Ready initialized TeleSec NetKey/ IDKeys are anonymous and protected by Deutsche Telekom AG's patented NullPIN method.

Before a NetKey/ IDKey from a set of new cards is assigned to a person or a system, the integrity of the card can be ensured by checking its NullPIN status. Use of the card combined with the assignment of a personal PIN by the person or system destroys this protective seal and ties the card to the PIN owner (knowledge).

From this time onwards, NetKey/ IDKey allows so-called two-factor authorization based on possession and knowledge.

Advantages:

  • TeleSec NetKey/ IDKeys can be stockpiled in advance without having to know precise future needs. Personalization takes place after a NetKey/ IDKey has been handed out.
  • The fact that the PIN letter which is usually required for plastic cards can be dispensed with makes it possible to optimize procedures in terms of finance, administration and human resources thanks to:
    • Simplified inventory control,
    • Postage cost savings,
    • Savings on expensive special paper forms for PIN letters,
    • Savings on administrative effort required to ensure the correct assignment of PIN letter to card,
    • Savings on expense of enveloping PIN letters,
    • Savings on postage for time-staggered dispatch of PIN letter.

The end user chooses their own password (PIN) which is easy to remember and consistent with the way they think. (Such a password can consist of any character from the entire ASCII character set with a recommended password length of up to 64 characters. The use of PIN keypads of secure card readers, for example, may make it necessary to use only numbers 0 to 9.)

 

The appropriate certification service is dictated, as a rule, by the context of use. Various certificate issuers offer their services worldwide on the Internet.

Large companies and organizations often have their own public key Infrastructures (PKI) for issuing and managing advanced certificates. This means that a participant is registered in accordance with the rules of the respective provider. Also, certification service providers (CSPs) who offer so-called qualified certificates have begun operating in various countries in the last few years. The country in question stipulates specific requirements regarding registration quality before a qualified certificate can be issued. Similarly, the quality of Secure Signature Creation Devices (SSCDs) is also specified.

The question of whether or not TeleSec NetKey is suitable as a SSCD has to be agreed in each individual case with the competent CSP. A list of possible certification services can be found in Appendix 1.