Abstract: A method for managing an application for the electronic identification of a user of a mobile terminal has a subscriber identity module in a mobile network.

Abstract: A chip set for a terminal comprises at least one secure processor, in which a one-time programmable memory is integrated. At least one terminal serial number of the terminal is stored in the chip set. Information for securing the terminal serial number against tampering is stored in the one-time programmable memory.

Abstract: A method is for a first-time startup of a not fully personalized secure element, which serves for the use of services of a mobile communication network, in a mobile terminal. In the method, the secure element is started and requested to transmit a status message. The secure element transmits a status message in which it is stated whether the secure element: S1) contains only a bootloader but as yet no firmware image for the secure element; S2) contains a firmware image for the secure element but is not yet fully personalized; or S3) is fully personalized. The secure element is accepted in the cases S1), S2) and S3) and rejected in other cases. In the case S1), a download for a firmware image of the secure element is initiated for a first-time startup.

Abstract: A chip set for a terminal comprises at least one secure processor, in which a one-time programmable memory is integrated. At least one terminal serial number of the terminal is stored in the chip set. Information for securing the terminal serial number against tampering is stored in the one-time programmable memory.

Abstract: A chip set for a terminal comprises at least one secure processor, in which a one-time programmable memory is integrated. At least one terminal serial number of the terminal is stored in the chip set. Information for securing the terminal serial number against tampering is stored in the one-time programmable memory.

Abstract: A method for reading an identity document, a readout terminal and a readout system, which simplifies the multiple reading of identity documents. According to the method, an authentication key and an information item are stored in hidden fashion in the chip of the identity document.

Abstract: The invention creates a method for loading an electronic amount of money represented as a random number sequence to a portable data carrier, with a conversion of the random number currency to the data carrier currency, and a disbursement of one or several money unit(s) from a portable data carrier, with a conversion of the data carrier currency to the random number currency.

Abstract: A method is for a first-time startup of a not fully personalized secure element, which serves for the use of services of a mobile communication network, in a mobile terminal. In the method, the secure element is started and requested to transmit a status message. The secure element transmits a status message in which it is stated whether the secure element: S1) contains only a bootloader but as yet no firmware image for the secure element; S2) contains a firmware image for the secure element but is not yet fully personalized; or S3) is fully personalized. The secure element is accepted in the cases S1), S2) and S3) and rejected in other cases. In the case S1), a download for a firmware image of the secure element is initiated for a first-time startup.

Abstract: A chip set for a terminal comprises at least one secure processor, in which a one-time programmable memory is integrated. At least one terminal serial number of the terminal is stored in the chip set. Information for securing the terminal serial number against tampering is stored in the one-time programmable memory.

Abstract: A method for authorizing a transaction has the following steps: inputting transaction data on a first mobile device, transmitting the transaction data from the first device to a background system by means of a first over-the-air interface, transmitting in encrypted manner at least a password to a second mobile device through the intermediary of the first mobile device, and authorizing the transaction by inputting the password displayed on the second device on the first device.

Abstract: The invention creates a method for the contactless readout of an electronic identification document by means of a terminal, wherein in a data reading step encrypted identification data from a data memory are transmitted to the terminal, and in a key reading step the data key with which the identification data can be decrypted is transmitted to the terminal, and in the terminal the identification data are decrypted with the data key. The data reading step is carried out employing a long-range radio connection, and the key reading step is carried out employing a short-range radio connection.

Abstract: A method for reading an identity document, a readout terminal and a readout system, which simplifies the multiple reading of identity documents. According to the method, an authentication key and an information item are stored in hidden fashion in the chip of the identity document.

Abstract: A method for authorizing a transaction has the following steps: inputting transaction data on a first mobile device, transmitting the transaction data from the first device to a background system by means of a first over-the-air interface, transmitting in encrypted manner at least a password to a second mobile device through the intermediary of the first mobile device, and authorizing the transaction by inputting the password displayed on the second device on the first device.

Abstract: The invention relates to a method for activating a portable data carrier (1) in which a first portable data carrier (1) is supplied in an inactive state to a user, after the user has requested the first data carrier (1) with the aid of a second portable data carrier (2) from a central instance, whereby the first and the second data carrier (1, 2) have access to authentication data for mutual authentication. In the method according to the invention a communication connection is set up between the first and the second data carrier (1, 2), via which the first and the second data carrier (1, 2) mutually authenticate each other on the basis of the authentication data and establish a cryptographically secured end-to-end connection. Via this end-to-end connection then the second data carrier (2) activates the first data carrier (1) by transmitting activation data to the first data carrier (1).

Abstract: A method and a system for secure transfer of an application from a server (S) into a reading device unit (2) with authentication of a user with a data carrier unit (1), the server (S) making available the application, wherein, between the data carrier unit (1) and the server (S), a first cryptographically secured channel (K1) is set up based on first cryptographic information (A), and between a security module (3) of the reading device unit (2) and the server (S) a second cryptographically secured channel (K2) is set up based on second cryptographic information (B). The application is transferred from the server to the reading device unit via the second cryptographically secured channel (K2).

Abstract: The invention creates a method for loading an electronic amount of money represented as a random number sequence to a portable data carrier, with a conversion of the random number currency to the data carrier currency, and a disbursement of one or several money unit(s) from a portable data carrier, with a conversion of the data carrier currency to the random number currency.

Abstract: A method for authenticating a portable data carrier (10) to a terminal device by the following steps: In the data carrier (10) a public session key (PKSession) is derived (S5) from a public key individual to the data carrier (PKi) which has in its turn been derived (TS32; S1) from a public group key (PK). Further, a secret session key (SKSession) is derived (S4) from a secret key individual to the data carrier (SKi) which has in turn been derived (TS31) from a secret group key (SK). Subsequently, a secret communication key (KK) is agreed on (S7) between the data carrier (10) and the terminal device. Finally, the terminal verifies (S8) the public session key (PKSession) of the data carrier (10).

Abstract: In a method for establishing a secure communication channel between a portable data carrier (10) and a terminal on the basis of an asymmetric cryptosystem, a value (X; Y; V; W) derived from a public key (PKD; PKT) of the cryptosystem is displayed on a display device (40) of the data carrier (10).

Abstract: The invention creates a method for the contactless readout of an electronic identification document by means of a terminal, wherein in a data reading step encrypted identification data from a data memory are transmitted to the terminal, and in a key reading step the data key with which the identification data can be decrypted is transmitted to the terminal, and in the terminal the identification data are decrypted with the data key. The data reading step is carried out employing a long-range radio connection, and the key reading step is carried out employing a short-range radio connection.

Abstract: The invention relates to a method for the data communication between a portable data carrier (10) and an external communication device, which both in each case comprise a TCP/IP protocol stack (24). In a first step the communication device sends communication data to the data carrier (10), the communication data comprising at least commands according to an Internet protocol of the application layer of the TCP/IP reference model and commands in the form of APDUs according to ISO/IEC 7816-4. The method additionally comprises the steps of transmitting the communication data between the communication device and the data carrier (10), of receiving the communication data by the data carrier (10) and of separating the received APDUs and the received Internet protocol commands from each other by means of the allocator unit (32) of the data carrier (10).