摘要 |
A digital signature system that employs a temporary digital ID signed by using a private key, so that the digital ID can be used as a proxy for a specific period of time and for a specific purpose. When a signature is requested by a server application, a user does not use his or her private key, but employs a temporary key generated using the private key. A temporary certificate for the temporary key is signed using the user's private key. The temporary certificate includes information concerning the period of time during which the temporary certificate is valid and information concerning the purpose for which used. Upon receipt of a request from an application that a document be signed, a client transmits to the server a document signed using the temporary key, the temporary certificate and a user's certificate. First, the server examines the signature; second, it determines whether the temporary certificate is still effective, i.e., whether the period of time during which valid has expired and whether the certificate is for another application; and third, confirms that the temporary certificate has been signed by an authenticated user. Finally, the server validates of the user's certificate.
|