WO2023046237A1 - Procédé d'échange numérique d'informations - Google Patents
Procédé d'échange numérique d'informations Download PDFInfo
- Publication number
- WO2023046237A1 WO2023046237A1 PCT/DE2022/100699 DE2022100699W WO2023046237A1 WO 2023046237 A1 WO2023046237 A1 WO 2023046237A1 DE 2022100699 W DE2022100699 W DE 2022100699W WO 2023046237 A1 WO2023046237 A1 WO 2023046237A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- chip card
- service provider
- electronic
- electronic chip
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000004913 activation Effects 0.000 claims abstract description 6
- 230000036541 health Effects 0.000 claims description 85
- 230000008878 coupling Effects 0.000 claims description 3
- 238000010168 coupling process Methods 0.000 claims description 3
- 238000005859 coupling reaction Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 22
- 238000007726 management method Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Definitions
- the present invention relates to a method for the digital exchange of information via an Internet connection between a server of a service provider and an application on an electronic device of a user with an electronic chip card of the user coupled to the device, wherein at least one identification feature of the user is used to identify the user becomes.
- Electronic smart cards are offered by a variety of service providers. In connection with issuing the electronic chip card to a user, it is usually necessary to prove the identity of the user to the service provider.
- the electronic health card As a chip card from a health insurance company, it is stipulated by law that the electronic health card that has already been issued may only be activated if, in a first step, a secure identification of the insured person or the user and, in a second subsequent step, the physical possession of the issued electronic health card can be proven by the insured.
- Postident procedure in which the user identifies himself at a post office or personally at a health insurance company office with his identity card in order to prove his identity.
- Another type of identity change can be implemented via an online ID function.
- the health insurance company then sends the release codes required to release the electronic health card, such as PIN and PUK, to the insured person by post.
- PIN and PUK electronic health card
- This known procedure is not only time-consuming but also expensive. Proof of physical possession of the electronic health card is therefore currently not possible in real time. The situation is similar when issuing credit cards or bank cards as electronic chip cards. For security reasons, the associated release codes, such as PIN and PUK, have so far only been sent by post.
- the present invention is based on the object of proposing a method of the type described at the outset, which, after the issuance of an electronic chip card and/or a chip card integrated into an electronic device for the exchange of information, requires a secure identification of the user and proof of the physical possession of the issued chip card and / or the device with the chip card allows digital.
- a method for the digital exchange of information or data or the like via an Internet connection between a server of a service provider and an application on an electronic device of a user with an electronic chip card coupled to the device of the user is proposed.
- at least one identification feature or the like of the user is used to identify the user independently of the chip card and that after the user has been identified, physical possession of the electronic
- the user's chip card is digitally proven to the service provider via a signature and encryption function on the electronic chip card, the signature and encryption function being available to the service provider without prior activation by the user.
- the application carries out a secure identification of the user without using the chip card in a first step of the proposed method.
- a second step of the method which follows directly, for example, the physical possession of the electronic chip card of the user is proven via the application via the signature and encryption function on the electronic chip card.
- the digital signature is used to verify physical possession of the electronic chip card or a chip card containing electronic device.
- a signature and encryption function is used, which is available to the service provider without activation by the user.
- the necessary legal requirements are met digitally by the proposed method in order to transfer or exchange personal data between the service provider and the user.
- the chip card can be coupled to the device wirelessly or with a cable.
- the chip card is built into or integrated into the electronic device and is coupled to the device in this way.
- the chip card is also conceivable for the chip card to be built into or integrated into a further electronic device, with the further electronic device and thus the chip card being coupled to the other electronic device in a wireless or wired manner.
- the method according to the invention can thus also be used to prove physical ownership of the device with the chip card. Consequently, any electronic object can be used in the method that contains a corresponding signature and/or encryption functionality as an integrated chip card or the like and in which the private key cannot be copied or read.
- This can be, for example, a USB dongle, a smartphone with a secure element or a computer or an embedded system or server with a TPM (Trusted Platform Module).
- the chip card is also often referred to as a key card, smart card or integrated circuit card (ICC).
- ICC integrated circuit card
- the smart card preferably contains an integrated circuit (chip) that includes hardware logic, non-volatile EPROM or EEPROM memory or a microprocessor or the like, so that the signature and encryption function can be operated and stored on the smart card.
- the signature and encryption functions on the electronic chip card In order to be able to prove physical possession exclusively digitally, it is necessary for the signature and encryption functions on the electronic chip card to be part of a common encryption infrastructure (PKI) of the Belong to the service provider in such a way that the service provider can access the signature and encryption function of the electronic chip card without prior activation by the user by entering a PIN or the like. In this way, the service provider can clearly identify the user assigned to the electronic chip card from the certificates of the signature and encryption function.
