EP2561461A1 - Method for reading an attribute from an id token - Google Patents
Method for reading an attribute from an id tokenInfo
- Publication number
- EP2561461A1 EP2561461A1 EP11717537A EP11717537A EP2561461A1 EP 2561461 A1 EP2561461 A1 EP 2561461A1 EP 11717537 A EP11717537 A EP 11717537A EP 11717537 A EP11717537 A EP 11717537A EP 2561461 A1 EP2561461 A1 EP 2561461A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- computer system
- certificate
- token
- connection
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000013475 authorization Methods 0.000 claims abstract description 44
- 101100260765 Schizosaccharomyces pombe (strain 972 / ATCC 24843) tls1 gene Proteins 0.000 claims abstract description 12
- 238000004590 computer program Methods 0.000 claims description 6
- 238000010276 construction Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 4
- 150000001875 compounds Chemical class 0.000 claims 4
- 238000011156 evaluation Methods 0.000 description 9
- 230000008901 benefit Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 239000000047 product Substances 0.000 description 5
- 230000008569 process Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 239000013589 supplement Substances 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Definitions
- the invention relates to a method for reading at least one attribute from an ID token, a computer program product and a computer system.
- Various methods for managing the so-called digital identity of a user are known from the prior art:
- Microsoft Windows CardSpace is a client-based digital identity system designed to allow Internet users to compare their digital identity Communicate online services.
- the disadvantage here is, inter alia, that the user can manipulate his digital identity.
- OPENID is a server-based system.
- a so-called identity server stores a database with the digital identities of the registered users.
- One disadvantage of this is, inter alia, inadequate data protection, since the digital identities of the users are stored centrally and the user behavior can be recorded. From US 2007/0294431 A1 a further method for the management of the digital identities is known, which likewise requires a user registration.
- the invention is based on the object to provide an improved method for reading at least one attribute, as well as a corresponding computer program product and a computer system.
- a method for reading at least one attribute stored in an ID token, wherein the ID token is assigned to a user.
- the method includes the following steps: authenticating the user to the ID token; Authenticating a first computer system against the ID token; after successful authentication of the user and the first computer system against the ID token, read access of the first computer system to the at least one in the ID token stored attribute for transmitting the at least one attribute to a second computer system. This can create a "trust anchor".
- Embodiments of the invention allow one or more of the attributes stored in an ID token to be read by the first computer system, wherein the connection between the ID token and the first computer system may be established over a network, particularly the Internet.
- the at least one attribute may be an indication as to the identity of the user assigned to the ID token, in particular with regard to its so-called digital identity.
- the first computer system reads the attributes name, first name, address to forward these attributes to a second computer system, for example an online service.
- the ID token can be a portable electronic device, such as a so-called USB stick, or a document, in particular a value or security document.
- a first cryptographically secure connection between a browser of a third computer system and the second computer system is established, the third computer system receives a first certificate over the first connection.
- the receipt of the first certificate is required for the establishment of the first cryptographically secured connection
- the first certificate may also be received as part of the signature of the signed attribute specification over the first cryptographically secured connection from the third computer system.
- the first certificate includes an identifier of the second computer system.
- the first certificate received via the first cryptographically secured connection is stored by the third computer system at least temporarily for a predetermined period of time. Furthermore, a second cryptographically secured connection is established between the browser of the third computer system and the first computer system, and the signed attribute specification is forwarded via the second connection from the browser to the first computer system, for example via a so-called redirect.
- the first computer system is authorized by the operator of the second computer system through which a service is offered to perform the ID provider function.
- an authorization certificate assigned to the second computer system and, if applicable, the authorization certificates of further second computer systems, which can also use the ID provider function of the first computer system, are stored, as well as the respectively associated private keys.
- the authorization certificate associated with the second computer system includes its identifier.
- the first computer system Based on the signature of the attribute specification, the first computer system identifies the authentication certificate of that of the second computer system from which the attribute specification has been signed.
- a third cryptographically secured connection is set up between the first computer system and the client of the third computer system, wherein the client of the third computer system receives the authorization certificate from the first computer system via the third connection.
- the client On the part of the third computer system, the client then checks whether the identifiers match.
- the certificate of the first computer system can then be used to then subsequently transmit the authorization certificate of the identified second computer system via this third connection, or the authorization certificate of the second computer system can be used to set up the third computer system.
- th connection are used so that in this case the authorization certificate is transmitted.
- this is a proof that the first certificate is associated with the service certificate associated with the second computer system and by means of which the attribute specification has been signed, and the entitlement certificate are associated with each other service certificate such assignment does not indicate a Man in the Middle Attack, so a demolition occurs.
- the first computer system authenticates against the ID token and a fourth end-to-end cryptographically secured connection between the ID token and built the first computer system. If the user has also successfully authenticated against the ID token, then the read access of the first computer system can take place via the fourth connection.
- a "document” is understood to mean paper-based and / or plastic-based documents, such as identity documents, identity cards, visas and driving licenses, vehicle registration documents, vehicle registration documents, company ID cards, health cards or other ID documents as well as chip cards, payment means, in particular Banknotes, bank cards and credit cards, bills of lading or other credentials, in which a data memory for storing the at least one attribute is integrated.
- a “certificate” is understood here as a digital certificate, which is also referred to as a public-key certificate, which is a structured data that serves to identify a public key of an asymmetric cryptosystem of an identity, such as Example of a person or device to assign, for example, the certificate may conform to the standard X.509 or any other standard, in particular it may be an SSL certificate or a TLS certificate.
- a “Certificate of Authorization” is understood herein to mean a certificate that includes a specification of access rights to attributes stored in the ID token.An authorization certificate may include a reference to one or more certificates, in particular SSL or TLS certificates, corresponding to the authorization - are assigned certificate of approval.
- Embodiments of the invention are thus particularly advantageous since the at least one attribute is read from a particularly trustworthy document, for example an official document. Of particular advantage is further that a central storage of the attributes is not required. Thus, the invention enables a particularly high degree of trustworthiness with regard to the communication of the attributes belonging to a digital identity, combined with optimum data protection and extremely convenient handling.
- the first computer system has at least one authorization certificate, which is used to authenticate the first computer system against the ID token.
- the entitlement certificate includes an indication of those attributes for which the first computer system has read permission.
- the ID token uses this certificate to verify that the first computer system has the read permission to read the attribute before such read access can be performed by the first computer system.
