A. Field of the Invention
The invention relates to a method and a system for activating a portable data carrier, e.g. in the form of a chip card.
B. Related Art
Today in a plurality of applications portable data carriers are used that are personalized for a predetermined person and are provided solely for the use by this person. On such data carriers frequently highly sensitive personal data of the user are saved. So as to prevent misuse, it must therefore be ensured that the personalized data carrier is handed over to that user for whom the data carrier was personalized. Thus for example when requesting portable data carriers in the form of electronic identity documents, such as e.g. an electronic passport, as a rule it is required that the applicant appears in person when requesting and having issued the electronic identification document.
In the document WO 2004/027715 A2 a system for personalizing and issuing identity documents is described in which a document can be personalized in a decentralized fashion, via a personalization unit. Here in the personalization process a central supervisory instance is interposed with which the personalization unit communicates for authorizing the personalization of a document. Thus a data connection must be set up between the personalization unit and the central instance for carrying out the personalization.
In the document EP 0 479 982 B1 the transfer of monetary values between portable data carriers in the form of electronic wallets is described, whereby the transfer of a monetary value can take place directly between the wallets without interposing a computer system.
From US 2007/0226793 A1 a method is known for transferring security functionality from a “parent card” to a “child card”. The parent card receives from a certification authority a certificate with the public key of the certification authority. The parent card itself further generates a certificate that is stored in the child card. The certificate generated by the parent card contains a signature formed with the aid of the secret key of the parent card over the public key of the child card; in addition it contains the basic certificate issued by the certification authority. By resolving the nested certificate of the parent card the child card can be traced back uniquely to the parent card and be authenticated thereby. After successful authentication the card issuer transfers authorization data to the child card with which the child card can subsequently be used like a parent card. The nesting method can be continued in principle over any desired number of card generations. The formation of the nested certificates and the transfer of card functionalities take place at an intermediary device at which the parent card and the child card are presented simultaneously. Doing so, a secure connection is set up between the parent card and the child card. After establishing the secure connection between the parent card and the child card the method requires the inclusion of the card issuer.
It is the object of the invention to create a method and a system for activating a portable data carrier which make it possible to activate the data carrier without the direct involvement of a central instance in a simple, secure and user-friendly fashion.