Computer-implemented method for controlling access

The invention claimed is: 1. A computer-implemented method for controlling access of a terminal to an attribute stored in an ID token, wherein the ID token is associated with a user, wherein the method comprises receipt of an identification of the terminal by the ID token and checking by the ID token if a session identification validly associated with the identification of the terminal is stored in the ID token, wherein, if a session identification validly associated with the identification of the terminal is stored in the ID token, the ID token transmits the session identification to the terminal and grants the terminal access to the attribute, wherein a subsequent communication with access to the attribute is carried out in an encrypted manner using a session-specific session key, wherein the session-specific session key is stored in the ID token in a manner associated with the session identification or the identification of the terminal, wherein, if no session identification validly associated with the identification of the terminal is stored in the ID token, the method comprises the following steps: authenticating the terminal by the ID token and authenticating the ID token to the terminal, wherein, following successful authentications, the terminal is granted access to the attribute, deriving a session-specific session key, wherein a subsequent communication with access to the attribute is carried out in an encrypted manner using a session-specific session key, deriving a session identification, storing, in the ID token, the identification of the terminal associated with the session identification, storing, in the ID token, the session-specific session key associated with the identification of the terminal. 2. The method according to claim 1 , wherein, if a session identification validly associated with the identification of the terminal is stored in the ID token, a salt is generated by the ID token and a hash value is generated from the identification of the terminal, the salt, and the session identification, wherein the session identification is transmitted from the ID token to the terminal in the form of a transmission of the hash value together with the salt. 3. The method according to claim 1 , wherein, if a session identification validly associated with the identification of the terminal is stored in the ID token, access of the terminal to the attribute is granted for the current session between ID token and terminal without a further authentication process between ID token and terminal. 4. The method according to claim 1 , wherein, by the ID token, if there is no session identification validly associated with the identification of the terminal stored in the ID token, metadata of a permanent certificate of the terminal are received by the ID token at the time of authentication of the terminal, wherein the metadata comprise an access authorization, wherein, following successful completion of the authentications, at least the access authorization is stored in the ID token in a manner associated with the identification of the terminal, and access of the terminal to the attribute is granted in accordance with the access authorization, if there is a session identification validly associated with the identification of the terminal stored in the ID token, the access authorization associated with the identification of the terminal is read by the ID token, wherein access of the terminal to the attribute is granted in accordance with the access authorization. 5. The method according to claim 1 , wherein, by the ID token, if there is no session identification validly associated with the identification of the terminal stored in the ID token, a first timestamp is stored in the ID token in a manner associated with the identification of the terminal, following successful completion of the authentications, wherein the first timestamp specifies a maximum period of validity of the session-specific session key, if there is a session identification validly associated with the identification of the terminal stored in the ID token, the timestamp associated with the identification of the terminal is read, and the session-specific session key is deemed to be validly stored only if the first timestamp is still valid. 6. The method according to claim 5 , wherein the metadata comprise the first timestamp. 7. The method according to claim 5 , wherein the first timestamp is generated for storing the session-specific session key in the ID token, wherein the first timestamp is generated on the basis of a predefined relative period of validity. 8. The method according to claim 1 , wherein the authentication by the ID token comprises the receipt of a permanent certificate of the terminal, the deriving of a terminal hash value from the certificate, and a checking as to whether the terminal hash value is validly stored in the ID token, wherein, if the terminal hash value is validly stored in the ID token, access of the terminal to the attribute is granted without further checking of the permanent certificate of the terminal, wherein the authentication by the ID token comprises the following steps: deriving a first signature from the permanent certificate of the terminal and verifying the first signature with the terminal hash value and a public key of the terminal associated with the permanent certificate, wherein the terminal hash value comprises a hash of the metadata of the certificate, receiving a session-specific public key of the terminal, generating and sending a random first secret to the terminal, receiving a second signature from the terminal and verifying the second signature with use of the session-specific public key of the terminal, the random first secret, and the public key of the terminal associated with the permanent certificate, following successful verification of the first and second signature, storing the terminal hash value in the ID token. 9. The method according to claim 8 , wherein the permanent public key of the terminal is contained in the permanent certificate, wherein the terminal hash value comprises a hash of the permanent public key. 10. The method according to claim 8 , wherein, by the ID token, if the terminal hash value is not validly stored in the ID token, following the successful verification of the first and second signature, the permanent public key is stored in the ID token in a manner linked to a second timestamp, wherein the second timestamp specifies a maximum period of validity of the terminal hash value, if the terminal hash value is stored in the ID token, the second timestamp stored in a manner linked to the terminal hash value is read and the terminal hash value is deemed to be validly stored only if the second timestamp is still valid. 11. An ID token associated with a user, the ID token comprising a communication interface, a processor, and a non-transitory computer-readable storage medium, wherein the storage medium contains computer-readable instructions which, when run by the processor, prompt the execution of a method according to claim 1 control access of a terminal to an attribute stored in the ID token, wherein the ID token is configured to: receive an identification of the terminal and check if a session identification validly associated with the identification of the terminal is stored in the ID token, wherein, if a session identification validly associated with the identification of the terminal is stored in the ID token, transmit the session identification to the terminal, grant the terminal access to the attribute, and carry out a subsequent communication with access to the attribute in an encrypted manner using a session-specific session key, wherein