| 主权项 |
1. A method for facilitating secured data processing, the method comprising the steps of:
receiving, from the client, a request to add a digital signature to a document to send to another client; enrolling the client with a secured entity; wherein the secured entity comprises a tamper evident enclosure, wherein the tamper evident enclosure encapsulates all hardware components of the secure entity and a keyboard connected intelligent smartcard reader; wherein the secured entity is coupled to multiple client components; determining a need to generate a private and public key for a client, in response to the enrollment of the client; wherein the step of determining comprises accessing an entity other than the secured entity; generating, for each client out of at least two clients, a private key and a public key thereby providing private keys and public keys; storing at least the private keys at the secured entity; whereas the secured entity is operable to utilize at least one of the private keys to perform public key infrastructure (PKI) processing without retrieving the private key from the secured entity by any entity outside the enclosure; generating a digital signature; processing, in response to at least one of the private keys, data that is sent from the client of the at least two clients to another client of the at least two clients;
generating, by the client, a first document fingerprint (DFP) of a document to the highly secured entity;transmitting, by the client, the first DFP and the document to the secured entity;receiving, by the secured entity, the first DFP and generating a second DFP by applying a PKI algorithm on the first DFP; receiving by the secured entity, from the client, a first document fingerprint (DFP) of a document and the document; generating, by the secured entity, a second DFP by applying a PKI algorithm on the first DFP; transmitting, by the secured entity, the digital signature, the document and the second DFP the another client; generating, by the another client, a third DFP by processing the document and applying the PKI on the second DFP with the public key of the client, to provide a fourth DFP; comparing the third DFP and the fourth DFP and determine if they are equal; when the third DFP and the fourth DFP are equal, then it is verified that the received digital signature was the digital signature of client; requesting, by the another client, to encrypt another document with a key and to send the encrypted document to the client; wherein the another client applies the PKI algorithm on the key with the client's public key; sending, by the another client, the encrypted document and the encrypted key; receiving, by the client, the encrypted document and the encrypted key; establishing, by the client, a secured session with the secured entity; sending by the client, the encrypted key to the secured entity; receiving, by the secured entity, the encrypted key and applying a PKI algorithm on the encrypted key, using the client's private key and transmitting the public key to the client; receiving, by the client, the public key and decrypting the encrypted document. |
