WO2023046237A1 - Procédé d'échange numérique d'informations - Google Patents

Procédé d'échange numérique d'informations Download PDF

Info

Publication number
WO2023046237A1
WO2023046237A1 PCT/DE2022/100699 DE2022100699W WO2023046237A1 WO 2023046237 A1 WO2023046237 A1 WO 2023046237A1 DE 2022100699 W DE2022100699 W DE 2022100699W WO 2023046237 A1 WO2023046237 A1 WO 2023046237A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
chip card
service provider
electronic
electronic chip
Prior art date
Application number
PCT/DE2022/100699
Other languages
German (de)
English (en)
Inventor
Marcus Böttcher
Original Assignee
3medi GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 3medi GmbH filed Critical 3medi GmbH
Publication of WO2023046237A1 publication Critical patent/WO2023046237A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to a method for the digital exchange of information via an Internet connection between a server of a service provider and an application on an electronic device of a user with an electronic chip card of the user coupled to the device, wherein at least one identification feature of the user is used to identify the user becomes.
  • Electronic smart cards are offered by a variety of service providers. In connection with issuing the electronic chip card to a user, it is usually necessary to prove the identity of the user to the service provider.
  • the electronic health card As a chip card from a health insurance company, it is stipulated by law that the electronic health card that has already been issued may only be activated if, in a first step, a secure identification of the insured person or the user and, in a second subsequent step, the physical possession of the issued electronic health card can be proven by the insured.
  • Postident procedure in which the user identifies himself at a post office or personally at a health insurance company office with his identity card in order to prove his identity.
  • Another type of identity change can be implemented via an online ID function.
  • the health insurance company then sends the release codes required to release the electronic health card, such as PIN and PUK, to the insured person by post.
  • PIN and PUK electronic health card
  • This known procedure is not only time-consuming but also expensive. Proof of physical possession of the electronic health card is therefore currently not possible in real time. The situation is similar when issuing credit cards or bank cards as electronic chip cards. For security reasons, the associated release codes, such as PIN and PUK, have so far only been sent by post.
  • the present invention is based on the object of proposing a method of the type described at the outset, which, after the issuance of an electronic chip card and/or a chip card integrated into an electronic device for the exchange of information, requires a secure identification of the user and proof of the physical possession of the issued chip card and / or the device with the chip card allows digital.
  • a method for the digital exchange of information or data or the like via an Internet connection between a server of a service provider and an application on an electronic device of a user with an electronic chip card coupled to the device of the user is proposed.
  • at least one identification feature or the like of the user is used to identify the user independently of the chip card and that after the user has been identified, physical possession of the electronic
  • the user's chip card is digitally proven to the service provider via a signature and encryption function on the electronic chip card, the signature and encryption function being available to the service provider without prior activation by the user.
  • the application carries out a secure identification of the user without using the chip card in a first step of the proposed method.
  • a second step of the method which follows directly, for example, the physical possession of the electronic chip card of the user is proven via the application via the signature and encryption function on the electronic chip card.
  • the digital signature is used to verify physical possession of the electronic chip card or a chip card containing electronic device.
  • a signature and encryption function is used, which is available to the service provider without activation by the user.
  • the necessary legal requirements are met digitally by the proposed method in order to transfer or exchange personal data between the service provider and the user.
  • the chip card can be coupled to the device wirelessly or with a cable.
  • the chip card is built into or integrated into the electronic device and is coupled to the device in this way.
  • the chip card is also conceivable for the chip card to be built into or integrated into a further electronic device, with the further electronic device and thus the chip card being coupled to the other electronic device in a wireless or wired manner.
  • the method according to the invention can thus also be used to prove physical ownership of the device with the chip card. Consequently, any electronic object can be used in the method that contains a corresponding signature and/or encryption functionality as an integrated chip card or the like and in which the private key cannot be copied or read.
  • This can be, for example, a USB dongle, a smartphone with a secure element or a computer or an embedded system or server with a TPM (Trusted Platform Module).
  • the chip card is also often referred to as a key card, smart card or integrated circuit card (ICC).
  • ICC integrated circuit card
  • the smart card preferably contains an integrated circuit (chip) that includes hardware logic, non-volatile EPROM or EEPROM memory or a microprocessor or the like, so that the signature and encryption function can be operated and stored on the smart card.
