The inventive method allows to secure data relating to users of a public
key infrastructure who may present certificates (11) at an institution
(30) in order to initiate transactions. For this purposes the institution
(30) uses and securely stores a secret key or a key pair which is designed
for encrypting and decrypting data. Based on an agreement between a
certificate holder and the institution (30), corresponding relational data
are generated. Then said relational data are encrypted with the
institution's (30) secret key or the first key of said key pair.
Subsequently the encrypted relational data are integrated into the
certificate (11) which preferably adheres to ITU recommendation X.509
version 3. At a later stage, whenever the certificate holder contacts the
institution (30) in order to initiate a transaction based on said
agreement between the certificate holder and the institution (30),
encrypted relational data contained in the certificate (11) is decrypted
by means of the secret key or the second key of said key pair of the
institution (30). Based on the decrypted relational data, data stored in a
directory (33) of the institution (30) can be verified and the requested
transaction be performed.
