display data and / or identification data becomes mobile from the server Transmitted terminal and corresponding control data becomes portable from the server Transfer data carrier. The user can by comparing data displayed by him or by using them as release information, that he is the desired Data signed.
  • Especially can the identification data in the portable data carrier to a Comparison can be used with comparison data that is off for signature generation transmitted to the portable data carrier Data to be determined.
  • According to one advantageous development of the method, the identification data along with authentication data from the server to the portable Transfer data carrier, so that the portable disk On the basis of the authentication data can check whether the identification data of transferred to the server have been. Thus, it can be ensured that the the data of a trusted entity to be signed associated with the identification data are known.
  • Preferably will display the display data on the mobile terminal of the user, because the display device is better suited for this purpose.
  • In a further advantageous embodiment of the method determined the server displays the display data and / or the identification data in Dependence on Preferences. In this way, the user can view the displayed At least partially determine display data.
  • preferred embodiments The invention and further advantageous effects are hereinafter described with reference to the figures. The figures show in detail:
  • 1 a system with a portable data carrier and a mobile terminal of the user and the corresponding connections to a server,
  • 2 a message flow diagram for a method according to a first embodiment,
  • 3 a message flow diagram for a method according to a second embodiment,
  • 4 a message flow diagram for a method according to a third embodiment,
  • 5 a message flow diagram for a method according to a fourth embodiment.
  • 1 shows the components of a system according to the invention and their connection with each other. The system includes a portable data carrier 1 a user 8th as well as a server 5 ,
  • In the illustrated arrangement, a smart card 1 used as a portable data carrier via a card reader 2 with a computer 3 connected is. As a portable data carrier, for example, a smart card, a USB token or other similar unit with microprocessor can be used.
  • The portable data carrier 1 , in the form of a smart card, in addition to the usual internal units, such as CPU, memory, cryptographic coprocessor and the like, as well as a data interface for exchanging data with external devices, a display unit and an input unit for user input. The input unit may be, for example, a (biometric) sensor, a push-button or a keyboard. The display unit will preferably be a display. The card reader 2 can in addition to the interfaces to the chip card 1 and to the computer 3 also comprise a display unit in the form of a display and an input unit for user input.
  • The computer 3 is over a network 4 such as the Internet, with the server 5 connected. The server 5 in turn, connects to a telecommunications network 6 on which a wireless communication with a mobile terminal 7 the user 8th allows.
  • A procedure which is for the user 8th according to 1 is displayed below with reference to 4 described in more detail.
  • The user 8th in 1 defined by inputs on his computer 3 Data he wants to sign. The type of data to be signed is initially not limited. However, the present system is particularly suitable for complex or large electronic documents, such as e-mails, text or HTML documents, or transaction data, such as payment transactions, transfer orders or electronic orders. In many cases, such as transactions over the Internet, the user becomes 8th or its computer 3 only in the course of the transaction from the server 5 the information is obtained as to which format and which contents the data to be signed have.
  • A signature for the data to be signed is by means of a signature generation function of the smart card 1 generated. In the exemplary embodiments shown, a digital signature is calculated in a known manner by means of the RSA algorithm. To summarize, for this purpose, an intermediate value (hash value) is determined from the data to be signed by means of a one-way function, which value is then signed by a secret key component. On the basis of the signature and the data to be signed, third parties with a public key share can check whether the data was signed by the key holder. However, the system is equally applicable to other asymmetric algorithms such as DSA or Elliptic Curves, or symmetric algorithms.
  • In the 2 to 4 different embodiments are shown for a method according to the invention. In particular, depending on the configuration of the portable data carrier or the combination of portable data carrier and corresponding reading device, one of the methods or a sub-combination of the aspects thereof is used in an adapted form.
  • In the message flow diagram according to 2 are next to the chip card (ICC) 1 and the server 5 as involved the computer (PC) 3 and the user 8th shown.
