A system and method of authenticating users and data. One embodiment of the invention includes a smart card that digitally signs a message in response to authenticating biometric information that is provided by a user. The smart card may include a random number generator and an encryption module. In an enrollment mode, the biometric data analyzer receives biometric data from a user and triggers the random number generator to create a public key and a private key. The private key is stored in a tamper-resistant component on the smart card. The public key is transmitted to an external device, such as a computer, via a card reader interface. During a signing mode, the smart card digitally signs incoming messages subsequent to verifying the biometric information that is provided by the user.