摘要 |
<p>The invention relates to a method for creating an authentication instance 300 derived from an original data storage medium 100. The original data storage medium has a key pair dedicated to the original data storage medium, comprising a public key PKO and a secret key SKO of the original data storage medium 100, and a certificate CPKO about the public key PKO of the original data storage medium 100. For the derivative authentication instance 300, a secret key SKA is derived from the secret key SKO of the original data storage medium 100 by way of the original data storage medium 100. Derivative data g1, Cg1 are generated for the derivative authentication instance 300. Subsequently, authentication data 310 are transferred to the derivative authentication instance 300, wherein the authentication data include derivative data g1, Cg1, the certificate CPKO of the public key PKO of the original data storage medium 100, and a derivative key pair, comprising the derivative secret key SKA and the public key PKO of the original data storage medium 100.</p> |