摘要 |
A data structure is disclosed which provides for establishment of a strong link between an authorized user and a token issued to that authorized user. A digital signature (104), created using a digital signature algorithm, a corresponding verification algorithm and a cryptographic key, is based on, at a minimum attribute(s) (101) of the token and characteristic(s) (102) of the authorized user (e.g. biometrics) to whom the token is issued. The signature and information about token attributes (101) and user characteristics (102) are used to create the binding during enrollment, and the digital signature (104) is stored in the token memory (105) along with at least information about the characteristic(s) (102) of the authorized user and the attributes (101) of the token. Additionally, information about distinguishing attribute(s) is available from the token, perhaps from the token memory (105). The data structure permits verification of token authenticity and user authorization when a token is presented for use. |