  • the signature and encryption functions on the electronic chip card In order to be able to prove physical possession exclusively digitally, it is necessary for the signature and encryption functions on the electronic chip card to be part of a common encryption infrastructure (PKI) of the Belong to the service provider in such a way that the service provider can access the signature and encryption function of the electronic chip card without prior activation by the user by entering a PIN or the like. In this way, the service provider can clearly identify the user assigned to the electronic chip card from the certificates of the signature and encryption function.
  • the private key of the digital signature required for this is located exclusively on the electronic chip card and can neither be copied from there nor read out by third parties, so that a secure digital data exchange is guaranteed by the proposed method.
  • a pseudonymous signature and encryption function or the like can be used as a digital signature to prove the physical possession of the electronic chip card.
  • Other types of digital signatures that are associated with the common encryption infrastructure, the so-called PKI, can also be used.
  • the user After the user has digitally verified the identity of the user to the service provider, the user establishes an encrypted internet connection with the server of the service provider via the application on the electronic device linked to the electronic chip card, or continues to use an existing encrypted internet connection.
  • the signature and encryption function is used by the service provider's server via the internet connection of the user's electronic chip card coupled with the electronic device in any way, whereby the service provider's server sends information and/or data via the internet connection to the electronic device Coupled electronic chip card of the user are sent, whereby the user signs the sent information and sent data via the electronic chip card coupled with the application and back to the server of the service provider k are sent, and wherein the received information and the received data are checked by the server of the service provider regarding the identity of the user and the physical possession of the electronic ronic chip card or the chip card having the electronic device can be checked.
  • the user after the user has digitally proven the identity of the user to the service provider, the user establishes a secure Internet connection to the server of the service provider via the application on the electronic device coupled with the electronic chip card establishes or continues to use an existing encrypted Internet connection, with random information being created by the service provider's server and, if necessary, sent with the user's identification features via the Internet connection to the user's electronic chip card connected to the electronic device, with the user receiving the information sent and/or the data sent are signed via the electronic chip card coupled to the application and sent back to the service provider's server, and the information and/or data received are processed by the S server of the service provider with regard to the identity of the user and the physical possession of the electronic chip card or the electronic device containing the electronic chip card.
  • the returned information signed by the electronic chip card and possibly other data can be checked by the service provider's server in such a way as to whether the identity of the user is correct and the user is in possession of the electronic chip card or in possession of the electronic device in which the electronic chip card is integrated or installed.
  • the certificate associated with the signature would also be sent. This certificate contains the pseudonym and the public key to verify the signed information.
  • the PKI allows the service provider to ensure that the certificate is valid and has not been revoked.
  • an encrypted Internet connection is established with the server of the service provider or an existing encrypted Internet connection is used further, whereby the signature and encryption function is carried out by the server of the service provider via the Internet connection of the electronic chip card connected to the electronic device
  • the user is activated, whereby the service provider's server sends information and/or data via the Internet connection to the user's electronic chip card coupled to the electronic device, whereby the user transmits the information and/or data sent via the application coupled electronic chip card are signed and sent back to the server of the service provider, and wherein the received information and / or received data by the server of the service provider in terms of identity of the user and the physical possession of the electronic chip card or the electronic device containing the electronic chip card.
  • the service provider may already have the certificate without a common encryption infrastructure PKI being provided.
  • the data to be signed can be, for example, the following: The data from the identity verification (e.g. name, address, date of birth or the like) in order to link the proof of physical possession of the electronic chip card with the user's previous identity verification. The time stamp to be able to prove the time of the process later.
  • a service provider secret e.g. a random number
  • the previous data (combined as desired and expanded if necessary) is encrypted and/or hashed in such a way that only the service provider can restore the original data. This prevents a signature created in a different context from simulating physical possession of the electronic chip card. In principle, it should be at least a partial secret so that third parties cannot create a corresponding signature in advance or later.
  • This secret can contain the personal data, a random number, a time or other suitable data. This data can be combined and varied in any way. This data can be reduced to a hash value, encrypted or the like.
  • a readable certificate and the associated private, non-readable or non-copyable key are stored separately on the electronic health card for the signature.
