Method and apparatus for centralized processing of hardware tokens for PKI solutions

US 20030115455A1
Filed: 12/19/2001
Published: 06/19/2003
Est. Priority Date: 12/19/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for centralized processing of hardware tokens for PKI solutions comprising:

receiving a commercially available token at a secure processing facility;

installing an operating system on the token;

creating a unique key encipherment certificate that comprises a public key for the token;

writing the unique key encipherment certificate onto the token;

writing a Root Certificate Authority certificate onto the token;

writing a unique private key onto the token, the unique private key being the matching key for the unique key encipherment certificate; and

loading a software package onto the token, the software package capable of cryptologically validating future keys and certificates, decrypting the keys and certificates, and installing the keys and certificates in the token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and apparatus for centralized processing of hardware tokens for a public key infrastructure (PKI). A commercially available token is received at a secure processing facility. An operating system is installed on the token. A unique key encipherment certificate is created that includes a public key for the token. The unique key encipherment certificate is written onto the token. A Root Certificate Authority certificate is also written onto the token. A unique private key is written onto the token where the unique private key is the matching key for the unique key encipherment certificate. A software package is loaded onto the token. The software package is capable of cryptologically validating future keys and certificates, decrypting the keys and certificates, and installing the keys and certificates in the token.

56 Citations

View as Search Results

24 Claims

1. A method for centralized processing of hardware tokens for PKI solutions comprising:
- receiving a commercially available token at a secure processing facility;
  
  installing an operating system on the token;
  
  creating a unique key encipherment certificate that comprises a public key for the token;
  
  writing the unique key encipherment certificate onto the token;
  
  writing a Root Certificate Authority certificate onto the token;
  
  writing a unique private key onto the token, the unique private key being the matching key for the unique key encipherment certificate; and
  
  loading a software package onto the token, the software package capable of cryptologically validating future keys and certificates, decrypting the keys and certificates, and installing the keys and certificates in the token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method according to claim 1, further comprising wiping the contents of the token after the receiving.
  - 3. The method according to claim 1, further comprising validating the operating system before the installing.
  - 4. The method according to claim 1, further comprising writing the unique key encipherment certificate to a Read Only Memory (ROM) on the token.
  - 5. The method according to claim 1, further comprising:
    - receiving the commercially available token at a workstation;
      
      installing the token in the workstation; and
      
      performing the installing, first second and third writing, and the loading remotely from the secure processing facility to the token at the workstation.
  - 6. The method according to claim 1, further comprising performing the installing, first second and third writing, and the loading using a DataCard 9000 machine.
  - 7. The method according to claim 1, further performing maintaining a copy of the public key for the token at the secure processing facility.
  - 8. The method according to claim 1, further comprising maintaining a copy of the public key of the token at the secure processing facility.
  - 9. The method according to claim 1, further comprising sending at least one of a new key and a new certificate to the token remotely by the secure processing facility using a secure communication between the secure processing facility and the token, the token being attached to a remote processing device.
  - 10. The method according to claim 9, further comprising encrypting the at least one of the new key and the new certificate using the public key of the token.
  - 11. The method according to claim 10, further comprising validating that the at least one of the new key and the new certificate was sent from the secure processing facility using the Root Certificate Authority certificate on the token.
  - 12. The method according to claim 1, further comprising receiving a request for the token from a user before the installing.
  - 13. The method according to claim 12, wherein the unique key encipherment certificate comprises an identification of the user.
  - 14. The method according to claim 13, further comprising storing a mapping of the user identification, the unique key encipherment certificate, and a serial number of the token in a database at the secure processing facility.

15. A system for centralized processing of hardware tokens for PKI solutions comprising:
- a token;
  
  a token initialization machine, the token being connectable to the token initialization machine;
  
  a secure processing facility; and
  
  a Root Certificate Authority, the Root Certificate Authority signing certificates of the secure processing facility, the secure processing facility receiving the token and using the token initialization machine to install an operating system on the token, write a unique key encipherment certificate onto the token, write a certificate of the Root Certificate Authority onto the token, write a unique private key onto the token, and load a software package onto the token where the software package is capable of cryptologically validating future keys and certificates, decrypting the keys and certificates, and installing the keys and certificates in the token.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The system according to claim 15, further comprising a crypto accelerator, the crypto accelerator being used by the secure processing facility to create the unique key encipherment certificate and the unique private key, the unique key encipherment certificate comprising a public key for the token.
  - 17. The system according to claim 15, wherein the token comprises a smartcard.
  - 18. The system according to claim 15, wherein the token initialization machine comprises a DataCard 9000 machine.
  - 19. The system according to claim 15, wherein the secure processing center comprises a Certificate Authority.
  - 20. The system according to claim 15, further comprising wherein the identifiers comprise at least one of a Meta tag, label, tag, and a command.
  - 21. The system according to claim 15, wherein the token comprises a commercially available token.
  - 22. The system according to claim 15, wherein the secure processing facility includes:
    - a database, the database storing a mapping of a user identification, the unique key encipherment certificate, and a serial number of the token; and
      
      a storage device, the storage device storing all public keys on the token.

23. An apparatus comprising a storage medium containing instructions stored therein, the instructions when executed causing a computing device to perform:
- receiving a commercially available token;
  
  installing an operating system on the token;
  
  writing the unique key encipherment certificate onto the token;
  
  writing a Root Certificate Authority certificate onto the token;
  
  writing a unique private key onto the token, the unique private key being the matching key for the unique key encipherment certificate; and
  
  loading a software package onto the token, the software package capable of cryptologically validating future keys and certificates, decrypting the keys and certificates, and installing the keys and certificates in the token.
- View Dependent Claims (24)
- - 24. The apparatus according to claim 23, the computing device further performing creating a unique key encipherment certificate that comprises a public key for the token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Northrop Grumman Corporation
Original Assignee
Northrop Grumman Corporation
Inventors
Aull, Kenneth W., Bellmore, Mark A., Kerr, Thomas C., Freeman, William E.

Application Number

US10/027,563
Publication Number

US 20030115455A1
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06Q 20/38215   Use of certificates or encr...

H04L 2463/102   applying security measure f...

H04L 63/0853   using an additional device,...

H04L 9/006   involving public key infras...

H04L 9/0897   involving additional device...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

Method and apparatus for centralized processing of hardware tokens for PKI solutions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for centralized processing of hardware tokens for PKI solutions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links