  • In a first process step 21 defines the user 8th through his inputs on the computer 3 a transaction, for example the purchase of 10 CDs. The computer determines from the transaction data for the defined transaction 3 a hash value, which of the smart card 1 to be signed. The hash value 11 becomes in one to the chip card 1 transfer. Transfers the PC 3 instead, for example, the 20-byte long hash value 11 the larger transaction data 12 to the chip card 1 , so the hash value 11 for the transaction data in the chip card 1 calculated. The transaction data 12 be from the computer 3 to the server 5 transfer.
  • The server 5 determined from the transaction data 12 also the hash value and additional display data for the user's display. From the transaction data, the server selects suitable display data for the user. The display data contains the most important information for the user from the transaction data. So when buying 10 CDs by the user, as in 1 represented by the display data Text1 to Text3, selected from the transaction data, the type of transaction and quantity and type of purchased items (Text3: "Order 10 CDs"), the price (Text1: "100EUR") and payment mode information (Text2 : "Kto No. 1234 5678").
  • The display data should in particular enable the user to check whether the transaction to be signed corresponds to the transaction he has defined. It should be noted that the user can use this approach to sign more complex contract texts or documents. In general, the server knows 5 which parts of the data to be signed are of particular relevance to the user.
  • The server 5 signs the display data and the hash value in one step 23 , It transmits the server signature together with the display data and the hash value via the computer 3 to the chip card 1 as a message 14 ,
  • The chip card 1 verified in one step 24 the server signature. It uses the public key of the server 5 , In order to keep the system flexible and open to a large number of servers, the chip card preferably stores the public key of a higher-level instance. As is well known, the parent public key authority issues trusted servers with a certificate that can verify the smart card prior to using the server's public key with the parent's stored public key. After successful verification in step 24 For example, the smart card may assume that the transmitted data has been received from a trusted server. The through the steps 23 and 24 Secured the transmission of the message 14 However, it can also be achieved in other ways. For example, the smart card 1 and the server 5 establish a secure connection after a mutual authentication in a conventional manner.
  • In one step 28 compares the chip card 1 the hashes that they get from the computer and the server 5 had received. If the hash values match can vote, the chip card 1 assume that the hash value was calculated from the transaction data to be signed.
  • The user will be in one step 25 the display data 15 displayed. If the display data signals the user to sign the desired transaction, it will check 27 the display data enable the generation of the signature 18. A release of the user 8th can be done for example by entering a PIN or a release code, placing a finger tip on a sensor or simply pressing a button.
  • The transaction data to be signed or its hash value are in one step 29 in the chip card 1 signed. The user signature is taken from the smart card 1 on the computer 3 and if necessary continue to the server 5 transfer.
  • 3 shows a message flow diagram for a second embodiment of a system and method according to the invention. In this system becomes the mobile terminal 7 (MS) is used as an additional component to display data to the user via a second channel.
  • Notwithstanding the method according to 2 becomes the hash value of the chip card 1 only from the server 5 transmitted. In the message 14 the hash value is included along with a server signature.
  • The display data that is part of the transaction data and a hash ID that is part of the hash value are stored in the server 5 in step 22 determined and to the mobile terminal 7 transfer. From the hexadecimal coded hash value, the hash ID can be calculated in a predetermined manner. For example, the first 8 digits can be converted to a BCD encoded form.
  • The mobile device 7 shows the user 8th the display data in one step 36 at. The user 8th In addition, the hash ID, as identification data for the data to be signed, is displayed in this step.
  • After checking the display data gives the user 8th its release for signature generation by placing the hash ID in a corresponding input device of the smart card 1 (or the card reader). In step 38 compares the chip card 1 the hash ID received by the user with an internally determined hash ID identifying the smart card 1 from the server 5 received hash value determined. Only if this comparison succeeds is in the step 29 in turn generates the user signature via the transaction data.
  • The message flow diagram in 4 shows a further process variant, which only in their deviations from the process variant 3 is described.
  • The chip card 1 gets from the computer 3 the hash value 11 and in the message 14 from the server 5 the from the server 5 specific and signed hash ID. In the optional process step 28 will be in the chip card 1 a hash ID derived internally from the hash value compared with the hash ID received from the server.
