A. Field of the Invention
The present invention relates to a method for authenticating a portable data carrier to a terminal device, as well as an accordingly adapted data carrier and a terminal device.
B. Related Art
A portable data carrier, for example in the form of an electronic identity document, comprises an integrated circuit having a processor and a memory. In the memory there are stored data that relate to a user of the data carrier. On the processor there is executable an authentication application via which the data carrier can authenticate itself to a terminal device, for example at a border control or the like in the case of an identity document.
During such an authentication method, a secure data communication between the data carrier and the terminal device is prepared by a secret communication key for symmetric encryption of a subsequent data communication being agreed on, for example by means of the known key exchange method according to Diffie and Hellman or other suitable methods. Further, at least the terminal normally verifies the authenticity of the data carrier, for example on the basis of a certificate.
For carrying out a method for agreeing on the secret communication key, it is necessary that the terminal as well as the data carrier respectively make available a secret key and a public key. The certificate of the data carrier can relate for example to its public key.
When each data carrier of a set or group of data carriers having an individual key pair consisting of a public key and a secret key is personalized, there result problems with regard to the anonymity of the user of the data carrier. It would then be possible to associate each use of the data carrier uniquely with the corresponding user and in this way create for example a complete movement profile of the user. To take account of this aspect, it has been proposed to equip a plurality or group of data carriers respectively with an identical, so-called group key pair consisting of a public group key and a secret group key. This makes it possible to restore the anonymity of a user, at least within the group. This solution is disadvantageous in that if one of the data carriers of the group is compromised, the total group of data carriers must be replaced. If the secret group key of one of the data carriers of the group has been spied out, for example, none of the data carriers of the group can be securely used further. The effort and costs of a necessary replacement campaign can be huge.