Abstract: A method for securing a transaction in a reputation system includes the following steps: authenticating a user vis-à-vis an end device by means of an electronic proof of identity for releasing authentication data for the digital identity that are stored on the end device, and authenticating the digital pseudonym assigned to the user vis-à-vis the reputation system by means of the end device while employing the stored authentication data pertaining to the digital pseudonym. The electronic proof of identity can be present as an electronic identity card in the form of a portable data carrier.

Abstract: The invention creates a method for loading an electronic amount of money represented as a random number sequence to a portable data carrier, with a conversion of the random number currency to the data carrier currency, and a disbursement of one or several money unit(s) from a portable data carrier, with a conversion of the data carrier currency to the random number currency.

Abstract: The invention creates a method for the contactless readout of an electronic identification document by means of a terminal, wherein in a data reading step encrypted identification data from a data memory are transmitted to the terminal, and in a key reading step the data key with which the identification data can be decrypted is transmitted to the terminal, and in the terminal the identification data are decrypted with the data key. The data reading step is carried out employing a long-range radio connection, and the key reading step is carried out employing a short-range radio connection.

Abstract: There is provided a method for creating an authentication entity derived from an original data carrier, wherein the original data carrier has a key pair that is individual to the original data carrier and comprises a public key and a secret key of the original data carrier, and a certificate for the public key of the original data carrier. The method comprises the following steps: deriving a secret key for the derived authentication entity from the secret key of the original data carrier by the original data carrier; forming derivation data for the derived authentication entity; transferring authentication data to the derived authentication entity, wherein the authentication data have the derivation data, the certificate of the public key of the original data carrier as well as a derived key pair which comprises the derived secret key and the public key of the original data carrier.

Abstract: The invention relates to a method for activating a portable data carrier (1) in which a first portable data carrier (1) is supplied in an inactive state to a user, after the user has requested the first data carrier (1) with the aid of a second portable data carrier (2) from a central instance, whereby the first and the second data carrier (1, 2) have access to authentication data for mutual authentication. In the method according to the invention a communication connection is set up between the first and the second data carrier (1, 2), via which the first and the second data carrier (1, 2) mutually authenticate each other on the basis of the authentication data and establish a cryptographically secured end-to-end connection. Via this end-to-end connection then the second data carrier (2) activates the first data carrier (1) by transmitting activation data to the first data carrier (1).

Abstract: A method and a system for secure transfer of an application from a server (S) into a reading device unit (2) with authentication of a user with a data carrier unit (1), the server (S) making available the application, wherein, between the data carrier unit (1) and the server (S), a first cryptographically secured channel (K1) is set up based on first cryptographic information (A), and between a security module (3) of the reading device unit (2) and the server (S) a second cryptographically secured channel (K2) is set up based on second cryptographic information (B). The application is transferred from the server to the reading device unit via the second cryptographically secured channel (K2).

Abstract: In a cryptographic method between a portable data carrier and a terminal device there are employed a public data-carrier key and a secret data-carrier key of the data carrier as well as a public terminal key and a secret terminal key of the terminal device. The data carrier employs as a public data-carrier key a static public key. As a secret data-carrier key the data carrier employs a secret key that is derived from a secret basic key associated with the public data-carrier key. Within the framework of the method, the terminal device checks an authentication parameter associated with the data carrier and different from the data-carrier keys.

Abstract: A method for securing a transaction in a reputation system includes the following steps: authenticating a user vis-à-vis an end device by means of an electronic proof of identity for releasing authentication data for the digital identity that are stored on the end device, and authenticating the digital pseudonym assigned to the user vis-à-vis the reputation system by means of the end device while employing the stored authentication data pertaining to the digital pseudonym. The electronic proof of identity can be present as an electronic identity card in the form of a portable data carrier.

Abstract: The invention creates a method for loading an electronic amount of money represented as a random number sequence to a portable data carrier, with a conversion of the random number currency to the data carrier currency, and a disbursement of one or several money unit(s) from a portable data carrier, with a conversion of the data carrier currency to the random number currency.

Abstract: There is provided a method for creating an authentication entity derived from an original data carrier, wherein the original data carrier has a key pair that is individual to the original data carrier and comprises a public key and a secret key of the original data carrier, and a certificate for the public key of the original data carrier. The method comprises the following steps: deriving a secret key for the derived authentication entity from the secret key of the original data carrier by the original data carrier; forming derivation data for the derived authentication entity; transferring authentication data to the derived authentication entity, wherein the authentication data have the derivation data, the certificate of the public key of the original data carrier as well as a derived key pair which comprises the derived secret key and the public key of the original data carrier.

