| 摘要 |
The method relates to a method for generating a soft token, having the following: providing a secure element, wherein, in a protected storage area of the secure element, a secret key of a first asymmetric cryptographic key pair is stored, setting up a first cryptographically secured connection between an electronic device and a service computer system, transmitting a request for the generation of the soft token from the electronic device to the service computer system via the first connection, generating a one-time password on the basis of the reception of the request by the service computer system, registering the one-time password as an identifier of the first connection by the service computer system, transmitting the one-time password from the service computer system to the electronic device via the first connection, issuing the one-time password via a user interface of the electronic device, setting up a second cryptographically stored connection between a user computer system and the service computer system, entering the one-time password into the user computer system, transmitting the entered one-time password from the user computer system to the service computer system via the second connection, verifying, by means of the service computer system, whether the registered one-time password is in agreement with the one-time password received via the second connection, and only if this is the case, reading at least one attribute stored in an ID token, generating the soft token by signing the at least one attribute and the public key of the first cryptographic key pair, transmitting the soft token via the first connection to the electronic device and/or transmitting the soft token via the second connection to the user computer system. |
| 主权项 |
1. A method for generating a soft token, comprising:
providing a secure element, wherein, in a protected storage area of the secure element, a secret key of a first asymmetric cryptographic key pair is stored, setting up a first cryptographically secured connection between an electronic device and a service computer system; transmitting a request for the generation of the soft token from the electronic device to the service computer system via the first connection; generating a one-time password on the basis of the reception of the request by the service computer system; registering the one-time password as an identifier of the first connection by the service computer system; transmitting the one-time password from the service computer system to the electronic device via the first connection; issuing the one-time password via a user interface of the electronic device; setting up a second cryptographically stored connection between a user computer system and the service computer system; entering the one-time password into the user computer system; transmitting the entered one-time password from the user computer system to the service computer system via the second connection; verifying, by means of the service computer system, whether the registered one-time password is in agreement with the one-time password received via the second connection, and only if this is the case, reading at least one attribute stored in an ID token; and generating the soft token by signing the at least one attribute and the public key of the first cryptographic key pair, transmitting the soft token via the first connection to the electronic device and/or transmitting the soft token via the second connection to the user computer system, wherein a local connection is set up between the user computer system and the secure element, wherein the local connection is a bidirectional ad hoc connection. |
