Revocation and updating of tokens in a public key infrastructure system
First Claim
1. A token, comprising:
- an identification number encoded on the token and a private key stored in the token; and
a plurality of certificates/private keys wrapped in a public key which may be activated by the private key on the token with the entry of a passphrase.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and computer program to revoke and update a token (130) having several encryption, signature and role certificates/private keys contained in the token (130). The certificates/private keys in the token 130 are transmitted wrapped by a public key and may only be activated by a private key contained in the token (130). The activation of any certificate/private key requires the entry of a passphrase by a user (132). Further, all certificates/private keys contained in a token (130) are stored in an authoritative database 104. In the event that a token (130) is lost then all certificates/private keys associated with the token (130) are revoked. Further, when new certificates/private keys are issued to a user (132) these certificates/private keys are encrypted using the token'"'"'s (130) public key and downloaded to the token (130).
-
Citations
22 Claims
-
1. A token, comprising:
-
an identification number encoded on the token and a private key stored in the token; and
a plurality of certificates/private keys wrapped in a public key which may be activated by the private key on the token with the entry of a passphrase. - View Dependent Claims (2, 3, 4)
-
-
5. A method of revoking a token, comprising:
-
accessing a database having a plurality of records accessible by user identification and token identification, wherein said database has a plurality certificates/private keys associated with each token identification;
revoking each certificate/private key associated with a selected token identification for a given token. - View Dependent Claims (6, 7, 8)
-
-
9. A method of updating a token, comprising:
-
accessing a database by user identification and token identification, wherein the database has a plurality of certificates/private keys associated with each token identification;
determining which certificates/private keys of the plurality of certificates/private keys have not been downloaded to the token since the last update;
encrypting all certificates/private keys of the plurality of certificates/private keys which have been not been downloaded to the token using a public key associated with the token identification in the database to form a download packet;
downloading the download packet to the token; and
activating the certificates/private keys in the download packet using the private key in the token. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer program embodied on a computer readable medium and executable by a computer for revoking a token, comprising:
-
accessing a database having a plurality of records accessible by user identification and token identification, wherein said database has a plurality certificates/private keys associated with each token identification;
revoking each certificate/private key associated with a selected token identification for a given token.
-
- 15. The computer program recited in claim 15, wherein the plurality of certificates/private keys are at least one signature certificate/private key, encryption certificate/private key, and role certificate/private key
-
18. A computer program for updating a token embodied on a computer readable medium and executable by a computer, comprising:
-
accessing a database by user identification and token identification, wherein the database has a plurality of certificates/private keys associated with each token identification;
determining which certificates/private keys of the plurality of certificates/private keys have not been downloaded to the token since the last update;
encrypting all certificates/private keys of the plurality of certificates/private keys which have been not been downloaded to the token using a public key associated with the token identification in the database to form a download packet;
downloading the download packet to the token; and
activating the certificates/private keys using the private key in the token. - View Dependent Claims (19, 20, 21, 22)
-
Specification