  • In the steps 45 and 46 becomes the user 8th the from the server 5 certain hash ID through the smart card 1 and through the mobile device 7 displayed. The mobile terminal again displays the display data simultaneously with the hash ID. The user can check both the display data 47 as well as the hash ID compare 48 before releasing it 18 to the generation 29 the signature to the chip card 1 granted.
  • The from the server 5 to the mobile terminal 7 transmitted message 13 may also be secured in addition to the display data and the hash ID, so for example, a server signature at least over the hash ID from the step 23 of signing included.
  • The message flow diagram according to 5 shows a further embodiment of the method. As an essential complement to the embodiments described above, in the method user specifications are used to determine the display data and / or the hash ID (identification data) in accordance with these user preferences.
  • In one step 50 defines the user 8th in the user options, whether he creates a user preference and sets his preferences. For example, User Preferences will specify which parts of the transaction data 12 as display data 15 . 16 should be used and / or which part of the hash value 11 as a hash ID 17 should be used. In addition to the possibility of selecting only three out of, for example, five relevant information, the user default also offers the possibility of parts of the transaction data that are not prima facie irrelevant, but unique to the user 12 as display data 15 select.
  • In addition, he can specify in the user options, which functions, ie in particular input and output options his smart card 1 and / or his card reader 2 supported.
  • In the server 5 the step of determining takes place 22 of display data and the hash ID depending on the user's preferences 8th he in the step 50 has defined. Furthermore, the server can 5 Optionally adapt the further procedure according to the specification of the supported functions, for example a procedure appropriate to the existing hardware of the user according to the variants 2 to 5 select or configure.
  • The user 8th thus determines by its specifications which display data in the message 14 to the chip card 1 and in the message 13 be transmitted to the mobile terminal. In the steps 55 and 56 When displaying, the user then sees the display data and the hash ID as he has previously set. The step 55 displaying the display data 15 is optional in this procedure or may be displaying the display data 16 in the step 56 through the mobile terminal 7 replace.
  • In addition to user preferences for the current process, predefined user defaults can also be used. The user 8th are then through the mobile terminal 7 in addition to the display data in the step 46 For example, pre-defined user preferences or derived data displayed. So the user can 8th initially with the server 5 as predefined user preference, agree with him with each display of data sent by the server 5 a password appears that is unknown to other components.
  • In a further embodiment of the method, the user can 8th after a predefined user specified at the server 5 stored rule, for example, display one of the elements of the display data in reverse order. As an additional safeguard against a possible eavesdropping, logging and reuse of display data, transaction counters, encrypted data transmission between servers 5 and mobile terminal 7 and / or user preferences with varying proportion. For example, in an improved rule, alternately the first to third text elements can be replayed from the display data in reverse order of letters.
  • Such user preferences become free between users 8th and server 5 agreed. However, this type of user preferences should be independent of the PC 3 or the terminal 7 take place, for example, once in advance when registering the user 8th in the system or at the server 5 , In this way, even in case coordinated external control of the PC 3 and the mobile terminal 7 the user through Trojans or viruses a stable transparent to the user protection of the signature generation achieved.
  • After releasing the signature generation by receiving the hash ID 17 in the chip card 1 , becomes the hash ID received by the user 17 compared with a hash ID in step 58 that came out of the PC 3 received hash value 11 is derived. If successful, the signature will be in the step 29 generated.
  • As in 5 again indicated, the component shown in the message flow charts chip card 1 each from the portable disk 1 alone or in combination with the card reader 2 consist.
  • The described procedures of the embodiments and their sub-aspects are readily combinable in their design. For example, the use of a predefined user preference or a user defined for the current operation of a signature generation according to 5 directly applicable to the other embodiments.
  • As in particular from 2 apparent to those skilled in the stationary terminal of a personal computer 3 as well by a mobile terminal 7 be replaced by the user. In particular, if a data transmission between portable data carrier and mobile terminal takes place via a wireless interface, for a portable data carrier with its own display unit and data input unit, the mobile terminal 7 the role of the stationary terminal 3 take. The mobile device 7 the user 8th and the portable data carrier 1 can each have an NFC interface.

