Abstract: The invention relates to the generation of digital signatures by the use of which the legally binding nature of a digital signature is enhanced. For this, an expanded digital signature is created which, in addition to the hash, contains other information, in particular information identifying the hardware and software environment used in generating the signature.

Abstract: The present invention allows program specific configuration of several physical or logical readers, or other I/O devices, by using a configuration tool and a reader access layer. In an example embodiment, a configuration tool allows, a specifying access rights and priority rights for each single reader in conjunction with each single program. A reader access layer communicates with each program directly, calls up the reader access list for the requesting program, checks the access rights and the priority order for the available readers and returns a response to the requesting program containing information for accessing the active reader with the highest available priority. It secures previously defined access rights and access priorities between readers and programs defined in the reader access list remain unchanged independently when new readers are added.

Abstract: A method for creating, storing and reading a new certificate type for certification of keys is provided. In the new certificate type, several certificates, containing a minimum quantity of redundant data fields, are collated to form one certificate and all redundant information on the certificates is eliminated. An embodiment of the new certificate type is the group certificate. The group certificate is used where several keys are to be issued at the same time for the same user by the same certification instance. By means of the group certificate, all redundant data elements are eliminated and all data elements for a set of several keys subject to certification are grouped into one certificate. This substantially reduces the memory requirement, and handling of the certificates is simplified for the communication partners. A further embodiment of the new certificate type is the basic and supplementary certificate combination.

Abstract: Virtual smart cards (VSC) are generated by a VSC control program with each VSC addressable by a unique identifier (ID). Using the VSC control program, personalized VSC data is accessed via a secure channel using the ID and a password. A real smart card is personalized by a personalization program that reads data from the VSC. Personalization data contained in the VSC may be tested in an application environment before a personalized real smart card is available.

Abstract: The present invention describes an improved communication architecture for smart card systems and an improved procedure for communication of the smart card applications using protected data carriers, particularly in the case where smart cards or smart card readers cannot be used. The improved communication architecture has a common virtual smart card interface between the respective smart card applications and the modules which facilitate access to the protected data carriers (smart cards). The modules allow access to either physical smart cards, virtual software smart cards or hardware smart cards. The common virtual smart card interface means that the application is completely independent of the respective module or the respective data carrier. Alternatively, the improved communication architecture additionally contains a virtual smart card adapter which communicates over the common virtual smart card interface with the respective smart card application.

Abstract: The present invention discloses a system and method for personalization of smart cards by using virtual smart cards (VSC) containing all data objects (card holder specific data objects) required to personalize real smart cards. The VSC is a software implemented version of a real smart card providing the equivalent functionality of a real smart card. The VSC is generated and used by a VSC control program handling the generation, the security and the read/write process of the VSC.

Abstract: The present invention allows program specific configuration of several physical or logical readers, or other I/O devices, by using a configuration tool and a reader access layer. In an example embodiment, a configuration tool allows, a specifying access rights and priority rights for each single reader in conjunction with each single program. A reader access layer communicates with each program directly, calls up the reader access list for the requesting program, checks the access rights and the priority order for the available readers and returns a response to the requesting program containing information for accessing the active reader with the highest available priority. It secures previously defined access rights and access priorities between readers and programs defined in the reader access list remain unchanged independently when new readers are added.

Abstract: A virtual smart card (VSC) is a software implemented version of a real smart card providing the equivalent functionality of a real smart card. The VSC is created and used by a VSC control program which handles the creation, the security and the read/write process of the VSC. The VSC has a logical file structure comprising a public area, a private area, a secure key area, a password area, and a unique identifier area. Data objects in the public area have no access restrictions, data objects placed into the private area are encrypted and can be accessed with a password, and the data objects placed into the secret key area are encrypted and only accessible by a VSC control program. Each VSC may be addressed by a unique identifier (ID). All data objects can be stored and retrieved on/from the virtual smart card's public and private area via the virtual smart card control program using a communication component.

Abstract: The present invention relates to electronic data carrier file systems, and in particular to file system management for small handheld data carriers, particularly for smart cards, i.e., chipcards having an own processor means. According to the present invention, static data objects are managed in a dynamic file system. A kind of embedment takes place in which one or more static objects are embedded in the dynamic file system within a file. The static objects are excluded from management actions performed on the dynamic file system. The static, embedded objects may have a fixed memory address inside the dynamic file system and cannot be moved to a different location by the dynamic file management functions. The static data objects can be accessed by easy command sequences without any complex file management functions, for example by boot routines in order to check personal security-relevant data.

Abstract: The present invention relates to a security token and method for secure usage of digital certificates and related keys on a security token, and more particularly, a secure import of certificates into a security token and their secure usage by applications. The root certificate of the certification authority(CA) is used during the initialization of the security token in a secure environment to transfer the certified root public key of the CA and its attributes into the data structure of the security token. The public root key is write protected. Furthermore, a verification component, preferably part of the operating system of the security token will accept, incase the certificate has to be replaced, only user certificates having a valid digital signature by the private root key of the CA.

Abstract: The invention refers to a procedure for storing data objects 210, 220, 230, 240 in the memory 200 of a smart card 100. To do this, general and application-specific data objects are defined using freely selectable security characteristics and access rights, which are filed in the memory of a smart card which is divided into several application-specific memory areas 110, 120 so that data objects with identical access conditions are located in one and the same memory area, irrespective of the application program 310, 320, 330 or smart card user 400 to which these data objects are allocated. All application programs and the smart card user can access the data objects irrespective of the corresponding access conditions. In this way, the re-issuing of smart cards in the case of later expansion of the file structure of the smart card for an application or the addition of extra applications is not necessary. The smart card user can allow any applications to store data on his smart card.