The increasing connection of services and devices in communication networks increases the requirements on secure communication. In this situation, secrecy and authenticity are usually ensured via asymmetric (“public key”) encryption methods. Each participant in the communication network has a public key which is provided to communication partners, i.e., other participants in the communication network, and a private key, which is kept secret by the participant. The public key is signed by a central certification authority in order to confirm the authorization of the participant for the communication network. The signed, public key is referred to herein as a certificate. A certificate can in addition include, besides the public key, attributes (for example, the name or characteristics of the owner), which are also signed. Since the security of the communication system is based on the secrecy of the private key, the private key is usually stored on a Hardware Security Module (HSM).
Many communication networks store personal pieces of information of the participant and also pass them on. This information may be the exact location or other sensitive data. Known examples are personal assistance systems, Car2Car or Car2X systems and Internet of Things and Services (IoTS) in general. The traditional procedure in order to protect the privacy of the participant during the communication is the so-called pseudonymous communication. In this setup, each user uses a larger number of certificates (pseudonyms) and corresponding private keys, which are switched regularly, instead of a fixed pair of a certificate and an associated private key.
Due to their different requirements and conditions, some services use specific protocols and special formats in order to store the certificates and private keys. Such a protocol-specific certificate format is, for example, ETSI TS 103 097 in Car2Car communication. A conversion of a certificate having a public key in a certain format into a certificate having the same public key in a different format is not possible. Therefore, certificates cannot be used via multiple protocols which use different certificate formats.
The pseudonymous communication in itself already requires a large number of certificates and associated private keys, which must be stored. If different protocols must also be served, the number increases even more if the certificate formats are not compatible. In particular, this high number of private keys, which are stored in a secure memory, for example, in an HSM, thereby increases the costs for such a secure memory.
It is therefore desirable to enable a secure communication in a communication network via multiple protocols with a low need for secure memory.