Claims (17)

  1. Method for generating a digital signature for data to be signed ( 12 ) by a user ( 8th ) by means of a portable data carrier ( 1 ), with the following steps: determining ( 22 ) of identification data for the data to be signed ( 12 ) in a server ( 5 ), wherein the identification data from the data to be signed ( 12 ) are derivable; To compare ( 28 ; 38 ; 45 ; 58 ) the identification data determined in the server with comparison data; Represent ( 25 ; 36 ; 45 . 46 ; 55 . 56 ) of at least part of the data to be signed ( 12 for the user; Produce ( 29 ) of the digital signature in the portable data carrier when a release ( 17 . 18 ) the signature generation by the user occurs after the step of presenting; characterized by determining ( 22 ) of display data as a selection from the data to be signed in the server, wherein in the step of presenting ( 25 ; 36 ; 45 . 46 ; 55 . 56 ) the display data is displayed to the user.
  2. Method according to claim 1, characterized in that in the step of determining ( 22 ) the display data in the server the display data according to a first user preference ( 51 ) are selected from the data to be signed.
  3. Method according to claim 1 or 2, characterized in that in the step of determining ( 22 ) the identification data in the server, the identification data in accordance with a second user specification ( 51 ).
  4. Method according to one of Claims 1 to 3, characterized by transferring ( 14 ) the identification data together with authentication data from the server to the portable data carrier; and checking ( 24 ) of the authentication data in the portable data carrier to determine whether the transmitted identification data originated from the server.
  5. Method according to one of Claims 1 to 4, characterized by transferring ( 13 ) the display data from the server to a mobile terminal of the user, the step of displaying ( 36 ; 46 ; 56 ) of the display data is at least partially carried out by the mobile terminal of the user.
  6. Method according to claim 5, characterized in that the identification data are transmitted from the server to the mobile terminal, wherein in the step of displaying ( 36 ; 46 ; 56 ) are displayed by the mobile terminal and the identification data.
  7. Method according to one of Claims 1 to 6, characterized by transmitting the display data ( 14 ) from the server to the portable data carrier, the display data being indicated by the portable data carrier ( 25 ; 55 ) become.
  8. Method according to one of Claims 1 to 7, characterized in that the received identification data are displayed by the portable data carrier ( 45 ) become.
  9. Method according to one of Claims 1 to 8, characterized in that the step of comparing ( 28 ; 38 ; 45 ; 58 ) of the identifiaktionsdaten determined in the server with the comparison data in the portable data carrier.
  10. Method according to one of Claims 1 to 9, characterized in that the portable data carrier receives the identification data as release of the user ( 17 ).
  11. Method according to one of claims 1 to 10, characterized in that the portable data carrier is connected via a portable data carrier to a stationary terminal of the user and the step of displaying ( 25 ; 55 ) of the display data and / or the step of comparing the identification data by the reading device.
  12. Method according to one of claims 1 to 11, characterized that for the step generating the signature from the data to be signed intermediate data where either the intermediate data is the identification data form or the identification data are selected from the intermediate data.
  13. System for generating a digital signature for data to be signed ( 12 ) by a user ( 8th ) by means of a portable data carrier ( 1 ), whereby the system supports the portable data carrier ( 1 ) and a server ( 5 ), and the portable data carrier ( 1 ) comprises: means for generating the digital signature adapted to generate the signature when releasing the signature generation in response to the user represented data that is at least a portion of the data to be signed; and an interface unit for receiving data; the server ( 5 ), identification data for identifying the data to be signed ( 12 ), wherein the identification data from the data to be signed ( 12 ) are derivable; characterized in that the server is adapted to determine display data by selecting from the data to be signed, the display data being displayed to the user as the displayed data.
  14. System according to claim 13, characterized that this System adapted A method according to any one of claims 1 to 12 is to be carried out.
  15. Portable data carrier for generating a digital signature for data to be signed ( 12 ) by a user ( 8th ), with: means for generating ( 29 ) of the digital signature; and an interface unit for receiving data; wherein the portable data carrier is adapted to generate the signature when in a server certain identification data for the data to be signed ( 12 ), agree with comparative data; and a release ( 17 . 18 ) generating the signature in response to the user representing at least a portion of the data to be signed ( 12 ) is received; characterized in that the portable data carrier is adapted to show the user display data selected in the server from the data to be signed.
  16. Portable data carrier according to claim 15 characterized in that adapted portable media is the Steps of the portable data carrier according to a Method according to one of claims 1 to execute 12.
  17. Program product, the program commands for one portable data carrier or a server, characterized in that the program instructions customized are to cause the portable disk or server accordingly, the respective steps of a method according to any one of claims 1 to 12 execute.
DE200410046847 2004-09-27 2004-09-27 Internet transactions using a integrated circuit chip card has completion based upon reception of digital user signature Ceased DE102004046847A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
DE200410046847 DE102004046847A1 (en) 2004-09-27 2004-09-27 Internet transactions using a integrated circuit chip card has completion based upon reception of digital user signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
DE200410046847 DE102004046847A1 (en) 2004-09-27 2004-09-27 Internet transactions using a integrated circuit chip card has completion based upon reception of digital user signature

