摘要 |
When confidential data or areas of an EDP system ( 2 ) are accessed by a user ( 9 ), the user is granted access only if he registers ( 16 ) with the EDP system correctly with a user name and a password and, in addition, can identify himself as having access authorization using an access code ( 21 ), to which only he has access, from a database ( 5.2 ). The database is stored on a chip card ( 5 ), and access to the database has dual protection. Access to the access codes in the database is given only to that user who can correctly authenticate himself ( 12 ) to the chip card using biometric data, for example. In addition, the access codes in the database can be accessed only by a program ( 5.1 ) which is stored on the chip card and which can be activated only following correct authentication to the chip card by the user and which needs to have correctly authenticated itself ( 20 ) directly on the database using an ID incorporated in the program code.
|