METHOD AND SYSTEM FOR PROVIDING UPDATED ENCRYPTION KEY PAIRS AND DIGITAL SIGNATURE KEY PAIRS IN A PUBLIC KEY SYSTEM

US 20030110376A1
Filed: 10/14/1997
Published: 06/12/2003
Est. Priority Date: 10/14/1997
Status: Active Grant

First Claim

Patent Images

1. A method for providing updated digital signature key pairs in a public key system comprising the steps of:

providing, through a multi-client manager unit, selectable expiry data including at least public key expiry data and selectable private key expiry data that is selectable on a per client basis;

storing selected public key expiry data and selected private key expiry data for association with a new digital signature key pair; and

associating the stored selected expiry data with the new digital signature key pair to facilitate a transition from an old digital signature key pair to a new digital signature key pair.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An adaptable cryptographic method and system provides updated digital signature key pairs in a public key system by providing, through a multi-client manager unit, selectable expiry data such as digital signature certificate lifetime data, public key expiry data and private key expiry data as selectable on a per client basis. The multi-client manager unit stores selected public key expiry data and private key expiry data for association with a new digital signature key pair and associates the stored selected expiry data with the new digital signature key pair to facilitate a transition from an old digital signature key pair to a new digital signature key pair.

105 Citations

26 Claims

1. A method for providing updated digital signature key pairs in a public key system comprising the steps of:
- providing, through a multi-client manager unit, selectable expiry data including at least public key expiry data and selectable private key expiry data that is selectable on a per client basis;
  
  storing selected public key expiry data and selected private key expiry data for association with a new digital signature key pair; and
  
  associating the stored selected expiry data with the new digital signature key pair to facilitate a transition from an old digital signature key pair to a new digital signature key pair.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the selectable expiry data is digital signature certificate lifetime data for variably setting a lifetime end date for a digital signature certificate associated with a given client.
  - 3. The method of claim 1 further including the step of providing variable update privilege control on a per client basis to facilitate denial of updating the digital signature key pair on a per client basis.
  - 4. The method of claim 1 further comprising the steps of:
    - determining whether a digital signature key pair update request has been received from a client unit;
      
      receiving a new digital signature key pair from the client unit in response to the digital signature key pair update request; and
      
      wherein the step of associating the stored selected expiry data includes creating a new digital signature certificate containing the selected public key expiry data selected for the client generating the digital signature key pair update request.
  - 5. The method of claim 1 further comprising the steps of:
    - determining a digital signature private key lifetime end date and a digital signature certificate creation date upon a user login to the public key system;
      
      initiating, by a client unit, a digital signature key pair update request based on whether a difference between a current date and the digital signature private key lifetime end date (t1) is less than an absolute predetermined period of time (days) and based on whether the difference between the current date and the digital signature private key lifetime end date (t1) is less than a predetermined percentage of a total duration of a digital signature private key lifetime.
  - 6. The method of claim 1 wherein the step of providing selectable expiry data on a per client basis includes providing a user interface to facilitate setting of the selectable expiry data to a desired state.
  - 7. The method of claim 1 including generating, by the multi-client manager unit, the new digital signature key pair for a client in response to the multi-client manager unit receiving a digital signature key pair update request.
  - 8. The method of claim 1 including storing a certificate expiration message in a client directory entry upon determination by the multi-client manager unit of a digital signature key expiry condition to facilitate a digital signature key pair update request by a client.

9. A method for providing updated encryption key pairs in a public key system comprising the steps of:
- providing, through a client manager unit, selectable expiry data including public key expiry data and selectable private key expiry data that is selectable on a per client basis;
  
  storing selected public key expiry data for association with a new encryption key pair; and
  
  associating the stored selected expiry data with the new encryption key pair to facilitate a transition from an old encryption key pair to a new encryption key pair.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9 wherein the step of providing selectable expiry data includes additionally providing updated digital signature key pairs, the step of storing includes storing a new digital signature key pair, and the step of associating also includes associating the stored selected expiry data to facilitate a transition from an old digital signature key pair to a new digital signature key pair.
  - 11. The method of claim 10 wherein the selectable expiry data is digital signature certificate lifetime data for variably setting a lifetime end date for a digital signature certificate associated with a given client and is encryption certificate lifetime data for variably setting a lifetime end date for an encryption certificate associated with the given client.
  - 12. The method of claim 11 further including the step of providing variable update privilege control on a per client basis to facilitate denial of updating the digital signature key pair and the encryption key pair.
  - 13. The method of claim 11 wherein the digital signature certificate includes selectable private key lifetime end data.

