This invention relates to a method and a system for ordering and delivering digital certificates. The present invention relates in particular to a method and a system for ordering digital certificates by users and for delivering digital certificates to certificate support devices of these users.
With the progressive spread and growing popularity of digital communication networks, be it fixed networks, in particular the worldwide Internet, or terrestrial or satellite-based mobile radio networks, it has become more and more necessary for the user to use cryptographic methods in the transmission of digital data over these communication networks, in particular in connection with electronic transactions of any kind, in order to ensure the confidentiality and integrity of the transmitted data and the authenticity of the sender of these data. A well-known cryptographic method is asymmetrical cryptography in which a digital key pair, consisting of a private key and a public key, is used by a user for encryption and decryption of data as well as for generation and checking of digital signatures. To transmit data over the communication networks under a certified identity, the digital public key is certified by a certification authority by means of known cryptographic algorithms after the identity of the respective user has been determined and authenticated by a registration authority. For critical uses, for instance financial transactions and/or transmission of data that trigger events of great importance, it can be necessary for a user to appear in person at the registration point at least when registering for the first time, handwritten documents of the user often being registered as well. The resultant digital public key certificate, or designated in short as certificate in the following description, and the associated key pair are stored in a certificate support device, often referred to as token, for example a mobile device, for instance a mobile radio telephone, a personal computer, a portable computer or a chipcard, e.g. a SIM card (subscriber identity module), or another suitable device with data store and communications interface.
For better understanding, it should be stated here that the functions and the services of a certification authority, or respectively of a registration authority, are executed by units that will be referred to as the certification unit or respectively the registration unit in the following text.