- the private key of the digital signature required for this is located exclusively on the electronic chip card and can neither be copied from there nor read out by third parties, so that a secure digital data exchange is guaranteed by the proposed method.
- a pseudonymous signature and encryption function or the like can be used as a digital signature to prove the physical possession of the electronic chip card.
- Other types of digital signatures that are associated with the common encryption infrastructure, the so-called PKI, can also be used.
- the user After the user has digitally verified the identity of the user to the service provider, the user establishes an encrypted internet connection with the server of the service provider via the application on the electronic device linked to the electronic chip card, or continues to use an existing encrypted internet connection.
- the signature and encryption function is used by the service provider's server via the internet connection of the user's electronic chip card coupled with the electronic device in any way, whereby the service provider's server sends information and/or data via the internet connection to the electronic device Coupled electronic chip card of the user are sent, whereby the user signs the sent information and sent data via the electronic chip card coupled with the application and back to the server of the service provider k are sent, and wherein the received information and the received data are checked by the server of the service provider regarding the identity of the user and the physical possession of the electronic ronic chip card or the chip card having the electronic device can be checked.
- the user after the user has digitally proven the identity of the user to the service provider, the user establishes a secure Internet connection to the server of the service provider via the application on the electronic device coupled with the electronic chip card establishes or continues to use an existing encrypted Internet connection, with random information being created by the service provider's server and, if necessary, sent with the user's identification features via the Internet connection to the user's electronic chip card connected to the electronic device, with the user receiving the information sent and/or the data sent are signed via the electronic chip card coupled to the application and sent back to the service provider's server, and the information and/or data received are processed by the S server of the service provider with regard to the identity of the user and the physical possession of the electronic chip card or the electronic device containing the electronic chip card.
- the returned information signed by the electronic chip card and possibly other data can be checked by the service provider's server in such a way as to whether the identity of the user is correct and the user is in possession of the electronic chip card or in possession of the electronic device in which the electronic chip card is integrated or installed.
- the certificate associated with the signature would also be sent. This certificate contains the pseudonym and the public key to verify the signed information.
- the PKI allows the service provider to ensure that the certificate is valid and has not been revoked.
- an encrypted Internet connection is established with the server of the service provider or an existing encrypted Internet connection is used further, whereby the signature and encryption function is carried out by the server of the service provider via the Internet connection of the electronic chip card connected to the electronic device
- the user is activated, whereby the service provider's server sends information and/or data via the Internet connection to the user's electronic chip card coupled to the electronic device, whereby the user transmits the information and/or data sent via the application coupled electronic chip card are signed and sent back to the server of the service provider, and wherein the received information and / or received data by the server of the service provider in terms of identity of the user and the physical possession of the electronic chip card or the electronic device containing the electronic chip card.
- the service provider may already have the certificate without a common encryption infrastructure PKI being provided.
- the data to be signed can be, for example, the following: The data from the identity verification (e.g. name, address, date of birth or the like) in order to link the proof of physical possession of the electronic chip card with the user's previous identity verification. The time stamp to be able to prove the time of the process later.
- a service provider secret e.g. a random number
- the previous data (combined as desired and expanded if necessary) is encrypted and/or hashed in such a way that only the service provider can restore the original data. This prevents a signature created in a different context from simulating physical possession of the electronic chip card. In principle, it should be at least a partial secret so that third parties cannot create a corresponding signature in advance or later.
- This secret can contain the personal data, a random number, a time or other suitable data. This data can be combined and varied in any way. This data can be reduced to a hash value, encrypted or the like.
- a readable certificate and the associated private, non-readable or non-copyable key are stored separately on the electronic health card for the signature.
- the certificate contains, among other things, the pseudonym and a public key.
- the signature can be checked with this public key, i.e. it can be verified that the chip card or smart card has signed the secret or the data with the private key.
- the service provider or the health insurance company can use the certificate to identify the insured person's pseudonym, e.g. B. name, address, date of birth, insurance number or the like.
- the proposed method can provide for the service provider's server to send release codes for the electronic chip card to the user in real time. This means that a time-consuming and costly postal delivery of the release code is not required.
- digital data can be securely exchanged between the user and the service provider in a particularly simple manner. For example, the user's personal data, such as data in a digital file on the service provider's server, can be accessed and, if necessary, sent to the user in real time.