- This entitlement certificate is associated with a service certificate of the second computer system, i. it contains the same identifier as the service certificate. If there is no man-in-the-middle attack, the first certificate received by the third computer system in establishing the first connection is the service certificate of the second computer system.
- the first computer system sends the at least one attribute read out from the ID token directly to the second computer system.
- the second computer system may be, for example, a server for providing an on-line service or other service, such as a banking service or ordering a product.
- the user can open an account online, including attributes that include the identity of the user, are transferred from the first computer system to the second computer system of a bank.
- the third computer system has a conventional browser with which the user can open a web page of the second computer system. The user can enter a request or order for a service or product into the web page.
- the second computer system then specifies those attributes, for example the user or his ID token, which it needs for the provision of the service or the acceptance of the order.
- the corresponding attribute specification including the specification of these attributes is then sent from the second computer system via the third computer system to the first computer system.
- the service request of the user to the second computer system includes the indication of an identifier, wherein the identifier identifies the first computer system.
- the identifier is a link, for example a URL of the first computer system.
- the attributes read from the ID token are signed by the first computer system and then transmitted to the third computer system.
- the user of the third computer system can thus read the attributes, but without being able to change them. Only after release by the user are the attributes forwarded from the third computer system to the second computer system.
- the user can supplement the attributes before their forwarding by further data.
- the first computer system has a plurality of authorization certificates with different read rights. Due to the receipt of the attribute specification, the first computer system selects one or more of these Authorization certificates to read the corresponding attributes from the ID token.
- the first, second and third connections are each transport layer connections which are cryptographically secured.
- the first, second and third connections are each Transport Layer Security (TLS) or Secure Sockets Layer (SSL) connections.
- TLS Transport Layer Security
- SSL Secure Sockets Layer
- the fourth end-to-end encryption connection between the ID token and the first computer system is placed on a higher layer, such as the one shown in FIG. an application layer, constructed using the third connection.
- the TLS protocol in version 1.0 or later is used to secure the communication (The TLS Protocol, Version 1.0, http://www.etf.org/rfc/rfc2246; The Transport Layer Security (US Pat. TLS) Protocol, Version 1.1, http://www.ietf.org/rfc/rfc4346).
- the cryptographic algorithms and safety parameters used in this case preferably satisfy the requirements of the Technical Guideline Cryptographic Procedures: Recommendations and Key Lengths (BSI-TR-02102), Version 1.0, 20.06.2008: https://www.bsi.bund.de/cae/ servlet / contentblob / 477256 / publicationFile / 43752 / BSI-TR-02102_V1_0_pdf.pdf defined requirements.
- the second computer system generates a Security Assurance Markup Language (SAML) object, which contains the attribute specification and the signature of the second computer system.
- SAML Security Assurance Markup Language
- the SAML object is transmitted over the first connection to the third computer system and forwarded by the redirect from the third computer system to the first computer system via the second connection.
- the first computer system includes a SAML logic component, that is, a computer program for receiving and processing SAML objects.
- the second connection is established in this embodiment between the browser of the third computer system and the SAML logic component of the first computer system.
- the first computer system includes a protocol stack component, that is to say a computer program for carrying out a predetermined protocol stack, such as, for example, the protocol stack TR03112 specified by the Federal Office for Information Security.
- the third connection is established in such an embodiment between the client of the third computer system and the protocol stack component of the first computer system.
- the browser of the third computer system has a plug-in program.
- the plug-in program implements the forwarding of the signed attribute specification, such as the SAML object, over the second connection, as well as the launch of the client and the delivery of the first certificate received over the first connection to the client.
- the client implements the check to see if the identifiers of the certificates match.
- the service certificate of the service computer system is an SSL certificate.
- the SSL certificate of the service computer system includes the identifier by which the service computer system is uniquely identified. This identifier may be the public key of the service computer system, a hash value of this public key, or some other unique identifier.
- the identifier by which the service computer system (and the authorization certificate) are uniquely identified is given in the form of a URL composed of the service provider's Internet domain and a path listing the service provider's web application which the user can access with his browser.
- the general format is: https: // ⁇ service provider domain> / ⁇ service provider application>
- the first cryptographically secured connection is an SSL connection
- the establishment of this first connection involves the transmission of the service certificate of the service computer system, that is to say the second computer system, to the user computer system, that is to say the third computer system. required.
- This service certificate is identical to the first certificate received from the user computer system unless there is a "man-in-the-middle attack" 1 .
- the first certificate is stored by the user computer system.
- the ID provider computer system may be associated with an ID provider certificate.
- the I D provider certificate can also be an SSL certificate.
- the I D provider certificate includes an identifier of the ID provider computer system, such as its public key, a hash of its public key, or another unique identifier by which the ID provider computer system, that is, the first computer system, identifies becomes.
- the second cryptographically secured connection is a TLS connection
- its construction requires the transmission of the ID provider certificate from the ID provider computer system to the user computer system.
- the second certificate that the user computer system receives is identical to the I D provider certificate if there is no man-in-the-middle attack.
- the user computer system also stores the second certificate, i. normally the ID provider certificate, from.
- both the identifier of the service computer system and the identifier of the ID provider computer system are included in the authorization certificate of the ID provider computer system. If there is no "man-in-the-middle attack" regarding the construction of the second cryptographically secured connection, then the second certificate received from the user computer system is the ID provider certificate. The-middle attacks can therefore be caused by the user's computer system be excluded if the identifier of the first certificate is present in the authorization certificate and also the identifier of the second certificate is also specified in the authorization certificate.
- the invention relates to a computer program product, in particular a digital storage medium, with executable program instructions for carrying out a method according to the invention.
- the ID token has a protected memory area for storing at least one attribute, means for authenticating the ID token associated with the ID token against the ID token, means for authenticating the first computer system to the ID token, means for Structure of the fourth connection to the first computer system, via which the first computer system can read the at least one attribute, wherein a necessary condition for reading the at least one attribute from the ID token by the first computer system, the successful authentication of the user and first computer system against the ID token.
- MRTD Extended Access Control for machine-readable travel documents
- ICAO international aviation authority
- the ID token has means for end-to-end encryption. This makes it possible to set up the fourth connection between the ID token and the first computer system via the third computer system of the user, since the user can not make any changes to the data transmitted via the connection due to the end-to-end encryption.
- the first computer system has means for receiving an attribute specification over a network, the attribute specification specifying at least one attribute, means for authenticating against an ID token, means for reading at least one attribute from the ID token via a secured fourth A connection wherein reading the at least one attribute requires that a user associated with the ID token has authenticated against the ID token.
