System and Method to Enable Pki- and Pmi- Based Distributed Locking of Content and Distributed Unlocking of Protected Content And/Or Scoring of Users And/Or Scoring of End-Entity Access Means - Added

1. A system of establishing and authenticating a persistent and revocable secure line of communication comprising: a plurality of client devices, each of the plurality of client devices including a client app that includes a local key store module (LKSM) and a digital identity token; and a trusted third party server including a user facing domain and a key escrow domain; wherein the user facing domain securely relates to the plurality of client devices via the client app and includes a login interface, a hardware security module (HSM), or a lightweight directory access protocol application (LDAP); wherein the key escrow domain authenticates secure lines of communication among the plurality of client devices and includes registration authority, certificate authority, or attribute authority; wherein the trusted third party server is configured to execute an invitation protocol including: authenticating a first client device and a second client device; conveying an invitation from the first client device to the second device to establish a communication line between the first client device and the second client device; providing downloaded software to the second client device; triggering a series of authentication steps to be performed by the second device to ensure the downloaded software is correctly provisioned; receiving a response to the invitation from the second device at the first device; storing a created public key corresponding to the established communication line; storing only a portion of a created private key corresponding to the established communication line; wherein the first client device or the second client device is configured to reconstruct a complete version of the created private key with information retrieved from the trusted third party server after authenticating the trusted third party server; and wherein the invitation includes a client app with a digital identity token, email address, designated attributes, authentication question, answer to authentication question, or a cryptographic digital signature.

2. A non-transitory computer-readable storage medium encoded with instructions that, when executed by a processing device, establish a machine performing a computer-implemented method of establishing and authenticating a persistent and revocable secure line of communication comprising: authenticating a first client device and a second client device using a trusted third party server; enabling the first client device to invite a second client device to establish a communication line with the first client device; enabling the second client device to download software in response to the invitation; providing an authenticated public encryption key of the first client device to the second client device; creating a local key storage module (LKSM) at the first client device and the second client device; performing a series of authentication steps in a predetermined manner on the second client device to ensure to the first client device by the trusted third party server that the downloaded software was correctly provisioned; creating a public key/private key pair corresponding to the communication line between the first client device and the second client device; storing the created public key at the trusted third party server; splitting and storing the created private key such that neither the first client device nor the second client device nor the trusted third party server store a complete copy of the created private key; storing portions of the created private key in the LKSM of the first client device or the second client device; and enabling the first client device or the second client device to reconstruct the created private key by retrieving portions when the first client device or the second client device authenticate with the trusted third party server; wherein the first client device or the second client device includes a corresponding client app; wherein the corresponding client app includes the LKSM and a digital identity token; wherein the trusted third party server includes a user facing domain or a key escrow domain; wherein the user facing domain securely relates to the plurality of client devices via the client app and includes a login interface, a hardware security module (HSM), or a lightweight directory access protocol application (LDAP); and wherein the key escrow domain authenticates secure lines of communication among the plurality of client devices and includes registration authority, certificate authority, or attribute authority.