  • the certificate contains, among other things, the pseudonym and a public key.
  • the signature can be checked with this public key, i.e. it can be verified that the chip card or smart card has signed the secret or the data with the private key.
  • the service provider or the health insurance company can use the certificate to identify the insured person's pseudonym, e.g. B. name, address, date of birth, insurance number or the like.
  • the proposed method can provide for the service provider's server to send release codes for the electronic chip card to the user in real time. This means that a time-consuming and costly postal delivery of the release code is not required.
  • digital data can be securely exchanged between the user and the service provider in a particularly simple manner. For example, the user's personal data, such as data in a digital file on the service provider's server, can be accessed and, if necessary, sent to the user in real time.
  • electronic chip cards with a PIN are used to authenticate users, for example when accessing an electronic patient record or the like.
  • the electronic chip cards with PIN are also used to authorize actions, for example doctors' access to an electronic patient record or for payments, for example when shopping, with a bank card as an electronic chip card.
  • a preferred application of the proposed method can provide that the method is applied to an electronic health card as a chip card of a health insurance company as a service provider, for example to digitally send the PIN and PUK to the user or the insured person for approval, in order then, for example, to access an electronic patient file to have.
  • Another possible application of the proposed method can provide that the method is applied to an electronic bank or credit card as a chip card of a financial service provider as a service provider, for example to identify the user or customer after the bank or credit card has been issued and the physical possession of the bank or credit card using the proposed procedure in order to avoid sending release codes by post, which is time-consuming and costly.
  • the method can be extended to all physical objects that contain the functionality of a chip card or smart card, as already described.
  • This can be any device with permanently installed and/or connected crypto processors.
  • smartphones with a secure element or computers with a TPM Eg smartphones with a secure element or computers with a TPM.
  • the present invention is explained in more detail below with reference to the figures.
  • FIG. 1 shows a schematic view of a first embodiment variant with an electronic chip card coupled to an electronic device for data exchange with a server of a service provider;
  • FIG. 2 shows a schematic view of a second embodiment variant with the chip card integrated in the electronic device for data exchange with a server of the service provider;
  • FIG. 3 shows a schematic view of a third embodiment variant with the chip card integrated in a further electronic device for data exchange with the server of the service provider.
  • the electronic device 2 can be designed, for example, as a computer, notebook, tablet computer, mobile phone or the like.
  • the electronic device 2 can be coupled to an electronic chip card 4 and to an identity card, which is not shown in any more detail.
  • a card reader not shown, can be used as a contact-based connection or a contactless connection.
  • a camera, an NFC connection, a Bluetooth connection, a WIFI connection, another wireless connection or the like can be used for the contactless connection.
  • the electronic device is connected to a server 6 of a service provider or a health insurance company 7 via an Internet connection 5 .
  • the three embodiment variants differ only in that the chip card 4 in the first embodiment variant according to FIG. 1 is provided separately from the electronic device 2 and is coupled to it in a contactless or contact-based manner.
  • the chip card 4 is integrated into the electronic device 2 for coupling, while in the third embodiment variant the electronic chip card 4 is integrated into a further electronic device 9 and via a contactless or contact-based connection 8 to the other electronic device 2 is linked to the server 6 of the service provider or the health insurance company 7 .
  • a digital exchange of information between the health insurance company 7 and the user or the insured person 1 is to be ensured.
  • Access to an electronic patient file using the electronic health card 4 may only take place if, after the electronic health card 4 has been issued, subsequent secure identification of the insured person 1 and subsequent physical possession of the electronic health card 4 by the health insurance company 7 has been proven.
  • the method provides, for example, that the identity of the insured person 1 is initially proven to the health insurance fund 7 via the application 3, for example by a digital online ID function of an identity card of the insured person 1.
  • the application for example, a digital online ID function of an identity card of the insured person 1.
  • This requires, for example, that the user connects and activates their ID card with their electronic device via NFC.
  • video or robo-identification methods can also be used come into action.
  • the procedure for using the online ID function to identify insured person 1 is as follows.
  • the insured person 1 uses the application 3 to access the online ID function.
  • the insured person After checking the authorization certificate, the insured person enters a release code for the online ID function, which activates the ID function of the ID card. If necessary, this can be checked by the service provider. If authorization to read out the ID card data has been granted, this ID card data is sent to the server 6 of the health insurance company 7 . In this way, the ID data of the insured person 1 is made available to the health insurance company 7 for identification.
  • the proposed method provides for this to be done using a pseudonymous signature calculated on the electronic health card 4 .
