Hi, I'm doing some research in using something like a smartcard to do client-side decryption of sensitive data that is included on a web page (e.g. credit card numbers).
I was thinking something like this:
- Sensitive data submitted to a web site (via SSL) is immediately encrypted using a public key and stored.
- Data can later be fetched and sent to the client browser computer in encrypted form
- The client computer (currently a Mac running a web browser like IE in my case) uses something like a Java applet, or plug-in or something to decrypt. Decryption is done by/using a smartcard which is plugged into the client computer. If the smartcard isn't present, then data can not be decrypted.
I'm thinking this is a pretty simple and common arrangement, but am a little lost in the specs, product offerings, and discussions. I'm wondering if you folks might have some suggestions and perhaps a recommendation on the complete solution? I understand the basics of public/private key encryption, and can encrypt and store data using a provided public key, but I'm blurry on the decrypting on the client-side [browser] using something like a smartcard.
Thanks!
Phil
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