- the first computer system may include means for generating a request to the user. After the first computer system has received the attribute specification from, for example, the second computer system, it then sends a request to the user's third computer system, prompting the user to authenticate against the ID token. After the user's authentication to the ID token has been successfully performed, the first computer system receives an acknowledgment from the third computer system. Thereafter, the first computer system authenticates to the ID token, and the secure fourth connection between the ID token and the first computer system is established with end-to-end encryption.
- the first computer system has a plurality of authorization certificates, each specifying different read rights. Upon receiving the attribute specification, the first computer system selects at least one of these authentication certificates with the read rights sufficient to read the specified attributes.
- Embodiments of the first computer system of the present invention are particularly advantageous because, in combination with the need to authenticate the user against the ID token and reliably guard against "man-in-the-middle" attacks, they provide a trust anchor for the user's unadulterated digital identity In this case, it is of particular advantage that this does not require any prior registration of the user with respect to the computer system and also no central storage of the attributes of the users forming the digital identities.
- the first computer system is an officially certified trust center, in particular a signature center-compliant trust center.
- the various functional means of the computer systems are implemented by executable program instructions, a combination of hardware and software components, and / or by electronic logic circuits.
- Figure 1 is a block diagram of a first embodiment according to the invention
- FIG. 2 shows a flowchart of an embodiment of an inventive device
- Method, Figure 3 is a UML diagram of another embodiment of a method according to the invention.
- the user computer system 100 may be a personal computer, a portable computer, such as a laptop or palmtop computer, a persona! Digital Assistant, a mobile telecommunications device, in particular a smart phone, or the like act.
- the user computer system 100 has an interface 104 for communicating with an ID token 106 having a corresponding interface 108.
- the interfaces 104 and 108 may be, for example, Near Field Communication (NFC), Bluetooth, RFI D interfaces or the like.
- the user computer system 100 has at least one processor 110 for executing program instructions 112 and 113 and a network interface 114 for communicating over a network 116.
- the network may be a computer network, such as the Internet.
- a browser such as e.g. Microsoft Internet Explorer or another common browser program implemented.
- the program instructions 112 may include a so-called plug-in for the browser.
- the program instructions 113 implement a client.
- the corresponding server is formed by a protocol stack component 172 of the ID provider computer system 36.
- the ID token 106 has an electronic memory 118 with protected memory areas 120, 122, and 124.
- the protected memory area 120 serves to store a reference value needed for authenticating the user 102 to the ID token 106.
- This reference value is, for example, an identifier, in particular a so-called Personal Identification Number (PIN), or reference data for a biometric feature of the user 102, which can be used for the authentication of the user to the ID token 106
- PIN Personal Identification Number
- the protected area 122 is for storing a private key
- the protected memory area 124 is for storing attributes, such as the user 102, such as name, place of residence, date of birth, gender, and / or attributes including the ID token itself, such as the institution that created or issued the ID token, the validity period of the ID token, an identifier of the ID token, such as a passport number or a credit card number.
- the electronic memory 118 may further include a storage area for storing a certificate 126.
- the certificate 126 includes a public Key associated with the private key stored in the protected storage area 122.
- the certificate may have been initialed according to a Public Key Infrastructure (PKI) standard, for example according to the X.509 standard.
- PKI Public Key Infrastructure
- the certificate 126 does not necessarily have to be stored in the electronic memory 118 of the ID token 106.
- the certificate 126 may also be stored in a public directory server.
- the ID token 106 has a processor 128.
- the processor 128 is for executing program instructions 130, 132 and 134.
- the program instructions 130 are for user authentication, i. for authenticating the user 102 to the ID token.
- the user 102 enters his PIN for authentication in the ID token 106, for example, via the user computer system 100. Execution of the program instructions 130 then accesses the protected memory area 120 for the entered PIN with the reference value of the PIN stored there. In the event that the entered PIN matches the reference value of the PIN, the user 102 is considered authenticated.
- a biometric feature of the user 102 is captured.
- the ID token 106 has a fingerprint sensor or a fingerprint sensor is connected to the user's computer system 100.
- the biometric data acquired by the user 102 is compared to the biometric reference data stored in the protected memory area 120 by executing the program instructions 130 in this embodiment. If the biometric data acquired by the user 102 sufficiently matches the biometric reference data, the user 102 is considered authenticated.
- the program instructions 134 are used to execute the steps of a cryptographic protocol concerning the ID token 106 for the purpose of authenticating an I D provider computer system 136 with respect to the ID token 106.
- the cryptographic protocol can be based on a challenge-response protocol. act on a symmetric key or an asymmetrical key pair.
- the cryptographic protocol implements an Extended Access Control method as specified for machine-readable travel documents (RTD) by the International Aviation Authority (ICAO).
- RTD machine-readable travel documents
- ICAO International Aviation Authority
- the ID provider computer system 136 authenticates against the ID token, thereby verifying its readability to read the attributes stored in the protected storage area 124.
- the authentication may also be mutually, i. also, the ID token 106 must then authenticate to the ID provider computer system 136 according to the same or another cryptographic protocol.
- the program instructions 132 serve for the end-to-end encryption of data transmitted between the ID token 106 and the ID provider computer system 136, or at least the attributes read from the protected memory area 124 by the ID provider computer system 136.
- a symmetric key may be used, which is agreed upon, for example, during the execution of the cryptographic protocol between the ID token 106 and the ID provider computer system 136.
- the user computer system 100 with its interface 104 can not communicate directly with the interface 108, but via a reading device for the ID token 106 connected to the interface 104. Via this reading device, such as For example, a so-called class 2 smart card terminal, the PIN can also be entered.
- the ID provider computer system 136 has a network interface 138 for communication over the network 116.
- the ID provider computer system 136 also has a memory 140 in which one or more entitlement certificates and associated private keys are stored. Each of the certificates is associated with one of the service computer systems. For example, various service computer systems, such as the service computer system I 150, the service computer system II 150 '... are connected.
- the service computer system I is identified by the assigned operator of the service "computer system I certificate ZD I. Accordingly, the service computer system II is identified by the certificate ZD II assigned to the operator of the service computer system II. The operators of these service computer systems have authorized the operator of the ID provider computer system 136 to perform the ID provider function for these service computer systems.
- an ID provider certificate ZDID 188 is stored in the memory 140.
- the ID provider computer system 136 further has at least one processor 145 for executing program instructions 146 and 148.
- the steps of the cryptographic protocol concerning the ID provider computer system 136 are executed.