Publications (1)

Publication Number Publication Date
DE102004046847A1 true DE102004046847A1 (en) 2006-04-13

Family

ID=36088652

Family Applications (1)

Application Number Title Priority Date Filing Date
DE200410046847 Ceased DE102004046847A1 (en) 2004-09-27 2004-09-27 Internet transactions using a integrated circuit chip card has completion based upon reception of digital user signature

Country Status (1)

Country Link
DE (1) DE102004046847A1 (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1780669A1 (en) * 2005-10-21 2007-05-02 Fiducia IT AG Method for digitally secured electronic communication and device for carrying out this method
EP1881441A2 (en) * 2006-07-19 2008-01-23 Secunet Security Networks Aktiengesellschaft Method for graphical display of digital data and device for performing the method
WO2008080879A1 (en) 2006-12-29 2008-07-10 Nec Europe Ltd. Method and system for increasing security when creating electronic signatures using a chip card
DE102007043892A1 (en) * 2007-09-14 2009-03-19 Eads Deutschland Gmbh Method for transmitting an electronic message in a transport network
FR2922669A1 (en) * 2007-10-22 2009-04-24 Oberthur Card Syst Sa PORTABLE ELECTRONIC DEVICE FOR THE EXCHANGE OF VALUES AND METHOD FOR IMPLEMENTING SUCH A DEVICE
FR2922670A1 (en) * 2007-10-22 2009-04-24 Oberthur Card Syst Sa METHOD AND DEVICE FOR EXCHANGING VALUES BETWEEN PERSONAL PORTABLE ELECTRONIC ENTITIES
WO2009127474A1 (en) * 2008-04-14 2009-10-22 Bundesdruckerei Gmbh Document with an integrated display and receiver unit
EP2154656A2 (en) 2008-08-14 2010-02-17 Giesecke & Devrient GmbH Photo token
DE102009008854A1 (en) 2009-02-13 2010-08-19 Giesecke & Devrient Gmbh Backup of transaction data
DE102009016532A1 (en) * 2009-04-06 2010-10-07 Giesecke & Devrient Gmbh Method for carrying out an application using a portable data carrier
EP2274731A1 (en) * 2008-04-14 2011-01-19 Bundesdruckerei GmbH Document with a memory and a receiver device
EP2393032A1 (en) 2006-10-16 2011-12-07 Giesecke & Devrient GmbH Method for running an application with the help of a portable data storage device
EP2696319A1 (en) * 2012-08-09 2014-02-12 Bundesdruckerei GmbH Method for enabling a transaction
DE102014110859A1 (en) * 2014-07-31 2016-02-04 Bundesdruckerei Gmbh Method for generating a digital signature
EP3026842A1 (en) * 2014-11-26 2016-06-01 Giesecke & Devrient GmbH Signature creation