- electronic chip cards with a PIN are used to authenticate users, for example when accessing an electronic patient record or the like.
- the electronic chip cards with PIN are also used to authorize actions, for example doctors' access to an electronic patient record or for payments, for example when shopping, with a bank card as an electronic chip card.
- a preferred application of the proposed method can provide that the method is applied to an electronic health card as a chip card of a health insurance company as a service provider, for example to digitally send the PIN and PUK to the user or the insured person for approval, in order then, for example, to access an electronic patient file to have.
- Another possible application of the proposed method can provide that the method is applied to an electronic bank or credit card as a chip card of a financial service provider as a service provider, for example to identify the user or customer after the bank or credit card has been issued and the physical possession of the bank or credit card using the proposed procedure in order to avoid sending release codes by post, which is time-consuming and costly.
- the method can be extended to all physical objects that contain the functionality of a chip card or smart card, as already described.
- This can be any device with permanently installed and/or connected crypto processors.
- smartphones with a secure element or computers with a TPM Eg smartphones with a secure element or computers with a TPM.
- the present invention is explained in more detail below with reference to the figures.
- FIG. 1 shows a schematic view of a first embodiment variant with an electronic chip card coupled to an electronic device for data exchange with a server of a service provider;
- FIG. 2 shows a schematic view of a second embodiment variant with the chip card integrated in the electronic device for data exchange with a server of the service provider;
- FIG. 3 shows a schematic view of a third embodiment variant with the chip card integrated in a further electronic device for data exchange with the server of the service provider.
- the electronic device 2 can be designed, for example, as a computer, notebook, tablet computer, mobile phone or the like.
- the electronic device 2 can be coupled to an electronic chip card 4 and to an identity card, which is not shown in any more detail.
- a card reader not shown, can be used as a contact-based connection or a contactless connection.
- a camera, an NFC connection, a Bluetooth connection, a WIFI connection, another wireless connection or the like can be used for the contactless connection.
- the electronic device is connected to a server 6 of a service provider or a health insurance company 7 via an Internet connection 5 .
- the three embodiment variants differ only in that the chip card 4 in the first embodiment variant according to FIG. 1 is provided separately from the electronic device 2 and is coupled to it in a contactless or contact-based manner.
- the chip card 4 is integrated into the electronic device 2 for coupling, while in the third embodiment variant the electronic chip card 4 is integrated into a further electronic device 9 and via a contactless or contact-based connection 8 to the other electronic device 2 is linked to the server 6 of the service provider or the health insurance company 7 .
- a digital exchange of information between the health insurance company 7 and the user or the insured person 1 is to be ensured.
- Access to an electronic patient file using the electronic health card 4 may only take place if, after the electronic health card 4 has been issued, subsequent secure identification of the insured person 1 and subsequent physical possession of the electronic health card 4 by the health insurance company 7 has been proven.
- the method provides, for example, that the identity of the insured person 1 is initially proven to the health insurance fund 7 via the application 3, for example by a digital online ID function of an identity card of the insured person 1.
- the application for example, a digital online ID function of an identity card of the insured person 1.
- This requires, for example, that the user connects and activates their ID card with their electronic device via NFC.
- video or robo-identification methods can also be used come into action.
- the procedure for using the online ID function to identify insured person 1 is as follows.
- the insured person 1 uses the application 3 to access the online ID function.
- the insured person After checking the authorization certificate, the insured person enters a release code for the online ID function, which activates the ID function of the ID card. If necessary, this can be checked by the service provider. If authorization to read out the ID card data has been granted, this ID card data is sent to the server 6 of the health insurance company 7 . In this way, the ID data of the insured person 1 is made available to the health insurance company 7 for identification.
- the proposed method provides for this to be done using a pseudonymous signature calculated on the electronic health card 4 .
- a contactless or contact-based connection 8 it is necessary to connect the electronic health card 4 to the electronic device 2 via a contactless or contact-based connection 8 .
- a card reader can be used as contact-based use 8, while a wireless connection, an NFC connection or the like is used as contactless connection 8, for example.
- the health insurance company 7 Since the health insurance company 7 has the identification features of the insured person 1 from the ID card data, a connection is established via the server 6 with the electronic health card 4 connected to the electronic device 2 and the pseudonymous signature functionality is activated by the server 6 if necessary.
- the data to be signed such as name, address, insurance number and date of birth as well as a time stamp and random information, for example a random number or any data derived from it by hash and/or encryption functions or similar, are then processed by the server 6 of the health insurance company 7 , sent to the electronic health card 4 de.
