Abstract: A method for operating a digital security token in a data network terminal (12) includes provisioning the digital security token in the data network terminal (12), examining a test characteristic (Pz) with a server (14) based on information about the test characteristic (Pz) and a connection of the test characteristic (Pz) to a user (C) in the context of the use of the digital security token for authenticating the user (C) and/or in the context of a periodic routine examination, and transmitting a new test characteristic (Pz) from the server (14) to the data network terminal (12) only if the examined test characteristic (Pz) is accurate. The new test characteristic (Pz) is necessary for continued operation of the digital security token.

Abstract: A method is provided for securely transmitting a digital message that is transmitted by means of an electronic letter service. A user of the service has a computer with a functioning browser and an Internet connection, and the electronic letter service makes use of a TrustCenter. The user creates a password using his/her browser. A user password verifier is cryptographically derived from the password. The user password verifier is transmitted to the electronic letter service and stored on a storage medium. A user secret is generated from the password by means of a cryptographic derivation. The user secret constitutes the symmetrical key for the encryption of a user-specific user master secret. The user secret is encrypted using the public key of the TrustCenter and the encrypted user secret is transmitted to the electronic letter service, from where it is then forwarded to the TrustCenter.

Abstract: A device and a method is disclosed for the personalized provision of a key for processing target information. The device comprises an information receiving means to receive biometric information about the user, a storage device for storing biometric reference information, an authentication means to compare the user's biometric information, which was received by the biometric information acquisition means, to the stored biometric reference information, and an output means to output information. The device also comprises a cryptographic unit, whereby the cryptographic unit can use the biometric information about the user to generate the key, whereby the key can be output via the output means. The method comprises receiving biometric information about the user, comparing the received biometric information about the user to previously stored biometric reference information, and generating the key for processing target information on the basis of the biometric information about the user.

Abstract: A first installation stores key identifications with allocation to a respective user and a second installation stores secret keys which each can be found by means of a key identification. The first installation authenticates a user who logs onto the first installation via a user device, creates a temporary identifier, allocates the identifier to the user and transmits the identifier to the user device. The second installation receives a request for a secret key from the user device together with the identifier and requests a key identification from the first installation, wherein the received identifier is transmitted. The first installation determines a user allocated to the received identifier, identifies a key identification stored for the determined user and transmits the key identification to the second installation. This second installation determines a secret key based on the received key identification and transmits the secret key to the user device.

Abstract: A method is provided for securely transmitting a digital message that is transmitted by means of an electronic letter service. A user of the service has a computer with a functioning browser and an Internet connection, and the electronic letter service makes use of a TrustCenter. The user creates a password using his/her browser. A user password verifier is cryptographically derived from the password. The user password verifier is transmitted to the electronic letter service and stored on a storage medium. A user secret is generated from the password by means of a cryptographic derivation. The user secret constitutes the symmetrical key for the encryption of a user-specific user master secret. The user secret is encrypted using the public key of the TrustCenter and the encrypted user secret is transmitted to the electronic letter service, from where it is then forwarded to the TrustCenter.

Abstract: A first installation stores a secret key of a user and a second installation provides encrypted data for the user. In order that a user apparatus can decrypt the encrypted data, the apparatus creates a one-time password, encrypts the one-time password by means of a public key of the first installation and causes the second installation to retrieve the secret key of the user from the first installation by means of the encrypted one-time password and a key identification allocated to the user in the second installation. The first installation decrypts the one-time password, searches for the secret key based on the key identification, encrypts it with the one-time password and transmits the encrypted secret key to the apparatus via the second installation. There, the secret key of the user is decrypted by means of the one-time password and is used for decrypting the encrypted data.

Abstract: A first installation stores key identifications with allocation to a respective user and a second installation stores secret keys which each can be found by means of a key identification. The first installation authenticates a user who logs onto the first installation via a user device, creates a temporary identifier, allocates the identifier to the user and transmits the identifier to the user device. The second installation receives a request for a secret key from the user device together with the identifier and requests a key identification from the first installation, wherein the received identifier is transmitted. The first installation determines a user allocated to the received identifier, identifies a key identification stored for the determined user and transmits the key identification to the second installation. This second installation determines a secret key based on the received key identification and transmits the secret key to the user device.

Abstract: A method for providing user identification data in order to generate a user account containing user identification data in a service server that provides an electronic service, makes use of a user account. The user is registered in an intermediary agency and, on the basis of the registration of the user, the intermediary agency transmits to the service server, the user identification data as well as a request for the generation of the user account. This is done in such a way that the service server generates the user account, making use of the user identification data. The intermediary agency can serve as a trusted web platform for users and service providers, and can allow users to access services anonymously. The subject innovation also relates to an intermediary agency that is suitable to carry out the method, and it also relates to a computer program for carrying out the method.