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10124427A1 (en) * 2000-07-07 2002-01-17 Ibm Communication device authentication method compares hash values of transmission and reception devices provided using hash value algorithm
DE10152462A1 (en) * 2001-10-24 2003-06-18 Giesecke & Devrient Gmbh Signature of a document
DE10212620A1 (en) * 2002-03-18 2003-10-09 Ubs Ag Zuerich Secure user and data authentication via a communication network
WO2004032414A1 (en) * 2002-09-27 2004-04-15 Giesecke & Devrient Gmbh Digital data signing in a chip card comprising an integrated display

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10124427A1 (en) * 2000-07-07 2002-01-17 Ibm Communication device authentication method compares hash values of transmission and reception devices provided using hash value algorithm
DE10152462A1 (en) * 2001-10-24 2003-06-18 Giesecke & Devrient Gmbh Signature of a document
DE10212620A1 (en) * 2002-03-18 2003-10-09 Ubs Ag Zuerich Secure user and data authentication via a communication network
WO2004032414A1 (en) * 2002-09-27 2004-04-15 Giesecke & Devrient Gmbh Digital data signing in a chip card comprising an integrated display

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1780669A1 (en) * 2005-10-21 2007-05-02 Fiducia IT AG Method for digitally secured electronic communication and device for carrying out this method
EP2275983A1 (en) * 2005-10-21 2011-01-19 Fiducia IT AG Method for digitally secured electronic communication and device for carrying out this method
EP1881441A2 (en) * 2006-07-19 2008-01-23 Secunet Security Networks Aktiengesellschaft Method for graphical display of digital data and device for performing the method
EP1881441A3 (en) * 2006-07-19 2009-10-28 Secunet Security Networks Aktiengesellschaft Method for graphical display of digital data and device for performing the method
EP2393032A1 (en) 2006-10-16 2011-12-07 Giesecke & Devrient GmbH Method for running an application with the help of a portable data storage device
WO2008080879A1 (en) 2006-12-29 2008-07-10 Nec Europe Ltd. Method and system for increasing security when creating electronic signatures using a chip card
JP2010515321A (en) * 2006-12-29 2010-05-06 エヌイーシー ヨーロッパ リミテッド Method and system for enhancing the security of electronic signature generation with a chip card
DE102007043892A1 (en) * 2007-09-14 2009-03-19 Eads Deutschland Gmbh Method for transmitting an electronic message in a transport network
EP2053554A1 (en) 2007-10-22 2009-04-29 Oberthur Technologies Portable electronic device for exchanging values and method of implementing such a device
FR2922670A1 (en) * 2007-10-22 2009-04-24 Oberthur Card Syst Sa METHOD AND DEVICE FOR EXCHANGING VALUES BETWEEN PERSONAL PORTABLE ELECTRONIC ENTITIES
FR2922669A1 (en) * 2007-10-22 2009-04-24 Oberthur Card Syst Sa PORTABLE ELECTRONIC DEVICE FOR THE EXCHANGE OF VALUES AND METHOD FOR IMPLEMENTING SUCH A DEVICE
US9792592B2 (en) 2007-10-22 2017-10-17 Oberthur Technologies Portable electronic device for exchanging values and method of using such a device
EP2053553A1 (en) 2007-10-22 2009-04-29 Oberthur Technologies Method and device for exchanging values between portable personal electronic entities
US8290870B2 (en) 2007-10-22 2012-10-16 Oberthur Technologies Method and device for exchanging values between personal portable electronic entities
EP2274731B1 (en) * 2008-04-14 2018-08-08 Bundesdruckerei GmbH Document with a memory and a receiver device
WO2009127474A1 (en) * 2008-04-14 2009-10-22 Bundesdruckerei Gmbh Document with an integrated display and receiver unit
EP2274731A1 (en) * 2008-04-14 2011-01-19 Bundesdruckerei GmbH Document with a memory and a receiver device
DE102008037793A1 (en) 2008-08-14 2010-02-18 Giesecke & Devrient Gmbh Photo token
EP2154656A2 (en) 2008-08-14 2010-02-17 Giesecke & Devrient GmbH Photo token
DE102009008854A1 (en) 2009-02-13 2010-08-19 Giesecke & Devrient Gmbh Backup of transaction data
WO2010092104A1 (en) 2009-02-13 2010-08-19 Giesecke & Devrient Gmbh Securing transaction data
DE102009016532A1 (en) * 2009-04-06 2010-10-07 Giesecke & Devrient Gmbh Method for carrying out an application using a portable data carrier
US9147064B2 (en) 2009-04-06 2015-09-29 Giescke & Devrient Gmbh Method for carrying out an application with the aid of a portable data storage medium
WO2010115795A1 (en) 2009-04-06 2010-10-14 Giesecke & Devrient Gmbh Method for carrying out an application with the aid of a portable data storage medium
DE102012214132A1 (en) * 2012-08-09 2014-02-13 Bundesdruckerei Gmbh Procedure for releasing a transaction
EP2696319A1 (en) * 2012-08-09 2014-02-12 Bundesdruckerei GmbH Method for enabling a transaction
EP3361436A1 (en) * 2012-08-09 2018-08-15 Bundesdruckerei GmbH Method for releasing a transaction
DE102014110859A1 (en) * 2014-07-31 2016-02-04 Bundesdruckerei Gmbh Method for generating a digital signature
EP3026842A1 (en) * 2014-11-26 2016-06-01 Giesecke & Devrient GmbH Signature creation

