METHOD FOR GENERATING A CERTIFICATE
First Claim
1. A method for generating a certificate, comprising the following steps:
- sending a transaction request for a user to carry out a transaction,checking whether the certificate is available on account of the sending of the transaction request, and, if this is not the case, executing the following steps;
generating an asymmetric key pair consisting of a private key and a public key via an ID token, wherein the ID token is associated with the user,storing the generated asymmetric key pair on the ID token, wherein at least the private key is stored in a protected memory area of the ID token,transmitting the generated public key to a first computer system, andgenerating the certificate via the first computer system for the public key.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention relates to a method for generating a certificate for signing electronic documents by means of an ID token (106), having the following steps: —sending (201) a transaction request for a user to carry out a transaction, —as a result of the sending of the transaction request, a check is carried out as to whether the certificate (519) is available and if this is not the case, carrying out the following steps: generating (206) an asymmetrical key pair consisting of a private key and a public key using an ID token, said ID token (106) being assigned to the user; storing (207) the generated asymmetrical key pair on the ID token, wherein at least the private key is stored in a protected memory region of the ID token; transmitting (208; 509) the generated public key (518) to a first computer system, and generating (209) the certificate (519) by means of the first computer system for the public key.
98 Citations
20 Claims
-
1. A method for generating a certificate, comprising the following steps:
-
sending a transaction request for a user to carry out a transaction, checking whether the certificate is available on account of the sending of the transaction request, and, if this is not the case, executing the following steps; generating an asymmetric key pair consisting of a private key and a public key via an ID token, wherein the ID token is associated with the user, storing the generated asymmetric key pair on the ID token, wherein at least the private key is stored in a protected memory area of the ID token, transmitting the generated public key to a first computer system, and generating the certificate via the first computer system for the public key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 20)
-
-
13. An ID token, comprising:
-
a key generation component capable of generating an asymmetric key pair consisting of a private key and a public key, a protected memory area for storing at least the generated private key, a user authentication component capable of authenticating a user to the ID token, a computer authentication component capable of authenticating a first computer system to the ID token, and generating a protected connection to the first computer system, wherein a command can be transmitted via the protected connection from the first computer system to generate an asymmetric key pair to the ID token, and wherein the public key can be transmitted via the protected connection from the ID token to the first computer system, wherein a necessary prerequisite for the generation of the asymmetric key pair and the transmission of the public key is the successful authentication of the user and of the first computer system to the ID token. - View Dependent Claims (14, 15)
-
-
16. A computer system comprising:
-
an authentication component capable of authenticating to an ID token, a key reading component capable of reading a public key via a network from the ID token, wherein a public key and a private key form an asymmetric key pair, and wherein the asymmetric key pair is associated with a user, a first receiver component capable of receiving a data value from a second computer system, and a generation component capable of generating a certificate for the public key, wherein the validity of the certificate is determined by the received data value, and wherein the certificate is associated with the user. - View Dependent Claims (17, 18, 19)
-
Specification