- the electronic health card 4 signs the data received from the server 6 of the health insurance company 7 and the insured person 1 sends the data signed by the electronic health card 4 back to the server 6 of the health insurance company 7 via the application 3.
- the fact that the time stamp is signed among other things , the time of the operation can be verified later.
- the server 6 of the health insurance company 7 checks the signature using the public key from the associated certificate and calculates the identity of the insured person 1 from the pseudonym of the associated certificate. From the certificate associated with the signature, which can be read from the electronic health insurance card and from the health insurance company can be checked for validity, the signature can be checked for validity. By signing the data from the identity verification, the time stamp or by signing the random number known only to the health insurance company or any combination or derivation thereof, the server 6 of the health insurance company 7 can also ensure that the signature has actually just been used in the context of the identity change of the user of the electronic health card 4 was carried out. In this context, the server 6 of the health insurance company 7 can compare the calculated identity with the data from the identification using the online ID function. If the name, address and date of birth and possibly other data match, it has been proven that the person on the electronic device 2 has the correct identity and that the electronic health card 4 connected to the electronic device 2 is assigned to him and is therefore in his physical possession .
- the health insurance company can prove the context via a secret known only to the health insurance company and signed by the electronic health card. If necessary, the context can also be ensured by the health insurance company activating the signature function on the electronic health card and logging or documenting this accordingly.
- the health insurance company or any other service provider can Prove at a later point in time that and when an identification (in the context of which the signed name, address and date of birth were obtained) and proof of possession of the electronic health card (through the signature) were carried out.
- the insured person 1 can establish a secure connection via the electronic health card 4 with a card management system in a further step of the present method Build on the server 6 of the health insurance company 7 and retrieve the release codes, such as PIN and PUK, for the electronic health card 4.
- the card management system on the server 6 of the health insurance company 7 checks the associated public key of the joint signature and encryption function from the electronic health card 4 and checks the certificate for correctness and validity. With this public key, the server 6 of the health insurance company 7 transmits the release code to the application 3 of the insured person 1 in encrypted form.
- PIN and PUK are encrypted with the public key on the server 6 of the health insurance company 7 and sent to the electronic health card 4 in encrypted form end-to-end. This also means that it can only be decrypted using the associated private key on the electronic health insurance card 4 . From there, PIN and PUK are transferred to application 3 of insured person 1 and displayed there.
- the server 6 of the health insurance company 7 can receive the release codes, such as PIN and PUK, for the electronic health card 4 can be retrieved from the card management system of the health insurance fund 7, a secure connection to the application 3 installed on the electronic device 2 can be set up in encrypted form via the server 6 or can continue to be used, and the release codes from the server 6 of the health insurance fund 7 for the electronic health card 4 is transmitted encrypted to the application 3 and displayed there to the user 1.
- the release codes such as PIN and PUK
- the insured person 1 can then activate the electronic health card 4 via the application 3 on the electronic device 2 by entering the PIN.
- the insured person 1 is now able to set up a connection via the activated electronic health card 4 via the application 3 on the electronic device 2 to a server for the health insurance company's patient record 7 in order, for example, to B. to get access to his electronic medical record.
- the proposed method opens up a digital possibility that allows the insured person to activate his electronic health card 4 in real time, in that the health insurance company 7 proves his identity and the physical possession of his electronic health card 4 and then the Activation of the electronic health card 4 required release code sends.
- the insured person 1 it is possible for the insured person 1 to access his electronic patient file in real time in accordance with the law after receiving the electronic health card 4 .
Abstract
L'invention concerne un procédé d'échange numérique d'informations par l'intermédiaire d'une liaison internet (5) entre un serveur (6) d'un prestataire de services (7) et une application (3) présente sur l'appareil électronique (2) d'un utilisateur (1) au moyen d'une carte à puce électronique (4) de l'utilisateur (1) qui est couplée à l'appareil électronique (2). Pour permettre l'identification de l'utilisateur (1) indépendamment de la carte à puce (4) est employée au moins une caractéristique d'identification de l'utilisateur (1), le prestataire de services (7) reçoit en temps réel de la part de l'utilisateur (1) une preuve de la détention physique de la carte à puce électronique (4), numériquement par l'intermédiaire d'une fonction de signature et codage numérique présente sur la carte à puce électronique (4), et la fonction de signature et de codage est mise à la disposition du prestataire de services (7) sans activation préalable de la part de l'utilisateur (1).
