Abstract: A method and computer program product for accessing a secure resource using a certificate bound with authentication information. In one implementation, the method includes receiving a certificate request from a user, the certificate request including identification information and authentication information associated with the user; verifying the identification information; issuing a certificate to the user when the identification information is verified; and sending the authentication information and a certificate identifier for the certificate to an authentication server. According to one aspect, the sending step includes signing a combination of the authentication information and the certificate identifier to form a unique user identifier; signing the authentication information; and sending the unique user identifier to the authentication server.

Abstract: Techniques for providing secure transactions can include receiving a request for access to a first server by a user. The request includes the user's credentials such as biometric information, an electronic certificate, or other information. The user is authenticated based on the credentials, and a token is sent to the first server. The token indicates whether the user has been authenticated and includes criteria about the user. Based on the criteria in the token, the first server can determine whether the user is authorized to perform a particular transaction in connection with a specified file or application at the first server. The user can be re-authenticated prior to allowing the transaction to be completed. Each time the user is authenticated, a time-stamped record can be stored. Encryption can be used to enhance security.