The key generator in the TeleSec trust center does not store any keys, keys are transferred to the smartcard via encrypted lines in T Systems' security-certified trust center. This completely excludes the possibility of any duplicates, the secret key is therefore located exclusively in the TCOS chip.

 

After a NetKey/ IDKey has been produced, the secret keys can only be used for cryptographic operations inside the TCOS chip. The use of secret keys is protected by a PIN, i.e., only authorized users can use secret keys.