The private and public keys of users, as encrypted with a symmetric algorithm
by using individual user identifying keys are stored at a network server, indexed
or addressable by user ID, and are sent to the user equipment only when needed.
The user identifying keys are determined by hashing the users' respective passphrases
or biometric information. After use, the private key and user identifying key are
not retained at the user equipment. The encrypted private key is transmitted via
the network to the user equipment along with a document to be approved by the user
(in the case where the private key is used for digital signature) and, at the user
equipment, the received encrypted private key is decrypted using a key determined
at the user equipment by hashing either the user's passphrase, which is entered
by the user, or the user's biometric information which is obtained by measurement
or scanning the user. The received document is modified or merely reviewed, and
a digital signature signifying the user's approval, is formed as a hash of the
approved document encrypted using the user's private key. The digital signature
and document are transmitted to the server, where verification takes place.
