| 摘要 |
The invention relates to a computer implemented method for controlling access of a user (102) to a security system (130), wherein an identification document (104) of the user contains an electronic identification (106). The method comprises: - receipt (402) of a permission request (202) for access of the user to the security system; - upon receipt of the permission request, verification (404) of whether a first trust anchor (GBVA.1) is present in a first memory (116), and/or whether a second trust anchor (GBVA.2) is present in a second memory (115); - in the case that the trust anchors are present in the memories, a use (406) of the same for mutual authentication of a control unit and the identification document; - in the case (420) of the successful mutual authentication of the identification document and the control unit (112), transmission (423) of the electronic identification (106) to an authorization server (134); - in the case that the first and/or the second trust anchors are not stored in the memories, prompting (408) of an authentication server (140) to generate the first and/or the second trust anchor; and transmission (422) or enabling the transmission of the user's electronic identification (106) stored in the identification document to the authorization server (134), by the authentication server; - granting (428) or denial (426) of the access to the security system depending (424) on the electronic identification transmitted by the authorization server. |
