receiving from the attester computer an attestation value, the attestation value being derived from a security module public key and an identifying value;

deriving under use of the security module a user attestation-signature value from the attestation value;

receiving from the security module a module-generated-identifier value, and deriving the encryption and encryption random values from the module-generated-identifier value under the use of a trusted-entity public key;

computing an encryption by the user computer under use of the trusted-entity public key and the module-generated-identifier value, the module-generated-identifier value relating to the identifying value; and

providing the user attestation-signature value and the encryption to the verification computer for verification;

receiving from the security module a second module-generated-identifier value; and

deriving an encryption proof value and an encryption proof random values from the second module-generated-identifier value under the use of the trusted-entity public key;

deriving an intermediary user-attestation signature value from the encryption and the encryption proof value under use of a hash function;

providing the intermediate user attestation-signature value to the security module;

receiving from the security module a first part of the user attestation-signature value; and

calculating by the user computer further parts of the user attestation-signature value by using the received first part of the user attestation-signature value, the encryption random values, the encryption proof random values, an attester public key, and the trusted-entity public key;

wherein the trusted entity having a trusted entity secret key derives the module-generated-identifier value from the encryption, the module-generated-identifier value being usable to identify the user computer with the security module.