摘要 |
<p>Digital certification method in which a first digital signature dependent upon a first user (102) and a first user (102) system in combination (102), is stored accessibly to a certification server (108). The first user (102) identity can be distinguished by, for example, a PIN provided by the user (102). Subsequently, at a second time when the user (102) desires authorization to complete a transaction (2), the user system (102) generates a second signature dependent upon both the current user identity and current user system in combination. The certifying system (104) then compares the second signature with the first (1) as stored (108), in order to determine whether to certify the transaction (6). The certification can accommodate normal computer system component drift. In an embodiment, an inquiring system (106) desiring to confirm the identity of a user (102), issues a challenge code (3) to the user system (102). The user system (102) then digests the user's PIN, individual component signatures as they currently exist on the user's system (102), together with the challenge code (3) to generate the new signature (4). The new signature (4) is transmitted back to the inquiring system (106), which transmits it on to the certification server (104) together with the challenge code (5). The certification server (104) then digests the challenge code with the original signature (1) as previously stored (108), and compares the result to the newly provided signature. If they match, then the user's (102) identity is confirmed (6). If not, then drift criteria can be applied if desired.</p> |