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102021124640.7A DE102021124640A1 (de) | 2021-09-23 | 2021-09-23 | Verfahren zum digitalen Austauschen von Informationen |
DEDE102021124640.7 | 2021-09-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023046237A1 true WO2023046237A1 (fr) | 2023-03-30 |
Family
ID=83508902
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE2022/100699 WO2023046237A1 (fr) | 2021-09-23 | 2022-09-20 | Procédé d'échange numérique d'informations |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE102021124640A1 (fr) |
WO (1) | WO2023046237A1 (fr) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE10249801B3 (de) * | 2002-10-24 | 2004-05-06 | Giesecke & Devrient Gmbh | Verfahren zum Ausführen einer gesicherten elektronischen Transaktion unter Verwendung eines tragbaren Datenträgers |
EP2765752B1 (fr) * | 2013-02-07 | 2017-05-24 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Procédé destiné à pourvoir un terminal mobile d'un certificat d'authentification |
EP3641369A1 (fr) * | 2018-10-18 | 2020-04-22 | Giesecke+Devrient Mobile Security GmbH | Sécurisation d'une communication poste à poste |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102016222170A1 (de) | 2016-11-11 | 2018-05-17 | Bundesdruckerei Gmbh | Verfahren zum Lesen von Attributen aus einem ID-Token |
DE102017208236A1 (de) | 2017-05-16 | 2018-11-22 | Bundesdruckerei Gmbh | Verfahren, System und Computerprogrammprodukt zur verhaltensbasierten Authentifizierung eines Nutzers |
-
2021
- 2021-09-23 DE DE102021124640.7A patent/DE102021124640A1/de active Pending
-
2022
- 2022-09-20 WO PCT/DE2022/100699 patent/WO2023046237A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE10249801B3 (de) * | 2002-10-24 | 2004-05-06 | Giesecke & Devrient Gmbh | Verfahren zum Ausführen einer gesicherten elektronischen Transaktion unter Verwendung eines tragbaren Datenträgers |
EP2765752B1 (fr) * | 2013-02-07 | 2017-05-24 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Procédé destiné à pourvoir un terminal mobile d'un certificat d'authentification |
EP3641369A1 (fr) * | 2018-10-18 | 2020-04-22 | Giesecke+Devrient Mobile Security GmbH | Sécurisation d'une communication poste à poste |
Also Published As
Publication number | Publication date |
---|---|
DE102021124640A1 (de) | 2023-03-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2013030060A1 (fr) | Procédé de génération d'un jeton logiciel, produit-programme d'ordinateur et système informatique de service | |
EP3748521B1 (fr) | Méthode pour lire les attributs d'un témoin d'identité | |
EP4224786A1 (fr) | Procédé et dispositif de génération de signatures électroniques | |
EP3206151B1 (fr) | Procédé et système d'authentification d'un appareil de télécommunication mobile sur un système informatique de service et appareil de télécommunication mobile | |
EP2752785B1 (fr) | Procédé de personnalisation d'un élément sécurisé (Secure Element SE) et système informatique | |
EP3271855B1 (fr) | Procédé de génération d'un certificat pour un jeton de sécurité | |
EP3125464B1 (fr) | Service de révocation pour un certificat généré par un jeton d'id | |
EP3298526B1 (fr) | Procédé de lecture d'attributs à partir d'un jeton d'identification | |
WO2023046237A1 (fr) | Procédé d'échange numérique d'informations | |
EP2879073B1 (fr) | Procédé de transaction électronique et système informatique | |
EP2893483B1 (fr) | Procédé de personnalisation d'un élément sécurisé (se) et système informatique | |
EP2916252B1 (fr) | Procédé de transaction électronique et système informatique | |
EP3180729B1 (fr) | Identités numériques avec attributs externes | |
EP3186741A1 (fr) | Protection d'accès pour des données étrangères dans la mémoire non volatile d'un jeton | |
EP3283999A1 (fr) | Système électronique servant à produire un certificat | |
EP3304807B1 (fr) | Identification d'une personne sur la base d'une caractéristique de référence biométrique transformée | |
EP2819079B1 (fr) | Procédé de transaction électronique et système informatique | |
DE102013022448B3 (de) | Elektronisches Transaktionsverfahren und Computersystem | |
DE102015017060A1 (de) | Verfahren zum Lesen von Attributen aus einem ID-Token | |
DE102015017061A1 (de) | Verfahren zum Lesen von Attributen aus einem ID-Token | |
WO2016116394A1 (fr) | Jeton de certificat permettant de mettre à disposition un certificat numérique d'un utilisateur |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22782839 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2022782839 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2022782839 Country of ref document: EP Effective date: 20240423 |