A computer program product for a client computing system including a
processor includes code that directs the processor to request a challenge
from a authentication server, code that directs the processor to receive
the challenge from the authentication server via a first secure
communications channel, the challenge comprising an identity code, code
that directs the processor to receive user authentication data from a
user, code that directs the processor to determine a private key and a
digital certificate in response to the user authentication data, code
that directs the processor to form a digital signature in response to the
identity code and the private key, code that directs the processor to
communicate the digital signature to the authentication server, code that
directs the processor to communicate the digital certificate to the
authentication server, the digital certificate comprising a public key in
an encrypted form, and code that directs the processor to communicate
network user authentication data and the identity code to the
authentication server via a security server, wherein the authentication
server activates the identity code when the digital signature is
verified, and wherein the codes reside on a tangible media.