Similar Documents

Publication Publication Date Title
RU2710897C2 (en) Methods for safe generation of cryptograms
US10142114B2 (en) ID system and program, and ID method
US9864994B2 (en) Terminal for magnetic secure transmission
US20200294026A1 (en) Trusted remote attestation agent (traa)
US10120993B2 (en) Secure identity binding (SIB)
US9467292B2 (en) Hardware-based zero-knowledge strong authentication (H0KSA)
US9904919B2 (en) Verification of portable consumer devices
DK2885904T3 (en) Procedure for user-easy authentication and device using a mobile application for authentication
KR101916173B1 (en) Pin verification
KR102165708B1 (en) Online payments using a secure element of an electronic device
US9372971B2 (en) Integration of verification tokens with portable computing devices
US10164966B2 (en) Decoupling identity from devices in the internet of things
US9124433B2 (en) Remote authentication and transaction signatures
ES2753964T3 (en) Procedure to generate a token software, software product and service computer system
US10586229B2 (en) Anytime validation tokens
US8826019B2 (en) Centralized authentication system with safe private data storage and method
US9818113B2 (en) Payment method using one-time card information
US20150033028A1 (en) Method for reading attributes from an id token
CN102834830B (en) The program of reading attributes from ID token
EP2485453B1 (en) Method for online authentication
Windley Digital Identity: Unmasking identity management architecture (IMA)
KR101584510B1 (en) Method for reading attributes from an id token
US8667285B2 (en) Remote authentication and transaction signatures
CN101765996B (en) Device and method for remote authentication and transaction signatures
EP2561490B1 (en) Stand-alone secure pin entry device for enabling emv card transactions with separate card reader

Legal Events

Date Code Title Description
OM8 Search report available as to paragraph 43 lit. 1 sentence 1 patent law
R012 Request for examination validly filed

Effective date: 20110902

R016 Response to examination communication
R002 Refusal decision in examination/registration proceedings
R006 Appeal filed
R008 Case pending at federal patent court
R081 Change of applicant/patentee

Owner name: GIESECKE+DEVRIENT MOBILE SECURITY GMBH, DE

Free format text: FORMER OWNER: GIESECKE & DEVRIENT GMBH, 81677 MUENCHEN, DE

R003 Refusal decision now final
R011 All appeals rejected, refused or otherwise settled