Abstract: A system for recognizing the presence of a second portable data carrier by a first portable data carrier, wherein the data carriers have respectively a contactless interface with an antenna and an electronic circuit for storing and/or processing data. An RFID reading device supplies the data carriers with energy and for the respective communication of the data carriers with the reading device. In the first and the second data carrier there is respectively provided a further communication device, via which an additional, direct communication channel, independent of the field of the reading device, is made available between the first and the second data carrier, to thereby check the immediate presence of the second data carrier in the field of the reading device by the first data carrier.

Abstract: A method for authenticating a portable data carrier (10) to a terminal device by the following steps: In the data carrier (10) a public session key (PKSession) is derived (S5) from a public key individual to the data carrier (PKi) which has in its turn been derived (TS32; S1) from a public group key (PK). Further, a secret session key (SKSession) is derived (S4) from a secret key individual to the data carrier (SKi) which has in turn been derived (TS31) from a secret group key (SK). Subsequently, a secret communication key (KK) is agreed on (S7) between the data carrier (10) and the terminal device. Finally, the terminal verifies (S8) the public session key (PKSession) of the data carrier (10).

Abstract: In a method for establishing a secure communication channel between a portable data carrier (10) and a terminal on the basis of an asymmetric cryptosystem, a value (X; Y; V; W) derived from a public key (PKD; PKT) of the cryptosystem is displayed on a display device (40) of the data carrier (10).

Abstract: The invention creates a method for the contactless readout of an electronic identification document by means of a terminal, wherein in a data reading step encrypted identification data from a data memory are transmitted to the terminal, and in a key reading step the data key with which the identification data can be decrypted is transmitted to the terminal, and in the terminal the identification data are decrypted with the data key. The data reading step is carried out employing a long-range radio connection, and the key reading step is carried out employing a short-range radio connection.

Abstract: A method and system for challenge-response authentication are provided. Challenge data are transferred within an anti-collision loop from a reading device to a transponder by means of one or more commands of an anti-collision method, with the one or more commands serving to determine transponder identification data. In the one or more commands respective challenge data are contained in a data field that is used for specifying transponder identification data, wherein it is indicated to the transponder by a parameter value in the at least one of the one or more commands that the data field of the one or more commands contains challenge data instead of transponder date. The transponder recognizes with the help of the parameter value that in the received one or more commands challenge data are contained. The transponder processes the transferred challenge data based on the challenge response authentication.

Abstract: A method for authenticating a portable data carrier (10) to a terminal device employs a public key (PKG) and a secret key (SK1) of the data carrier (10) as well as a public session key (PKT) and a secret session key (SKT) of the terminal device. The data carrier (10) employs as a public key a public group key (PKG). As a secret key the data carrier (10) employs a key (SK1) that has been derived from a secret group key (SKG) associated with the public group key (PKG).

Abstract: In a cryptographic method between a portable data carrier and a terminal device there are employed a public data-carrier key and a secret data-carrier key of the data carrier as well as a public terminal key and a secret terminal key of the terminal device. The data carrier employs as a public data-carrier key a static public key. As a secret data-carrier key the data carrier employs a secret key that is derived from a secret basic key associated with the public data-carrier key. Within the framework of the method, the terminal device checks an authentication parameter associated with the data carrier and different from the data-carrier keys.

Abstract: A method for authenticating a portable data carrier (10) to a terminal device employs a public key (PKG) and a secret key (SK1) of the data carrier (10) as well as a public session key (PKT) and a secret session key (SKT) of the terminal device. The data carrier (10) employs as a public key a public group key (PKG). As a secret key the data carrier (10) employs a key (SK1) that has been derived from a secret group key (SKG) associated with the public group key (PKG).

Abstract: A method and a system for secure transfer of an application from a server (S) into a reading device unit (2) with authentication of a user with a data carrier unit (1), the server (S) making available the application, wherein, between the data carrier unit (1) and the server (S), a first cryptographically secured channel (K1) is set up based on first cryptographic information (A), and between a security module (3) of the reading device unit (2) and the server (S) a second cryptographically secured channel (K2) is set up based on second cryptographic information (B). The application is transferred from the server to the reading device unit via the second cryptographically secured channel (K2).

Abstract: A system for recognizing the presence of a second portable data carrier by a first portable data carrier, wherein the data carriers have respectively a contactless interface with an antenna and an electronic circuit for storing and/or processing data. An RFID reading device supplies the data carriers with energy and for the respective communication of the data carriers with the reading device. In the first and the second data carrier there is respectively provided a further communication device, via which an additional, direct communication channel, independent of the field of the reading device, is made available between the first and the second data carrier, to thereby check the immediate presence of the second data carrier in the field of the reading device by the first data carrier.