In many application scenarios, it is necessary to link in a user device which has been set up in a user's home area by a service provider. For example, in the case of an intelligent power supply network, an energy supplier can provide an energy gateway as a user device in a user's household. Energy gateways of this type serve principally to optimize the consumption and feeding in of energy by local energy consumers and producers. In this case, these energy gateways serve to control energy producers, such as for example solar cells or combined heat and power systems in the household concerned. These energy gateways make it possible, in addition, for the user concerned to participate in the power supply under conditions which are favorable to him, by feeding energy into the energy supply network at points in time when the demand for energy is high. In order to be able to provide such a decentralized intelligent energy supply system with a plurality of energy gateways, it is necessary to link the various participants or users and the various energy service providers or energy suppliers, as applicable, securely into the network. In doing so, the identity or a proof of the identity, as appropriate, of the user device or energy gateway concerned plays an essential role. The identity of the user device, for example the energy gateway, is in this case conventionally ensured in the form of a key certificate and an associated private key. The required material for the key is here produced by the user device, for example the energy gateway, itself.
There are a host of different user devices which are set up by various service providers on users' premises, in particular in the home area, wherein the service providers make a service available to the user via the user device which has been set up. Examples of such user devices, apart from energy gateways which can be used to exchange data with an energy provider, are medical devices for the exchange of patient data with a service provider, for example a medical center, or alarm devices such as for example fire alarms, for transmitting alarm messages to a service provider, for example a fire station. Beside these there is a host of communication devices, for example pay-TV boxes, which are set up on a user's premises by a service provider in order to transmit information data, for example films, to the user.
Most of the user devices of this type are freely marketed, obtainable for example in electrical markets. If a user device of this type is obtained from the trade by a user and set up on his premises, then in order to be able to receive the desired service the user must register with a server of the service provider. In doing this, a public key generated by the user device can be certified on the service provider as part of the registration procedure by the presentation of a digital certificate, without the need for a contract between the user and the service provider to have been concluded at the time of purchase of the user device. This can also be carried out as part of the initial registration.
However, in this case there is conventionally the danger that key material which is to be certified, is sent to the service provider's server for certification in a message to the service provider from a person other than the actual customer or user, as applicable, who wishes to obtain the service from the service provider. This is possible because there is as yet no authenticated link between the participating components, that is to say the user device and the service provider's server.