| 摘要 |
The present invention relates to a system and method for securing offline usage of a certificate by authenticating a user by a One Time Password (OTP) system when the user computing device is working in offline. An external authentication server of the server generates a set of expected OTP to protect the certificate. The server encrypts each certificate with a wrapper key and derivates a key from each OTP. Each derived key encrypts the wrapper key to create a set of encrypted wrapper keys. The computing device stores into its memory the encrypted certicate and the set of encrypted wrapper keys received from the authentication server. During a use of the certicate by the computing device working offfline, an authentication request is received from a user of the computing device, the authentication request including a user-provided OTP. The computing device derives a key from the OTP provided. The OTP derived key being used to decrypt one corresponding wrapper key of the set of encrypted wrapper keys. The decrypted wrapper key being used to decrypt the certificate. |
