Double authentication system for electronically signed documents
First Claim
Patent Images
1. A double authentication system (“
- DAS”
) for electronically signing a first data from a user, wherein the user has a smart card having a personal identification number (“
PIN”
), the DAS comprising;
a client module, wherein the client module is software located within a computer and the client module is in signal communication with the smart card;
a server having a high assurance signing service (“
HASS”
) module, whereinthe computer is remote from the server,the HASS module is remote from and in signal communication with the client module, andthe HASS module is software that is capable of executing a plurality of instructions,whereby the server is capable of receiving the first data from the user via the client module, and, in response, query the user for a confirmation that the first data is to be electronically signed; and
a hardware security module (“
HSM”
), whereinthe HSM is remote from the computer,the HSM is in signal communication with the HASS module, has a private key, is configured toreceive a HSM package from the HASS module,in response, produce a HSM encrypted hash value with the private key of the HSM, andtransmit the HSM encrypted hash value to the HASS module,wherein the HASS module is further configured toproduce the HSM package from at least the first data,produce a HSM signed package that includes the HSM package combined with the HSM encrypted hash value, andtransmit the HSM signed package to the client module,wherein the client module is configured toquery the user for the PIN of the smart card,in response, transmit the HSM signed package to the smart card for production of a smart card (“
SC”
) encrypted hash value,receive the SC encrypted hash value, andtransmit the SC encrypted hash value to the HASS module, andwherein the HASS module is configured toreceive the SC encrypted hash value and,in response, produce a high assurance signed package (“
HAS package”
) that is passed to the user by way of the client module.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a double authentication system (“DAS”) for electronically signing a first data from a user having a smart card, where the smart card has a personal identification number (“PIN”). As an example, the DAS may include a client module, high assurance signing service (“HASS”) module, and hardware security module (“HSM”).
-
Citations
18 Claims
-
1. A double authentication system (“
- DAS”
) for electronically signing a first data from a user, wherein the user has a smart card having a personal identification number (“
PIN”
), the DAS comprising;a client module, wherein the client module is software located within a computer and the client module is in signal communication with the smart card; a server having a high assurance signing service (“
HASS”
) module, whereinthe computer is remote from the server, the HASS module is remote from and in signal communication with the client module, and the HASS module is software that is capable of executing a plurality of instructions, whereby the server is capable of receiving the first data from the user via the client module, and, in response, query the user for a confirmation that the first data is to be electronically signed; and a hardware security module (“
HSM”
), whereinthe HSM is remote from the computer, the HSM is in signal communication with the HASS module, has a private key, is configured to receive a HSM package from the HASS module, in response, produce a HSM encrypted hash value with the private key of the HSM, and transmit the HSM encrypted hash value to the HASS module, wherein the HASS module is further configured to produce the HSM package from at least the first data, produce a HSM signed package that includes the HSM package combined with the HSM encrypted hash value, and transmit the HSM signed package to the client module, wherein the client module is configured to query the user for the PIN of the smart card, in response, transmit the HSM signed package to the smart card for production of a smart card (“
SC”
) encrypted hash value,receive the SC encrypted hash value, and transmit the SC encrypted hash value to the HASS module, and wherein the HASS module is configured to receive the SC encrypted hash value and, in response, produce a high assurance signed package (“
HAS package”
) that is passed to the user by way of the client module. - View Dependent Claims (2, 3, 4, 5, 6, 7)
- DAS”
-
8. A method of electronically signing a first data from a user with a double authentication system (“
- DAS”
), wherein the user has a smart card having a personal identification number (“
PIN”
), the method comprising;receiving the first data from the user at a high assurance signing service (“
HASS”
) module of the DAS, wherein the HASS module is located at a server and the first data originates at a client module located within a computer remote from the HASS module;querying the user for a confirmation that the first data is to be electronically signed; generating a hardware security module (“
HSM”
) package for transmission to a HSM;generating a HSM encrypted hash value from the HSM package with a private key of the HSM; generating a HSM signed package, wherein the HSM signed package includes the HSM package and the HSM encrypted hash value; querying the user for the PIN of the smart card; receiving a smart card (“
SC”
) encrypted hash value corresponding to the HSM signed package;producing a high assurance signed package (“
HAS package”
) from the HSM signed package and SC encrypted hash value; andpassing the HAS package to the user by way of the client module, wherein querying the user for a confirmation that the first data is to be electronically signed includes generating a first query for the user at the client module, wherein querying the user for the PIN of the smart card includes generating a second query for the user for the PIN at the client module, and wherein generating a HSM encrypted hash value from the HSM package with a private key of the HSM includes generating the HSM encrypted hash value at the HSM and passing the HSM encrypted hash value to the HASS module. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- DAS”
-
17. A non-transitory computer readable medium containing machine readable instructions, that when executed perform a method of electronically signing a first data from a user with a double authentication system (“
- DAS”
), wherein the user has a smart card having a personal identification number (“
PIN”
), comprising the steps of;receiving the first data from the user at a high assurance signing service (“
HASS”
) module of the DAS, wherein the HASS module is located at a server and the first data originates at a client module within a computer that is remote from the server;querying the user for a confirmation that the first data is to be electronically signed; generating a hardware security module (“
HSM”
) package for transmission to a HSM;generating a HSM encrypted hash value from the HSM package with a private key of the HSM; generating a HSM signed package, wherein the HSM signed package includes the HSM package and the HSM encrypted hash value; querying the user for the PIN of the smart card; passing the HSM signed package to the smart card, wherein the smart card produces a smart card (“
SC”
) encrypted hash value corresponding to the HSM signed package;receiving the smart card SC encrypted hash value; and producing a high assurance signed package (“
HAS package”
) from the HSM signed package and SC encrypted hash value, wherein the HAS package includes the HSM signed package and SC encrypted hash value,wherein querying the user for a confirmation that the first data is to be electronically signed includes generating a first query for the user at the client module, wherein querying the user for the PIN of the smart card includes generating a second query for the user for the PIN at the client module, and wherein generating a HSM encrypted hash value from the HSM package with a private key of the HSM includes generating the HSM encrypted hash value at the HSM and passing the HSM encrypted hash value to the HASS module. - View Dependent Claims (18)
- DAS”
Specification