- the cryptographic protocol is implemented by executing the program instructions 134 by the processor 128 of the ID token 106 and by executing the program instructions 146 by the processor 145 of the ID provider computer system 136.
- the program instructions 148 are used to implement the end-to-end encryption on the ID provider computer system 136 side, for example, based on the symmetric key that is present during the execution of the cryptographic protocol between the ID token 106 and the I D provider - Computer system 136 has been agreed.
- each method known per se can be used to agree the symmetric key for the end-to-end End encryption, such as a Diffie-Hellman key exchange.
- the processor 145 also provides evaluation logic 174 and a protocol stack component 172.
- the evaluation logic 174 may be a program module that forms a SAML logic component to receive and evaluate a SAML object.
- the protocol stack component 172 may be a program module for implementing a communication protocol, such as the technical guideline of the Federal Office for Information Security, BSI TR-03112-7.
- BSI TR-03112-7 the technical guideline of the Federal Office for Information Security
- the ID provider computer system 136 is preferably located in a particularly protected environment, in particular in a so-called trust center, so that the ID provider computer system 136 in combination with the necessity of authenticating the user 102 to the ID token 106 Trust anchor for the authenticity of the read from the ID token 106 attributes.
- a service computer system 150 may be configured to receive an order or order for a service or product, particularly an online service.
- the user 102 may open an account online with a bank via the network 16, or may use other financial or banking services.
- the service computer system 150 can also be designed as an online department store, so that the user 102 can, for example, purchase a mobile telephone or the like online.
- the service computer system 150 may also be configured to provide digital content, such as for downloading music and / or video data.
- the service computer system 150 has for this purpose a network interface 152 for connection to the network 116.
- the service computer system 150 has at least one processor 154 for executing program instructions 156. By executing the program instructions 156, for example, dynamic HTML pages are generated via which the user 102 can enter his order or his order.
- the service computer system 150 must review one or more attributes of the user 102 and / or its ID token 106 based on one or more predetermined criteria. Only if this check is passed will the order or order of the user 102 be accepted and / or executed.
- the user 102 For example, to open a bank account or purchase a mobile phone with a related contract, it is required that the user 102 reveal his identity to the service computer system 150 and that this identity be verified. In the prior art, for example, the user 102 has to present his identity card for this purpose. This process is replaced by the reading of the digital identity of the user 102 from its ID token 106.
- the user 102 does not have to disclose his identity to the service computer system 150, but the message, for example only one of the attributes, is sufficient.
- the user 102 can provide evidence via one of the attributes that he belongs to a specific group of persons who are authorized to access data for download on the service computer system 150.
- a criterion may be a minimum age of the user 102 or the affiliation of the user 102 to a group of people having access to certain confidential data.
- the computer systems according to FIG. 1 are designed such that the service certificate 144 contains an identifier of the relevant service computer system.
- the service computer system 1 is identified by the identifier of the certificate ZDI.
- the I D provider certificate ZDID 188 includes an identifier through which the ID provider computer system 136 is clearly identified.
- the entitlement certificate 186 associated with the service computer system 1 accordingly includes the identifier of the service computer system I and the identifier of the ID provider computer system.
- the user 102 starts the execution of the program instructions 112, for example, a standard web browser program, such as Microsoft Internet Explorer. Via the network 116, i. For example, the Internet, the user 102 selects one of the service computer systems. In the following, it will be assumed, without loss of generality, that the user 102 selects the service computer system I. On the website of the service computer system I, the user 102 selects a specific service offered by the service computer system 1. Subsequently, a first cryptographically secured connection TLS1 is established between the service computer system i and the browser 112. You can use the Transport Layer Security (TLS) protocol for this. For the establishment of the first cryptographically secured connection TLS1, the service computer system I transmits its certificate ZD I 144 to the user during the execution of the TLS protocol.
- TLS Transport Layer Security
- the authorization certificate ZDB I 186 includes a reference to the certificate ZD I 144, which may be designed in particular as a TLS certificate.
- the user computer system 100 thus receives a first certificate Z 176.
- This certificate Z 176 is normally the certificate ZD I 144 of the service computer system I.
- the certificate ZD I 144 is exchanged by the attacker 178 by its certificate ZA 180, so that the user computer system 100 then stores the certificate ZA 180 as a certificate Z 176.
- the service computer system I After establishing the connection TLS1, the service computer system I sends an attribute specification 182 via TLS1 to the browser 112 of the user computer system 100.
- the attribute specification 182 includes a specification of those attributes of the ID token 106, the knowledge of which the service Computer system ⁇ required to provide the desired by the user 102 service.
- This attribute specification 182 is a request from the service computer system I to the I D provider computer system 136 to securely read these attributes.
- the attribute specification 182 is signed by the service computer system I using the private key 142.
- the signature also includes the certificate ZD I.
- the attacker 178 may attempt to manipulate the signature of the request 182 by exchanging the certificate ZD I for the certificate ZA.
- the attribute specification 182 also includes the identifier of the service computer system I.
- the attribute specification 182 may take the form of a so-called SAML object. Due to the reception of the SAML object 182, a plug-in program of the browser 112 is addressed. Subsequently, a second cryptographically secured connection TLS2 is established between the browser 112 and the evaluation logic 174 of the ID provider computer system 136 via the network 116, for example likewise according to the TLS protocol.
- the ID provider certificate ZDID 188 is sent to the user computer system 100 and received there as a second certificate 190, which is identical to ZDID 188, unless it is due to a man-in-the-middle attack by the attacker's ZA certificate 180 has been replaced.
- the certificate 190 is stored by the user computer system 100. Further, the program instructions 113 (client) are started.
- the signed request 182 is forwarded via a so-called redirect from the browser 112 via the connection TLS2 to the evaluation logic 174.
- the ID provider computer system 136 evaluates the request 82 with the aid of the evaluation logic 174. Thereby, the ID provider computer system 136 identifies the service computer system, ie here the service computer system I, from which the request 182 has been sent. This can be done by using the signature of the request 182 or by using another identifier of the service computer system I included in the request 182.
- an authorization certificate with the associated private key must be available in the memory 140 matches the established identity of the requesting service computer system, here the service computer system I. If such an authorization certificate can not be found, the process is aborted at this point.
- the evaluation logic 174 selects the certificate ZDB I from the memory 140 for the further procedure. Also, in the transmission of request 182 over TLS2, a man in the middle attack may occur, such as again by attacker 178, who may attempt to manipulate the signature of request 82 using its certificate ZA.
