The generation of digital signatures or electronic signatures, as they are also called, by means of cryptographic methods is generally known. Conventionally, by means of a hash function, a characteristics record, a so-called fingerprint, is obtained from the object data to be signed. The object data are, for example, a digital data or text file. The fingerprint is the part of the object data which is used for generation of the digital signature. The digital signature is obtained from the fingerprint by means of an asymmetrical encryption method. Asymmetrical encryption methods are characterized in that different digital keys are used in each case for the encryption and the decryption: a public key and a secret private key. The digital signature of the object data to be signed is generated through the encryption of the fingerprint using the private key of the signatory.
Certificates for public keys, so-called public key certificates, are used to secure and control the association of a public key with the identity of a (legal) entity. A public key certificate is generated by the public key of the key holder, together with an identification of this key holder, being electronically signed by a security provider, a so-called certificate authority. That means that a fingerprint is generated from the public key and the identification, and the fingerprint is encrypted using the private key of the security provider. For verification of digital signatures, certificate directories, accessible to the public, with public key certificates are provided by the security provider. Revocation lists with revoked certificates are also mentioned in these directories. The costs for this infrastructure (Public Key Infrastructure, PKI) maintained by the security provider are typically billed to the key holders, i.e. the clients of the security provider.
In known applications, the digital key pair, a signature module for generating a digital signature using the private key, and, optionally, a certificate for the public key are stored, or respectively implemented, on portable electronic security modules. For increased security, the private key is often generated directly in the security module and never needs to leave it. Such security modules, which are implemented, as a rule, as chipcards, only have to be connected then to an electronic device, for instance a communication terminal, by their users when object data are to be provided with a digital signature during a transaction. The object data can then be transmitted to a receiver together with the digital signature and, optionally, with the certificate for the public key. The receiver must first of all check the public key certificate and determine the identity of the sender, and then verify the signature, i.e. the correctness of the signature. If no certificate for the public key has been affixed to the object data, the receiver must in addition obtain this certificate from a certificate directory, and, as a precaution, consult the revocation lists. When the identity of the sender and the correctness of the digital signature have been established, additional transaction-specific attributes of the sender must be requested and checked before the respective transaction can be processed. Examples of such sender-specific attributes include finance-technical data such as mode of payment, bank account, credit card number, credit limits or credit worthiness, validity data such as expiration date, date of updating, or period of validity, further identification data such as customer number, membership number, employee number or identification number or authorization data such as tickets, subscriptions or other access and user rights.
The above-described known security mechanisms and security modules have various drawbacks. For example, the infrastructure for the public certificates (PKI) is rather intricate, and the customers are often not willing to bear the ongoing costs arising therefrom. Moreover transactions using these known security mechanisms and security modules often turn out to be complicated as well since additional steps and data transfers between a plurality of communication partners are necessary for obtaining the public certificate and for checking the transaction-specific attributes of the sender. Finally, the certificates for the public key have a static nature since they are typically generated once, and are then used over a longer period of time, for instance over several years, which increases the risk of abuse by unauthorized third parties.