METHOD AND SYSTEM FOR PRODUCING A SECURE COMMUNICATION CHANNEL FOR TERMINALS
First Claim
1. A method for producing a secure communication channel for a terminal, the method having the following steps of:
- setting up a secure communication channel between a communication partner and a backend by a communication protocol, an item of channel binding information respectively being stipulated for the backend and for the communication partner by the communication protocol;
producing a communication channel between the communication partner and the terminal;
transmitting the channel binding information relating to the secure communication channel to the terminal by the communication partner;
storing the channel binding information on the terminal;
creating a data structure and a first digital signature across the data structure by the backend using a first private key, the digital signature being able to be checked using a first public key;
sending the data structure and the digital signature from the backend to the terminal; and
checking authenticity of the data structure using a checking algorithm for verifying the digital signature using the public key by the terminal and/or by the communication partner.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, backend, terminal, and computer program product are disclosed for producing a secure communication channel for a terminal, the method having the following method steps. A first method step for setting up a secure communication channel between a communication partner and a backend by a communication protocol. A second method step for producing a communication channel between the communication partner and the terminal. A third method step for transmitting the channel binding information. A fourth method step for storing the channel binding information on the terminal. A fifth method step for creating a data structure and a first digital signature across the data structure y. A sixth method step for sending the data structure and the digital signature from the backend to the terminal. A seventh method step for checking authenticity of the data structure.
17 Citations
30 Claims
-
1. A method for producing a secure communication channel for a terminal, the method having the following steps of:
-
setting up a secure communication channel between a communication partner and a backend by a communication protocol, an item of channel binding information respectively being stipulated for the backend and for the communication partner by the communication protocol; producing a communication channel between the communication partner and the terminal; transmitting the channel binding information relating to the secure communication channel to the terminal by the communication partner; storing the channel binding information on the terminal; creating a data structure and a first digital signature across the data structure by the backend using a first private key, the digital signature being able to be checked using a first public key; sending the data structure and the digital signature from the backend to the terminal; and checking authenticity of the data structure using a checking algorithm for verifying the digital signature using the public key by the terminal and/or by the communication partner. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 29, 30)
-
-
24. A backend having
a first cryptography device; -
a production device for creating a data structure and a first digital signature across the data structure using the first cryptography device and a first private key, the first digital signature being able to be checked using a first public key; a first communication device which is programmed by a first processor to send the data structure and the first digital signature to a terminal; to set up a secure communication channel to a communication partner by a communication protocol using the first cryptography device, an item of channel binding information respectively being stipulated by the communication protocol for the backend and for the communication partner.
-
-
25. A communication partner having
a second cryptography device; a second communication device which is programmed by a second processor to set up a secure communication channel to a backend using the second cryptography device, an item of channel binding information respectively being stipulated, by the communication protocol for the backend and for the communication partner, to set up a communication channel to a terminal, and to send the channel binding information to the terminal.
-
26. A terminal having
a third communication device which is programmed by a third processor to set up a communication channel to a communication partner, an item of channel binding information respectively being stipulated, by the communication protocol for a backend and for the communication partner; -
to receive the channel binding information and/or a data structure and/or a first digital signature and/or a public key, the first digital signature having been produced across the data structure, by the backend using a first private key; a checking device for checking authenticity of the data structure by a checking algorithm using the first digital signature and the public key; a memory for storing the channel binding information and/or the data structure and/or the first digital signature and/or the first public key.
-
-
27. A system having:
-
a backend having a first cryptography device; a production device for creating a data structure and a first digital signature across the data structure using the first cryptography device and a first private key, the first digital signature being able to be checked using a first public key; a first communication device which is programmed by a first processor to send the data structure and the first digital signature to a terminal; to set up a secure communication channel to a communication partner by a communication protocol using the first cryptography device, an item of channel binding information respectively being stipulated by the communication protocol for the backend and for the communication partner; the communication partner having a second cryptography device; a second communication device which is programmed by a second processor to set up the secure communication channel to the backend using the second cryptography device, to set up a communication channel to the terminal, and to send the channel binding information to the terminal; the terminal having a third communication device which is programmed by a third processor to set up the communication channel to the communication partner, to receive the channel binding information and/or the data structure and/or the first digital signature and/or the public key; a checking device for checking authenticity of the data structure by a checking algorithm using the first digital signature and the public key; a memory for storing the channel binding information and/or the data structure and/or the first digital signature and/or the first public key. - View Dependent Claims (28)
-
Specification