The OTPK module 40 is essential to the present embodiment. It may be considered to be a software module implemented on the signing entity 20. The OTPK module 40 may be dynamically downloaded for use or implemented as a pre-installed client plug-in. The OTPK module 40 may perform its role without significant intervention from a user when operating as the signing entity 20. The OTPK module 40 may be implemented as a PKCS#11 or CAPI DLL or a Java Applet or ActiveX plugin embedded within the Internet Web Browser. It may be automatically executed when performing secure transactions requiring digital signatures. The OTPK module 40 serves to independently and without additional instruction from a user carry out the steps of generating the asymmetric key pairs comprising the public key and the private key. The OTPK module 40 then contacts the authentication and certification server 50 for authenticating the identity of the signing entity 20. At this point, the user of the signing entity 20 may be prompted for a password or the password may have been entered earlier as part of a 2-factor authentication to the authentication and certification server 50. The private key is then automatically used to generate a digital signature for the signing entity 20. At this point onwards, the private key is then irretrievably deleted such that it cannot be re-used or copied for future use.