14. A system for providing updated digital signature key pairs in a public key system comprising:
- multi-client manager means for providing selectable expiry data including at least public key expiry data and selectable private key expiry data that is selectable on a per client basis;
  
  means, accessible by the multi-client manager means, for storing selected public key expiry data and selected private key expiry data for association with a new digital signature key pair; and
  
  means, responsive to the stored selected public key expiry data, for associating the stored selected expiry data with the new digital signature key pair to facilitate a transition from an old digital signature key pair to a new digital signature key pair.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 26)
- - 15. The system of claim 14 wherein the selectable expiry data is digital signature certificate lifetime data for variably setting a lifetime end date for a digital signature certificate associated with a given client.
  - 16. The system of claim 14 further including means for providing variable update privilege control on a per client basis to facilitate denial of updating the digital signature key pair on a per client basis.
  - 17. The system of claim 16 wherein the multi-client manager means includes the means for associating the stored selected expiry data with the new digital signature key pair and wherein the means for providing variable update privilege control.
  - 18. The system of claim 14 further comprising:
    - means for determining whether a digital signature key pair update request has been received from a client unit;
      
      means for receiving a new digital signature key pair from the client unit in response to the digital signature key pair update request; and
      
      wherein the means for associating the stored selected expiry data creates a new digital signature certificate containing the selected public key expiry data selected for the client generating the digital signature key pair update request.
  - 19. The system of claim 14 further comprising:
    - means for determining a digital signature private key lifetime end date and a digital signature certificate creation date upon a user login to the public key system;
      
      client means for initiating a digital signature key pair update request based on whether a difference between a current date and the digital signature private key lifetime end date (t1) is less than an absolute predetermined period of time (days) and based on whether the difference between the current date and the digital signature private key lifetime end date (t1) is less than a predetermined percentage of a total duration of a digital signature private key lifetime.
  - 20. The system of claim 14 wherein the means for providing selectable expiry data on a per client basis provides a user interface to facilitate setting of the selectable expiry data to a desired state.
  - 26. The storage medium of claim 19 wherein the stored program provides a user interface to facilitate setting of the selectable expiry data to a desired state.

21. A storage medium comprising:
- a stored program for execution by a processor wherein the program facilitates providing updated digital signature key pairs in a public key system by;
  
  allowing entry of selectable expiry data including at least public key expiry data and selectable private key expiry data that is selectable on a per client basis;
  
  storing selected public key expiry data and selected private key expiry data for association with a new digital signature key pair; and
  
  associating the stored selected expiry data with the new digital signature key pair to facilitate a transition from an old digital signature key pair to a new digital signature key pair.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The storage medium of claim 21 wherein the stored program allows selection of digital signature certificate lifetime data for variably setting a lifetime end date for a digital signature certificate associated with a given client.
  - 23. The storage medium of claim 21 therein the stored program further includes the facilitating variable update privilege control on a per client basis to facilitate denial of updating the digital signature key pair on a per client basis.
  - 24. The storage medium of claim 21 wherein the stored program further facilitates determining whether a digital signature key pair update request has been received from a client unit;
    - receiving a new digital signature key pair from the client unit in response to the digital signature key pair update request; and
      
      creating a new digital signature certificate containing the selected public key expiry data selected for the client generating the digital signature key pair update request.
  - 25. The storage medium of claim 21 wherein the stored program further facilitates the steps of:
    - determining a digital signature private key lifetime end date and a digital signature certificate creation date upon a user login to the public key system;
      
      initiating, by a client unit, a digital signature key pair update request based on whether a difference between a current date and the digital signature private key lifetime end date (t1) is less than an absolute predetermined period of time (days) and based on whether the difference between the current date and the digital signature private key lifetime end date (t1) is less than a predetermined percentage of a total duration of a digital signature private key lifetime.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Incorporated (Entrust Corp.), Entrust Technologies Limited
Original Assignee
Entrust Incorporated (Entrust Corp.)
Inventors
WIENER, MICHAEL J., OTWAY, JOSANNE M.

Granted Patent

US 6,978,017 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

H04L 9/0891 Revocation or update of sec...

H04L 9/0894 Escrow, recovery or storing...

METHOD AND SYSTEM FOR PROVIDING UPDATED ENCRYPTION KEY PAIRS AND DIGITAL SIGNATURE KEY PAIRS IN A PUBLIC KEY SYSTEM

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

105 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR PROVIDING UPDATED ENCRYPTION KEY PAIRS AND DIGITAL SIGNATURE KEY PAIRS IN A PUBLIC KEY SYSTEM

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links