- the I D provider computer system 136 transmits the authorization certificate of the identified service computer system, here the certificate ZDB 1 186 of the identified service computer system I, to the client 113.
- the client 113 checks, whether the authorization certificate received via the connection TLS3, in this case the certificate ZDB 1, agrees with the stored certificates 176 and 190.
- the ID provider certificate can be used, then subsequently to transmit the authorization certificate of the identified service computer system via TLS3, or the authorization certificate of the identified service computer system can be used for establishing the secure connection TLS3, so that in this case the authorization certificate is transmitted.
- the certificates 176 and 190 contain the identifiers of the received authorization certificate. If not, this indicates the presence of a Man in the Middle Attack, and further action is aborted. On the other hand, if there is a match, it can continue.
- Authenticate the user 102 to the ID token 106 The user 102 authenticates himself to the ID token 106.
- the user 102 for this purpose enters his PIN, for example via the user computer system 100 or a smart card terminal connected thereto.
- the ID token 106 then checks the correctness of the entered PIN. If the entered PIN matches the reference value of the PIN stored in the protected memory area 120, then the user 102 is considered authenticated.
- An analogous procedure can be used if a biometric feature of the user 102 is used for its authentication, as described above. Authenticating the I D provider computer system 136 against the ID token 106.
- a fourth connection 184 is established between the ID token 106 and the ID provider computer system 136 via the user computer system 100 and the network 116.
- the fourth connection 184 is established at a higher level (layer) of the OSI layer model than the connection TLS3.
- the third connection TLS3 and the communication between the interfaces 108 and 104 are used for the fourth connection.
- the authentication certificate of the service computer system identified by the ID provider computer system 136 i. here ZDB l
- Program instructions 134 then generate a so-called challenge, i. for example, a random number. This random number is encrypted with the public key of the I D provider computer system 136 contained in the certificate 144.
- the resulting cipher is sent from the ID token 106 over the connection 184 to the ID provider computer system 136.
- the ID provider computer system 136 decrypts the ciphertext using its private key 142, thus obtaining the random number.
- the random number returns ID provider computer system 136 to ID token 106 via connection 184.
- it is checked whether the random number received from the ID provider computer system 136 matches the originally generated random number, ie, the challenge. If so, the ID provider computer system 136 is considered to be facing ID ⁇ Token 106 is authenticated.
- the random number can be used as a symmetric key for end-to-end encryption.
- the ID provider computer system 136 After the user 102 has successfully authenticated against the ID token 106, and after the ID provider computer system 36 has successfully authenticated against the ID token 106, the ID provider computer system 136 obtains read permission to Reading one, more, or all of the attributes stored in the protected storage area 124. On the basis of a corresponding read command, which the ID provider computer system 136 sends via the connection to the ID token 106, the requested attributes are read from the protected memory area 124 and encrypted by execution of the program instructions 132. The encrypted attributes are transmitted via the connection to the ID provider computer system 136 and decrypted there by execution of the program instructions 148. As a result, the ID provider computer system 136 receives knowledge of the attributes read from the ID token 06.
- Service computer system 150 This notifies the service computer system 150 of the attributes read from the ID token 106 so that the service computer system 150 can check these attributes against the predetermined one or more criteria, and thereafter, if necessary, the service requested by the user 102 to provide.
- the need to authenticate the user 102 to the ID token 106 and to authenticate the I D provider computer system 136 to the ID token 106 provides the necessary trust anchor so that the service computer system 150 can be assured that it will be attributes of the user 102 communicated by the ID provider computer system 136 are true and not corrupted.
- the order of authentication may be different. For example, provision may be made for the user 102 first to have to authenticate against the ID token 106 and subsequently for the ID provider computer system 136.
- the ID provider computer system 136 it is also fundamentally possible for the ID provider computer system 136 to be initially opposite to the ID provider. Token 106 must authenticate and only subsequently the user 102.
- the ID token 106 is configured to be enabled by the user 102 only by entering a correct PIN or biometric feature. Only this activation allows the start of the program instructions 132 and 134 and thus the authentication of the I D provider computer system 136th
- the program instructions 134 are designed so that the ID provider computer system 136 can only perform a read access to the protected memory area 124 for reading one or more of the attributes, after the successful execution of the program instructions 130 of the authentication User 102 has been signaled.
- a further particular advantage is the protection against man in the middle attacks, in particular on the basis of the examination of the client 113, whether the certificate 176 or 190 agrees with the authorization certificate subsequently received on the occasion of the establishment of the third connection TLS3.
- the various possible Man in the Middle attacks for example, the attacker 178, can be effectively fended off.
- ID token 106 for, for example, e-commerce and e-government applications, namely media-free and legally secure due to the need for authentication of the user 102 and the I D provider computer system 136 Trust anchor formed opposite the ID token 106.
- a central storage of the attributes of different users 102 is not required is, so that the existing state of the art privacy problems are hereby resolved.
- a prior registration of the user 102 for claiming the I D provider computer system 136 is not required.
- FIG. 2 shows an embodiment of a method according to the invention.
- a service request is sent from the user computer system to the service computer system.
- the user starts an Internet browser of the user computer system and enters a URL for calling a web page of the service computer system.
- the user then enters his service request into the accessed web page, for example for ordering or placing an order for a service or a product.
- step 201 the first connection TLS1 is established.
- the certificate of the service computer system is communicated to the user computer system.
- the user computer system thus receives knowledge of the certificate of the service computer system, which, however, may have been replaced by an attacker by an attacker certificate ZA due to a man in the middle attack.
- the certificate of the service computer system or that of the attacker is then stored by the user computer system.
- the service computer system 150 specifies one or more attributes that it needs to verify the user's entitlement to the service request.
- the service computer system may specify attributes that determine the digital identity of the user 102.
- This specification of the attributes by the service computer system 150 may be fixed or, depending on the service request, determined in each case by the service computer system 150 according to predetermined rules. This attribute specification is signed by the service computer system.
- step 203 the signed attribute specification, ie the specification of the one or more of the attributes made in step 202, of the service Computer system to the iD provider computer system, via the connection TLS1, and received from the browser.
- a browser plug-in program then starts the client of the user computer system. Furthermore, the second connection TLS2 is established between the browser and the evaluation logic of the ID provider computer system, and the signed request by a so-called redirect of the browser via the second connection TLS2 to the ID provider computer system, i. its evaluation logic, forwarded.
- the ID provider certificate is sent to the user computer system and the second certificate subsequently received by the user computer system is stored.
