| 摘要 |
A roaming user (150) needing an authentication credential (e.g., private key ) (230) to access a computer server (110) to perform an electronic transaction may obtain the authentication credential (230) in an on-demand fashion from a credential server (160) accessible to the user over a computer network. In this way, the user is free to roam on the network without having to physical ly carry his authentication credential (230). Access to the credential (230) ma y be protected by one or more challenge-response protocols involving simple shared secrets, shared secrets with one-to-one hashing (210), or biometric methods such as fingerprint recognition. If camouflaging is used to protect the authentication credential (230), decamouflaging may be performed either at the credential server (140) or at the user's computer (160). |
