Revocation and updating of tokens in a public key infrastructure system

US 20030115466A1
Filed: 12/19/2001
Published: 06/19/2003
Est. Priority Date: 12/19/2001
Status: Active Grant

First Claim

Patent Images

1. A token, comprising:

an identification number encoded on the token and a private key stored in the token; and

a plurality of certificates/private keys wrapped in a public key which may be activated by the private key on the token with the entry of a passphrase.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and computer program to revoke and update a token (130) having several encryption, signature and role certificates/private keys contained in the token (130). The certificates/private keys in the token 130 are transmitted wrapped by a public key and may only be activated by a private key contained in the token (130). The activation of any certificate/private key requires the entry of a passphrase by a user (132). Further, all certificates/private keys contained in a token (130) are stored in an authoritative database 104. In the event that a token (130) is lost then all certificates/private keys associated with the token (130) are revoked. Further, when new certificates/private keys are issued to a user (132) these certificates/private keys are encrypted using the token'"'"'s (130) public key and downloaded to the token (130).

Citations

22 Claims

1. A token, comprising:
- an identification number encoded on the token and a private key stored in the token; and
  
  a plurality of certificates/private keys wrapped in a public key which may be activated by the private key on the token with the entry of a passphrase.
- View Dependent Claims (2, 3, 4)
- - 2. The token recited in claim 1, wherein the plurality of certificates/private keys are at least one signature certificate/private key, encryption certificate/private key, and role certificate/private key.
  - 3. The token recited in claim 2, wherein the wrapping of the certificates/private keys with the token public key encrypts the certificates/private keys.
  - 4. The token recited in claim 3, wherein the token is a smart card.

5. A method of revoking a token, comprising:
- accessing a database having a plurality of records accessible by user identification and token identification, wherein said database has a plurality certificates/private keys associated with each token identification;
  
  revoking each certificate/private key associated with a selected token identification for a given token.
- View Dependent Claims (6, 7, 8)
- - 6. The method recited in claim 5, wherein the plurality of certificates/private keys are at least one signature certificate/private key, encryption certificate/private key, and role certificate/private key
  - 7. The method recited in claim 6, wherein the token is a smart card.
  - 8. The method recited in claim 7, wherein the token identification is assigned by the token manufacturer at the time the token is created and stored in the database when assigned to a user.

9. A method of updating a token, comprising:
- accessing a database by user identification and token identification, wherein the database has a plurality of certificates/private keys associated with each token identification;
  
  determining which certificates/private keys of the plurality of certificates/private keys have not been downloaded to the token since the last update;
  
  encrypting all certificates/private keys of the plurality of certificates/private keys which have been not been downloaded to the token using a public key associated with the token identification in the database to form a download packet;
  
  downloading the download packet to the token; and
  
  activating the certificates/private keys in the download packet using the private key in the token.
- View Dependent Claims (10, 11, 12, 13)
- - 10. A method as recited in claim 9, further comprising:
    - accessing the database by token identification to identify certificates/private keys which are expired or no longer valid; and
      
      deleting the certificates/private keys identified which are expired or no longer valid form the token.
  - 11. The method recited in claim 10, further comprising:
    - transmitting a message to the user indicating no new certificates/private keys were found in the database when determined that all certificates/private keys of the plurality of certificates/private keys have been downloaded to the token since the last update from the database.
  - 12. The method recited in claim 11, wherein the plurality of certificates/private keys are at least one signature certificate/private key, encryption certificate/private key, and role certificate/private key
  - 13. The method recited in claim 12, wherein the token is a smart card.

14. A computer program embodied on a computer readable medium and executable by a computer for revoking a token, comprising:
- accessing a database having a plurality of records accessible by user identification and token identification, wherein said database has a plurality certificates/private keys associated with each token identification;
  
  revoking each certificate/private key associated with a selected token identification for a given token.

15. The computer program recited in claim 15, wherein the plurality of certificates/private keys are at least one signature certificate/private key, encryption certificate/private key, and role certificate/private key
- View Dependent Claims (16, 17)
- - 16. The computer program recited in claim 15, wherein the token is a smart card.
  - 17. The computer program recited in claim 16, wherein the token identification is assigned by the token manufacturer at the time the token is created and stored in the database when assigned to a user.

18. A computer program for updating a token embodied on a computer readable medium and executable by a computer, comprising:
- accessing a database by user identification and token identification, wherein the database has a plurality of certificates/private keys associated with each token identification;
  
  determining which certificates/private keys of the plurality of certificates/private keys have not been downloaded to the token since the last update;
  
  encrypting all certificates/private keys of the plurality of certificates/private keys which have been not been downloaded to the token using a public key associated with the token identification in the database to form a download packet;
  
  downloading the download packet to the token; and
  
  activating the certificates/private keys using the private key in the token.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The computer program as recited in claim 18, further comprising:
    - accessing the database by token identification to identify certificates/private keys which are expired or no longer valid; and
      
      deleting the certificates/private keys identified which are expired or no longer valid from the token.
  - 20. The computer program recited in claim 19, further comprising:
    - transmitting a message to the user indicating no new certificates/private keys were found in the database when determined that all certificates/private keys of the plurality of certificates/private keys have been downloaded to the token since the last update from the database.
  - 21. The computer program recited in claim 20, wherein the plurality of certificates/private keys are at least one signature certificate/private key, encryption certificate/private key, and role certificate/private key
  - 22. The computer program recited in claim 21, wherein the token is a smart card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Northrop Grumman Systems Corporation (Northrop Grumman Corporation)
Original Assignee
Northrop Grumman Corporation
Inventors
Aull, Kenneth W., Bellmore, Mark A., Kerr, Thomas C., Freeman, William E.

Granted Patent

US 7,206,936 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/172
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3576   Multiple memory zones on card

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 9/006   involving public key infras...

H04L 9/0897   involving additional device...

H04L 9/3234   involving additional secure...

H04L 9/3268   using certificate validatio...

Revocation and updating of tokens in a public key infrastructure system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Revocation and updating of tokens in a public key infrastructure system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links