- the service provider computer system from which the signed request originates is identified by the ID provider computer system. This can be done by checking the validity of the signature of the request from the ID provider computer system, and if the signature is valid, the signature of the signature is used to identify the service computer system.
- the third connection TLS3 is then established between the protocol stack component and the client. In this case, the authorization certificate of the service computer system possibly identified by the ID provider computer system is transmitted to the client.
- step 207 the client of the user computer system 100 then checks whether the identifiers of the stored first and second certificates match the authorization certificate of the identified service computer system received when the third connection TLS3 was set up. If this is not the case, an abort occurs in step 208, since there is a man in the middle attack. Otherwise, the user authenticates to the ID token in step 209 to allow the ID provider computer system to retrieve attributes from the ID token.
- the fourth connection is established between the ID token and the ID provider computer system.
- This is a secure connection, for example using a so-called secure messaging method.
- at least one authentication of the ID provider computer system to the ID token takes place via the connection set up in step 208.
- authentication of the ID token against the ID provider computer system may be provided.
- the ID provider computer system obtains from the ID token the access to read the attributes.
- the ID provider computer system sends one or more read commands to read out the attributes required by the attribute specification from the ID token.
- the attributes are then transmitted via end-to-end encryption over the secure connection to the ID provider computer system and decrypted there.
- the read attribute values are signed by the ID provider computer system in step 214.
- the ID provider computer system sends the signed attribute values over the network.
- the signed attribute values reach the service computer system either directly or through the user computer system. In the latter case, the user may have the opportunity to take note of the signed attribute values and / or to supplement them with further data. It can be provided that the signed attribute values, if appropriate with the supplemented data, are forwarded by the user computer system to the service computer system only after release by the user. As a result, the greatest possible transparency for the user with respect to the attributes sent by the ID provider computer system to the service computer system is achieved.
- FIG. 3 shows a further embodiment of a method according to the invention.
- the user 02 specifies a service of a Dtenst computer system, which he or she would like to use. This is done, for example, by calling an Internet page of the service computer system and a selection of one of the services offered there.
- the service request of the user 102 is transmitted from the user computer system 100 to the service computer system 150.
- the service computer system 150 responds to the service request with a signed attribute specification, i. For example, a list of attribute names in the form of a SAML object, which is transmitted to the browser 112 via TLS1.
- a signed attribute specification i. For example, a list of attribute names in the form of a SAML object, which is transmitted to the browser 112 via TLS1.
- the browser 112 receives a certificate 176 which is temporarily stored.
- the user computer system 100 prompts the user 102, for example, by a prompt, for authentication against the ID token 106. This request can be made by a plug-in of the browser 112 or by a client 113 of the user computer system 100.
- the user 102 then authenticates himself to the ID token 106, for example by entering his PIN.
- the signed attribute specification is forwarded from the user computer system 100 to an ID provider computer system 136 through a so-called redirect of the browser 112 over TLS2.
- the ID provider computer system 136 identifies the service computer system 150 based on the signed attribute specification and then establishes the connection TLS3 to the client 113 of the user computer system using, for example, a BSI TR-03 12 compliant protocol.
- the authentication certificate of the identified service computer system 150 is transmitted to the client 113.
- the client 113 also receives from the browser 112 the certificate 176 received on the occasion of the establishment of TLS1 and compares the two certificates with each other.
- the process proceeds further by then authenticating the ID provider computer system via the third connection and the interfaces of the user computer system and the ID token (compare interfaces 104 and 108 in FIG Embodiment of Figure 1), after which the fourth connection is constructed with end-to-end encryption.
- the I D provider computer system 136 then makes a read request to read the attributes according to the attribute specification to the ID token 106 over the fourth connection. Given the previous successful authentication of the user 102 and the ID provider computer system 136, the ID token 106 responds to the read request with the desired attributes.
- the ID provider computer system 136 signs the attributes and sends the signed attributes to the user computer system 100. Upon approval by the user 102, the signed attributes are then transmitted to the service computer system 150, which may then provide the service desired, if desired ,
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP23208338.6A EP4357945A3 (en) | 2010-04-22 | 2011-04-20 | Method for reading an attribute from an id token |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE201010028133 DE102010028133A1 (en) | 2010-04-22 | 2010-04-22 | A method of reading an attribute from an ID token |
PCT/EP2011/056315 WO2011131715A1 (en) | 2010-04-22 | 2011-04-20 | Method for reading an attribute from an id token |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP23208338.6A Division EP4357945A3 (en) | 2010-04-22 | 2011-04-20 | Method for reading an attribute from an id token |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2561461A1 true EP2561461A1 (en) | 2013-02-27 |
Family
ID=44175990
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP23208338.6A Pending EP4357945A3 (en) | 2010-04-22 | 2011-04-20 | Method for reading an attribute from an id token |
