Method for securing data relating to users of a public-key infrastructure

摘要

The inventive method allows to secure data relating to users of a public key infrastructure who may present certificates (11) at an institution (30) in order to initiate transactions. For this purposes the institution (30) uses and securely stores a secret key or a key pair which is designed for encrypting and decrypting data. Based on an agreement between a certificate holder and the institution (30), corresponding relational data are generated. Then said relational data are encrypted with the institution's (30) secret key or the first key of said key pair. Subsequently the encrypted relational data are integrated into the certificate (11) which preferably adheres to ITU recommendation X.509 version 3. At a later stage, whenever the certificate holder contacts the institution (30) in order to initiate a transaction based on said agreement between the certificate holder and the institution (30), encrypted relational data contained in the certificate (11) is decrypted by means of the secret key or the second key of said key pair of the institution (30). Based on the decrypted relational data, data stored in a directory (33) of the institution (30) can be verified and the requested transaction be performed.