An electronic certificate is a digital file that can be compared to a virtual passport.
Like a passport, it contains a certain number of personal data corresponding to its owner. It is issued by a recognized authority that can guarantee the authenticity of the data contained in the certificate and its inseparable link with the owner.
This certificate is stored in the memory of a user unit such as the hard disk of a computer, the memory or the SIM card of a mobile phone, the security module of a digital pay television decoder or all other devices requiring on-line identification of the user, etc. The latter can thus securely communicate on a telecommunications network by connecting the certificate with the transmitted data.
The certificate allows, for example, identification on the Internet, the generation of electronic signatures for transactions of high added values and to transmit sensitive data with complete confidentiality.
At present, it is possible for a third party to copy a certificate without the knowledge of its owner with the aid of an adequate program of the Trojan horse type. The third party can thus fraudulently take advantage of the same privileges as the owner in the usage of certain on-line services. When it is a question of financial transactions or particular rights concerning the diffused products, the consequences of this type of fraud can be particularly disastrous for the owner.
The document US2003/0084172 describes a method for obtaining a service on a data communication network including a registration from an authority. The results of this registration are used to obtain a service from a supplier. These results contain data pertaining to the user that the supplier is capable of verifying by requesting data from the authority. The drawback of this method is that it uses data linked to a user, data that can be picked up and reproduced by another user with the aim of obtaining services in a fraudulent way.