Data certification method and apparatus

Abstract

Apparatus for certifying electronic data supplied by a user receives data to be signed, supplied by the user from a source device, at a certifying apparatus including at least a signature server providing a signing function. An encrypted password is received at that server from the source device via a first communication path, the password being generated by an authentication system providing an authentication function separate from the signing function and the password being transmitted to the source device via a second communication path, the signature server and the authentication system have different communication paths with the source device. A version of the encrypted password is communicated between the signature server and the authentication system via a third communication path, different to the first and second paths, for authenticating the user. A result of the authenticating of the user is determined at the signature server by the communication between the authentication system and the signature server, that result being determined by verification of the version of the encrypted password, that verification being performed without the signature server verifying the actual plaintext password. The data to be signed is signed using elements of information secure to the signature server if the result of the authentication indicates that the user is authenticated. The signed data from the certifying apparatus is then passed to a recipient device so that the elements of secure information certify that the data supplier is the user. A method of certifying the data is also disclosed.