US 11,777,743 B2
Method for securely providing a personalized electronic identity on a terminal
Frank Dietrich, Berlin (DE); Marian Margraf, Werder (DE); Tim Ohlendorf, Berlin (DE); and Matthias Schwan, Berlin (DE)
Assigned to Bundesdruckerei GmbH, Berlin (DE)
Appl. No. 17/421,079
Filed by Bundesdruckerei GMBH, Berlin (DE)
PCT Filed Jan. 8, 2020, PCT No. PCT/DE2020/100006
§ 371(c)(1), (2) Date Jul. 7, 2021,
PCT Pub. No. WO2020/143877, PCT Pub. Date Jul. 16, 2020.
Claims priority of application No. 10 2019 100 335.0 (DE), filed on Jan. 8, 2019.
Prior Publication US 2022/0116230 A1, Apr. 14, 2022
Int. Cl. H04L 9/32 (2006.01); H04L 9/08 (2006.01); H04L 9/30 (2006.01)
CPC H04L 9/3268 (2013.01) [H04L 9/0825 (2013.01); H04L 9/3073 (2013.01)] 9 Claims
OG exemplary drawing
 
1. Method for securely providing a personalized electronic identity on a terminal which can be used by a user for identification purposes when claiming an online service, wherein in the method in a system comprising data processing devices and a terminal which is assigned to a user, an identification application is executed on the terminal and furthermore a personalization application and an identity provider application are executed and wherein the method here comprises the following:
transmitting a request to transmit an identity attribute assigned to the user from the personalization application to the identity provider application;
transmitting the identity attribute from the identity provider application to the personalization application after an agreement to transmit the identity attribute by means of the identity provider application was received from the user;
generating an asymmetric key pair with a public and a private key on the terminal by means of the identification application in response to the receipt of a request to generate the asymmetric key pair in the terminal from the personalization application;
transmitting the public key from the identification application on the terminal to the personalization application;
generating an electronic certificate for the public key by means of the personalization application and storing the electronic certificate to form a first public-key infrastructure of the personalization application in a data storage device, further comprising:
generating a hash value for the identity attribute and
recording the hash value onto the electronic certificate;
encrypting the identity attribute with the public key by the personalization application,
transmitting the encrypted identity attribute and the electronic certificate from the personalization application to the identification application on the terminal and
decrypting the encrypted identity attribute with the private key and storing the decrypted identity attribute and the electronic certificate as personalized electronic identity of the user in a local storage device of the terminal.