  • a contactless or contact-based connection 8 it is necessary to connect the electronic health card 4 to the electronic device 2 via a contactless or contact-based connection 8 .
  • a card reader can be used as contact-based use 8, while a wireless connection, an NFC connection or the like is used as contactless connection 8, for example.
  • the health insurance company 7 Since the health insurance company 7 has the identification features of the insured person 1 from the ID card data, a connection is established via the server 6 with the electronic health card 4 connected to the electronic device 2 and the pseudonymous signature functionality is activated by the server 6 if necessary.
  • the data to be signed such as name, address, insurance number and date of birth as well as a time stamp and random information, for example a random number or any data derived from it by hash and/or encryption functions or similar, are then processed by the server 6 of the health insurance company 7 , sent to the electronic health card 4 de.
  • the electronic health card 4 signs the data received from the server 6 of the health insurance company 7 and the insured person 1 sends the data signed by the electronic health card 4 back to the server 6 of the health insurance company 7 via the application 3.
  • the fact that the time stamp is signed among other things , the time of the operation can be verified later.
  • the server 6 of the health insurance company 7 checks the signature using the public key from the associated certificate and calculates the identity of the insured person 1 from the pseudonym of the associated certificate. From the certificate associated with the signature, which can be read from the electronic health insurance card and from the health insurance company can be checked for validity, the signature can be checked for validity. By signing the data from the identity verification, the time stamp or by signing the random number known only to the health insurance company or any combination or derivation thereof, the server 6 of the health insurance company 7 can also ensure that the signature has actually just been used in the context of the identity change of the user of the electronic health card 4 was carried out. In this context, the server 6 of the health insurance company 7 can compare the calculated identity with the data from the identification using the online ID function. If the name, address and date of birth and possibly other data match, it has been proven that the person on the electronic device 2 has the correct identity and that the electronic health card 4 connected to the electronic device 2 is assigned to him and is therefore in his physical possession .
  • the health insurance company can prove the context via a secret known only to the health insurance company and signed by the electronic health card. If necessary, the context can also be ensured by the health insurance company activating the signature function on the electronic health card and logging or documenting this accordingly.
  • the health insurance company or any other service provider can Prove at a later point in time that and when an identification (in the context of which the signed name, address and date of birth were obtained) and proof of possession of the electronic health card (through the signature) were carried out.
  • the insured person 1 can establish a secure connection via the electronic health card 4 with a card management system in a further step of the present method Build on the server 6 of the health insurance company 7 and retrieve the release codes, such as PIN and PUK, for the electronic health card 4.
  • the card management system on the server 6 of the health insurance company 7 checks the associated public key of the joint signature and encryption function from the electronic health card 4 and checks the certificate for correctness and validity. With this public key, the server 6 of the health insurance company 7 transmits the release code to the application 3 of the insured person 1 in encrypted form.
  • PIN and PUK are encrypted with the public key on the server 6 of the health insurance company 7 and sent to the electronic health card 4 in encrypted form end-to-end. This also means that it can only be decrypted using the associated private key on the electronic health insurance card 4 . From there, PIN and PUK are transferred to application 3 of insured person 1 and displayed there.
  • the server 6 of the health insurance company 7 can receive the release codes, such as PIN and PUK, for the electronic health card 4 can be retrieved from the card management system of the health insurance fund 7, a secure connection to the application 3 installed on the electronic device 2 can be set up in encrypted form via the server 6 or can continue to be used, and the release codes from the server 6 of the health insurance fund 7 for the electronic health card 4 is transmitted encrypted to the application 3 and displayed there to the user 1.
  • the release codes such as PIN and PUK
  • the insured person 1 can then activate the electronic health card 4 via the application 3 on the electronic device 2 by entering the PIN.
  • the insured person 1 is now able to set up a connection via the activated electronic health card 4 via the application 3 on the electronic device 2 to a server for the health insurance company's patient record 7 in order, for example, to B. to get access to his electronic medical record.
  • the proposed method opens up a digital possibility that allows the insured person to activate his electronic health card 4 in real time, in that the health insurance company 7 proves his identity and the physical possession of his electronic health card 4 and then the Activation of the electronic health card 4 required release code sends.
  • the insured person 1 it is possible for the insured person 1 to access his electronic patient file in real time in accordance with the law after receiving the electronic health card 4 .