EP11717537A Ceased EP2561461A1 (en) | 2010-04-22 | 2011-04-20 | Method for reading an attribute from an id token |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP23208338.6A Pending EP4357945A3 (en) | 2010-04-22 | 2011-04-20 | Method for reading an attribute from an id token |
Country Status (5)
Country | Link |
---|---|
US (2) | US8812851B2 (en) |
EP (2) | EP4357945A3 (en) |
CN (1) | CN102834830B (en) |
DE (1) | DE102010028133A1 (en) |
WO (1) | WO2011131715A1 (en) |
Families Citing this family (45)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102011082101B4 (en) | 2011-09-02 | 2018-02-22 | Bundesdruckerei Gmbh | A method of creating a soft token, computer program product, and service computer system |
DE102011122972B3 (en) | 2011-10-18 | 2024-02-08 | Bundesdruckerei Gmbh | Method for starting an external application and bidirectional communication between a browser and an external application without browser extensions |
DE102011084728B4 (en) | 2011-10-18 | 2015-04-02 | Bundesdruckerei Gmbh | Method for starting an external application and bidirectional communication between a browser and an external application without browser extensions |
DE102011085538A1 (en) | 2011-11-01 | 2013-05-02 | Bundesdruckerei Gmbh | Document, Method for authenticating a user, in particular for activating a chip card function, and computer system |
DE102011089580B3 (en) * | 2011-12-22 | 2013-04-25 | AGETO Innovation GmbH | Method for reading e.g. attribute stored in passport, for electronic-commerce application, involves examining whether attribute of security assertion markup language response fulfills criterion as premiss for contribution of service |
US9774581B2 (en) * | 2012-01-20 | 2017-09-26 | Interdigital Patent Holdings, Inc. | Identity management with local functionality |
DE102012201209A1 (en) | 2012-01-27 | 2013-08-01 | AGETO Innovation GmbH | A method for creating a pseudonym using an ID token |
DE102012202744A1 (en) | 2012-02-22 | 2013-08-22 | AGETO Innovation GmbH | A method for creating a pseudonym using an ID token |
DE102012202781A1 (en) | 2012-02-23 | 2013-08-29 | Bundesdruckerei Gmbh | Computer-implemented method for usage control, computer program product, data processing system and transport system |
DE102012215630A1 (en) | 2012-09-04 | 2014-03-06 | Bundesdruckerei Gmbh | Method for Personalizing a Secure Element (SE) and Computer System |
DE102012219618B4 (en) * | 2012-10-26 | 2016-02-18 | Bundesdruckerei Gmbh | A method of creating a soft token, computer program product, and service computer system |
DE102012224083A1 (en) | 2012-12-20 | 2015-08-20 | Bundesdruckerei Gmbh | Method for Personalizing a Secure Element (SE) and Computer System |
DE102013203257A1 (en) * | 2013-02-27 | 2014-08-28 | Bundesdruckerei Gmbh | Reading an attribute from an ID token |
US10218815B2 (en) | 2013-03-13 | 2019-02-26 | Unify Gmbh & Co. Kg | Method, device, and system for communicating a changeability attribute |
DE102013212636A1 (en) * | 2013-06-28 | 2014-12-31 | Bundesdruckerei Gmbh | Electronic transaction procedure and computer system |
DE102013224285A1 (en) * | 2013-11-27 | 2015-05-28 | Bundesdruckerei Gmbh | Electronic transaction procedure and computer system |
US9722794B2 (en) | 2014-02-10 | 2017-08-01 | Ims Health Incorporated | System and method for remote access, remote digital signature |
US9306930B2 (en) | 2014-05-19 | 2016-04-05 | Bank Of America Corporation | Service channel authentication processing hub |
US9836594B2 (en) * | 2014-05-19 | 2017-12-05 | Bank Of America Corporation | Service channel authentication token |
DE102014008419A1 (en) * | 2014-06-14 | 2015-12-17 | Manfred Rietzler | Method and arrangement for executing a digital payment transaction |
US9922200B2 (en) * | 2014-06-30 | 2018-03-20 | Microsoft Technology Licensing, Llc | Securely storing content within public clouds |
DE102015017060A1 (en) | 2015-01-13 | 2016-07-14 | Bundesdruckerei Gmbh | Method for reading attributes from an ID token |
DE102015200313A1 (en) | 2015-01-13 | 2016-07-14 | Bundesdruckerei Gmbh | Method for reading attributes from an ID token |
DE102015017061A1 (en) | 2015-01-13 | 2016-07-28 | Bundesdruckerei Gmbh | Method for reading attributes from an ID token |
US10699001B2 (en) | 2015-03-31 | 2020-06-30 | Paradigm, Inc. | Systems and methods for generating and validating certified electronic credentials |
WO2016160052A1 (en) | 2015-03-31 | 2016-10-06 | Paradigm, Inc. | Systems and methods for generating and validating certified electronic credentials |
DE102015208088A1 (en) | 2015-04-30 | 2016-11-03 | Bundesdruckerei Gmbh | Method for generating an electronic signature |
DE102015208098B4 (en) | 2015-04-30 | 2022-07-21 | Bundesdruckerei Gmbh | Procedure for generating an electronic signature |
DE102015209073B4 (en) | 2015-05-18 | 2019-02-07 | Bundesdruckerei Gmbh | Method for reading attributes from an ID token |
US20160366124A1 (en) * | 2015-06-15 | 2016-12-15 | Qualcomm Incorporated | Configuration and authentication of wireless devices |
US10158953B2 (en) | 2015-07-02 | 2018-12-18 | Gn Hearing A/S | Hearing device and method of updating a hearing device |
US9887848B2 (en) | 2015-07-02 | 2018-02-06 | Gn Hearing A/S | Client device with certificate and related method |
DK201570433A1 (en) | 2015-07-02 | 2017-01-30 | Gn Hearing As | Hearing device with model control and associated methods |
US10318720B2 (en) | 2015-07-02 | 2019-06-11 | Gn Hearing A/S | Hearing device with communication logging and related method |
US9877123B2 (en) | 2015-07-02 | 2018-01-23 | Gn Hearing A/S | Method of manufacturing a hearing device and hearing device with certificate |
US10104522B2 (en) * | 2015-07-02 | 2018-10-16 | Gn Hearing A/S | Hearing device and method of hearing device communication |
US10158955B2 (en) | 2015-07-02 | 2018-12-18 | Gn Hearing A/S | Rights management in a hearing device |
DE102015213312A1 (en) | 2015-07-15 | 2017-01-19 | Bundesdruckerei Gmbh | A method of managing attributes from an ID token, ID token, attribute provider computer system, and computer system |
CN106603463A (en) * | 2015-10-14 | 2017-04-26 | 天津雅达电子商务有限公司 | Method for regulation of computer system for multilevel dialogue |
DE102016202262A1 (en) | 2016-02-15 | 2017-08-17 | Bundesdruckerei Gmbh | A method and system for authenticating a mobile telecommunication terminal to a service computer system and mobile telecommunication terminal |
DE102016208038A1 (en) | 2016-05-10 | 2017-11-16 | Bundesdruckerei Gmbh | Method for reading attributes from an ID token |
DE102016208040A1 (en) | 2016-05-10 | 2017-11-16 | Bundesdruckerei Gmbh | Method for reading attributes from an ID token |
DE102016222170A1 (en) | 2016-11-11 | 2018-05-17 | Bundesdruckerei Gmbh | Method for reading attributes from an ID token |
