摘要 |
A method for consuming tokens used to control access to restricted resources held at a user's machine (106) is disclosed. The method comprises: reading a stored token form a first storage area of the user's machine (106), calculating control information for verifying the integrity of the stored token, reading predetermined control information corresponding to the stored token from a second storage area, comparing the control information to the predetermined control information; and consuming the stored token conditional on the control information matching the predetermined control information. The first and second storage areas are separate to help reduce the vulnerability of the tokens to selective replay attack. |