Abstract

L'invention concerne un procédé d'échange numérique d'informations par l'intermédiaire d'une liaison internet (5) entre un serveur (6) d'un prestataire de services (7) et une application (3) présente sur l'appareil électronique (2) d'un utilisateur (1) au moyen d'une carte à puce électronique (4) de l'utilisateur (1) qui est couplée à l'appareil électronique (2). Pour permettre l'identification de l'utilisateur (1) indépendamment de la carte à puce (4) est employée au moins une caractéristique d'identification de l'utilisateur (1), le prestataire de services (7) reçoit en temps réel de la part de l'utilisateur (1) une preuve de la détention physique de la carte à puce électronique (4), numériquement par l'intermédiaire d'une fonction de signature et codage numérique présente sur la carte à puce électronique (4), et la fonction de signature et de codage est mise à la disposition du prestataire de services (7) sans activation préalable de la part de l'utilisateur (1).
PCT/DE2022/100699 2021-09-23 2022-09-20 Procédé d'échange numérique d'informations WO2023046237A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102021124640.7A DE102021124640A1 (de) 2021-09-23 2021-09-23 Verfahren zum digitalen Austauschen von Informationen
DEDE102021124640.7 2021-09-23

Publications (1)

Publication Number Publication Date
WO2023046237A1 true WO2023046237A1 (fr) 2023-03-30

Family

ID=83508902

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2022/100699 WO2023046237A1 (fr) 2021-09-23 2022-09-20 Procédé d'échange numérique d'informations

Country Status (2)

Country Link
DE (1) DE102021124640A1 (fr)
WO (1) WO2023046237A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10249801B3 (de) * 2002-10-24 2004-05-06 Giesecke & Devrient Gmbh Verfahren zum Ausführen einer gesicherten elektronischen Transaktion unter Verwendung eines tragbaren Datenträgers
EP2765752B1 (fr) * 2013-02-07 2017-05-24 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Procédé destiné à pourvoir un terminal mobile d'un certificat d'authentification
EP3641369A1 (fr) * 2018-10-18 2020-04-22 Giesecke+Devrient Mobile Security GmbH Sécurisation d'une communication poste à poste

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102016222170A1 (de) 2016-11-11 2018-05-17 Bundesdruckerei Gmbh Verfahren zum Lesen von Attributen aus einem ID-Token
DE102017208236A1 (de) 2017-05-16 2018-11-22 Bundesdruckerei Gmbh Verfahren, System und Computerprogrammprodukt zur verhaltensbasierten Authentifizierung eines Nutzers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10249801B3 (de) * 2002-10-24 2004-05-06 Giesecke & Devrient Gmbh Verfahren zum Ausführen einer gesicherten elektronischen Transaktion unter Verwendung eines tragbaren Datenträgers
EP2765752B1 (fr) * 2013-02-07 2017-05-24 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Procédé destiné à pourvoir un terminal mobile d'un certificat d'authentification
EP3641369A1 (fr) * 2018-10-18 2020-04-22 Giesecke+Devrient Mobile Security GmbH Sécurisation d'une communication poste à poste

Also Published As

Publication number Publication date
DE102021124640A1 (de) 2023-03-23

Similar Documents

Publication Publication Date Title
WO2013030060A1 (fr) Procédé de génération d'un jeton logiciel, produit-programme d'ordinateur et système informatique de service
EP3748521B1 (fr) Méthode pour lire les attributs d'un témoin d'identité
EP4224786A1 (fr) Procédé et dispositif de génération de signatures électroniques
EP3206151B1 (fr) Procédé et système d'authentification d'un appareil de télécommunication mobile sur un système informatique de service et appareil de télécommunication mobile
EP2752785B1 (fr) Procédé de personnalisation d'un élément sécurisé (Secure Element SE) et système informatique
EP3271855B1 (fr) Procédé de génération d'un certificat pour un jeton de sécurité
EP3125464B1 (fr) Service de révocation pour un certificat généré par un jeton d'id
EP3298526B1 (fr) Procédé de lecture d'attributs à partir d'un jeton d'identification
WO2023046237A1 (fr) Procédé d'échange numérique d'informations
EP2879073B1 (fr) Procédé de transaction électronique et système informatique
EP2893483B1 (fr) Procédé de personnalisation d'un élément sécurisé (se) et système informatique
EP2916252B1 (fr) Procédé de transaction électronique et système informatique
EP3180729B1 (fr) Identités numériques avec attributs externes
EP3186741A1 (fr) Protection d'accès pour des données étrangères dans la mémoire non volatile d'un jeton
EP3283999A1 (fr) Système électronique servant à produire un certificat
EP3304807B1 (fr) Identification d'une personne sur la base d'une caractéristique de référence biométrique transformée
EP2819079B1 (fr) Procédé de transaction électronique et système informatique
DE102013022448B3 (de) Elektronisches Transaktionsverfahren und Computersystem
DE102015017060A1 (de) Verfahren zum Lesen von Attributen aus einem ID-Token
DE102015017061A1 (de) Verfahren zum Lesen von Attributen aus einem ID-Token
WO2016116394A1 (fr) Jeton de certificat permettant de mettre à disposition un certificat numérique d'un utilisateur

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22782839

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2022782839

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2022782839

Country of ref document: EP

Effective date: 20240423