Algorithm 2 TA registration protocol.

Alice obtains (${\mathrm{T}}_{\mathrm{A}}$.pbk, $\sigma )\leftarrow {\mathrm{T}}_{\mathrm{A}}$.Init() and sends [TARegister, ${\mathrm{SD}}_{\mathrm{A}}$.pbk, ${\mathrm{T}}_{\mathrm{A}}$.pbk, ${\mathrm{pbk}}_{\mathrm{A}}$, $\sigma$] to BS. Upon receiving [TARegister, ${\mathrm{SD}}_{\mathrm{A}}$.pbk, ${\mathrm{T}}_{\mathrm{A}}$.pbk, ${\mathrm{pbk}}_{\mathrm{A}}$,$\sigma$ ] from Alice, Bank server BS does the following steps: (a) Abort if any of the following conditions is true: (pbk${}_{\mathrm{A}},\perp )\notin$ BS.Registry. OEMVerify(${\mathrm{T}}_{\mathrm{A}}$.pbk, $\sigma$, ${\mathrm{SD}}_{\mathrm{A}}$.pbk) ≠ 1. (b) Create a certificate cert such that cert.pbk ← ${\mathrm{T}}_{\mathrm{A}}$.pbk; cert.sig ← Sign([${\mathrm{T}}_{\mathrm{A}}$.pbk, ‘T’], ${\mathrm{prk}}_{\mathrm{BS}}$). (c) Send [${\mathrm{T}}_{\mathrm{A}}$.cert] to Alice. (d) Replace (pbk${}_{\mathrm{A}},\perp )$ with (${\mathrm{pbk}}_{\mathrm{A}}$, cert.pbk) in S.Registry. Upon receiving [${\mathrm{T}}_{\mathrm{A}}$.cert] from BS, client A invokes TA.CertInit(${\mathrm{T}}_{\mathrm{A}}$.cert).