DE102017212696A1 (en) * | 2017-07-25 | 2019-01-31 | Bundesdruckerei Gmbh | A method for authenticating a user to a service provider and authentication device |
CN112597517A (en) * | 2020-12-25 | 2021-04-02 | 携程旅游网络技术(上海)有限公司 | Encrypted communication method, system, device and medium for installing client |
Family Cites Families (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6438550B1 (en) * | 1998-12-10 | 2002-08-20 | International Business Machines Corporation | Method and apparatus for client authentication and application configuration via smart cards |
US20010045451A1 (en) * | 2000-02-28 | 2001-11-29 | Tan Warren Yung-Hang | Method and system for token-based authentication |
US7703128B2 (en) * | 2003-02-13 | 2010-04-20 | Microsoft Corporation | Digital identity management |
JP4420201B2 (en) * | 2004-02-27 | 2010-02-24 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Authentication method using hardware token, hardware token, computer apparatus, and program |
US8904040B2 (en) | 2004-10-29 | 2014-12-02 | Go Daddy Operating Company, LLC | Digital identity validation |
US7383438B2 (en) * | 2004-12-18 | 2008-06-03 | Comcast Cable Holdings, Llc | System and method for secure conditional access download and reconfiguration |
JP4790731B2 (en) * | 2005-02-18 | 2011-10-12 | イーエムシー コーポレイション | Derived seed |
US8474028B2 (en) * | 2006-10-06 | 2013-06-25 | Fmr Llc | Multi-party, secure multi-channel authentication |
KR100995904B1 (en) * | 2007-12-18 | 2010-11-23 | 한국전자통신연구원 | Method of Web service and its apparatus |
DE102008000067C5 (en) | 2008-01-16 | 2012-10-25 | Bundesdruckerei Gmbh | Method for reading attributes from an ID token |
DE102008040416A1 (en) * | 2008-07-15 | 2010-01-21 | Bundesdruckerei Gmbh | Method for reading attributes from an ID token |
DE102008042262B4 (en) | 2008-09-22 | 2010-05-27 | Bundesdruckerei Gmbh | Method for storing data, computer program product, ID token and computer system |
EP2332313B1 (en) * | 2008-09-22 | 2016-04-27 | Bundesdruckerei GmbH | Method for storing data, computer program product, id token and computer system |
US8001581B2 (en) * | 2008-12-17 | 2011-08-16 | Dell Products L.P. | Methods and systems for embedded user authentication and/or providing computing services using an information handling system configured as a flexible computing node |
DE102009026953A1 (en) | 2009-06-16 | 2010-12-23 | Bundesdruckerei Gmbh | Method for registering a mobile device in a mobile network |
GB2471282B (en) * | 2009-06-22 | 2015-02-18 | Barclays Bank Plc | Method and system for provision of cryptographic services |
DE102009027681A1 (en) | 2009-07-14 | 2011-01-20 | Bundesdruckerei Gmbh | Method and reading attributes from an ID token |
DE102009027723A1 (en) | 2009-07-15 | 2011-01-27 | Bundesdruckerei Gmbh | Method for reading attributes from an ID token |
US9600679B2 (en) * | 2011-04-29 | 2017-03-21 | Micro Focus Software Inc. | Techniques for resource operation based on usage, sharing, and recommendations with modular authentication |
US9398622B2 (en) * | 2011-05-23 | 2016-07-19 | Twilio, Inc. | System and method for connecting a communication to a client |
US8769622B2 (en) * | 2011-06-30 | 2014-07-01 | International Business Machines Corporation | Authentication and authorization methods for cloud computing security |
US8949596B2 (en) * | 2012-07-10 | 2015-02-03 | Verizon Patent And Licensing Inc. | Encryption-based session establishment |
US8832857B2 (en) * | 2012-07-12 | 2014-09-09 | International Business Machines Corporation | Unsecured asset detection via correlated authentication anomalies |
-
2010
- 2010-04-22 DE DE201010028133 patent/DE102010028133A1/en active Pending
-
2011
- 2011-04-20 CN CN201180018310.0A patent/CN102834830B/en active Active
- 2011-04-20 EP EP23208338.6A patent/EP4357945A3/en active Pending
- 2011-04-20 US US13/637,691 patent/US8812851B2/en active Active
- 2011-04-20 WO PCT/EP2011/056315 patent/WO2011131715A1/en active Application Filing
- 2011-04-20 EP EP11717537A patent/EP2561461A1/en not_active Ceased
-
2014
- 2014-08-06 US US14/452,633 patent/US9130931B2/en active Active
Non-Patent Citations (1)
Title |
---|
"Technische Richtlinie eID-Server", TECHNISCHE RICHTLINIE EID-SE, BUNDESAMT FÜR SICHERHEIT IN DER INFORMATIONSTECHNIK, DE, no. BSI TR-03130 Version: 1.0 RC1, 19 May 2009 (2009-05-19), pages 1 - 48, XP007915025 * |
Also Published As
Publication number | Publication date |
---|---|
EP4357945A3 (en) | 2024-07-24 |
US9130931B2 (en) | 2015-09-08 |
EP4357945A2 (en) | 2024-04-24 |
US20130219181A1 (en) | 2013-08-22 |
US8812851B2 (en) | 2014-08-19 |
WO2011131715A1 (en) | 2011-10-27 |
CN102834830A (en) | 2012-12-19 |
DE102010028133A1 (en) | 2011-10-27 |
US20150026476A1 (en) | 2015-01-22 |
CN102834830B (en) | 2016-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2561461A1 (en) | Method for reading an attribute from an id token | |
EP2454703B1 (en) | Method for reading attributes from an id token | |
EP2304642B1 (en) | Method for reading attributes from an id token | |
DE102008000067C5 (en) | Method for reading attributes from an ID token | |
EP2454700B1 (en) | Process to create a soft-token | |
EP2454704B1 (en) | Method to read attributes from an id-token | |
EP2415228B1 (en) | Method for reading attributes of a token via a wireless connection | |
DE102008042262B4 (en) | Method for storing data, computer program product, ID token and computer system | |
EP2962439B1 (en) | Reading an attribute from an id token | |
EP2338255A2 (en) | Method, computer program product and system for authenticating a user of a telecommunications network | |
EP2494487A1 (en) | Method for creating a website | |
EP2620892B1 (en) | Method for generating a pseudonym with the help of an ID token | |
EP2631837B1 (en) | Method for generating a pseudonym with the help of an ID token | |
EP2879073A1 (en) | Electronic transaction method and computer system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20121122 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20170329 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
APBK | Appeal reference recorded |
Free format text: ORIGINAL CODE: EPIDOSNREFNE |
|
APBN | Date of receipt of notice of appeal recorded |
Free format text: ORIGINAL CODE: EPIDOSNNOA2E |
|
APBR | Date of receipt of statement of grounds of appeal recorded |
Free format text: ORIGINAL CODE: EPIDOSNNOA3E |
|
APAF | Appeal reference modified |
Free format text: ORIGINAL CODE: EPIDOSCREFNE |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230526 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
APBT | Appeal procedure closed |
Free format text: ORIGINAL CODE: EPIDOSNNOA9E |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20231113 |