METHOD FOR ELECTRONIC SIGNING AND AUTHENTICATON STRONGLY LINKED TO THE AUTHENTICATOR FACTORS POSSESSION AND KNOWLEDGE

摘要

The invention consists of a method for a user to generate digital signatures based on a device, e.g. a smart phone, and secret knowledge of the user (Personal Identification Number or PIN) that are completely under control of the user. Characteristic of the invention is that it is based on a software application (A-APP) in the device that innovatively uses a secure part of the device (Secure Cryptographic Environment or SCE) to bind the signature to both the possession of the SCE and the secret knowledge of the user to the digital signature in such a way that the resulting digital signatures complies with regular digital signatures standards. In effect it is like the SCE has implemented a PIN that only allows access to the digital signature generation function after the user has correctly entered that whereas in reality the SCE is completely oblivious of the PIN. Part of the invention is letting a certificate issuer place the generated public keys in digital certificates together with user information. The invention also entails various applications of the method and system including the setup of a centralized authentication provider providing user authentication and the direct use of the setup of service providers to authenticate users and providing additional services including remote signing. By placing a separated, trusted environment within the authentication provider or certificate issuer the invention caters for privacy friendly authentication mechanisms.