Assignment of user certificates/private keys in token enabled public key infrastructure system

US 20030115468A1
Filed: 12/19/2001
Published: 06/19/2003
Est. Priority Date: 12/19/2001
Status: Active Grant

First Claim

Patent Images

1. A method for assigning certificates/private keys to a token, comprising:

accessing the token through a token reader connected to a computer system by a certificate/private key authority;

reading a token ID and a user signature certificate from the token;

searching for a match for the token ID and the signature certificate in an authoritative database;

creating a certificate, wherein the certificate is wrapped with a public key associated with the token ID and digitally signing the certificate/private key using a signature certificate of the certificate authority;

downloading the certificate/private key to the token; and

decrypting the certificate/private key using a private key stored in the token.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and computer program to assign certificates/private keys to a token (130). This method and computer program allows a user (132) to access a certificate authority (110) and have certificates/private keys that are used for signature, encryption and role purposes generated and downloaded to the token (130). The use of secure communication lines and computers is not necessary since the token (132) contains a unique token ID and private key, while the certificate authority (110) contains the associated public key for the token (130). The certificate generated is wrapped in the public key and only the token (130), having the associated private key, may activate the certificate.

120 Citations

16 Claims

1. A method for assigning certificates/private keys to a token, comprising:
- accessing the token through a token reader connected to a computer system by a certificate/private key authority;
  
  reading a token ID and a user signature certificate from the token;
  
  searching for a match for the token ID and the signature certificate in an authoritative database;
  
  creating a certificate, wherein the certificate is wrapped with a public key associated with the token ID and digitally signing the certificate/private key using a signature certificate of the certificate authority;
  
  downloading the certificate/private key to the token; and
  
  decrypting the certificate/private key using a private key stored in the token.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method recited in claim 1, wherein the certificate/private key is a plurality of certificates/private keys that at least one certificate/private key is a signature certificate for the user, encryption certificate/private key for the user, and role certificate/private key for the user.
  - 3. The method recited in claim 2, wherein the wrapping of the certificate with the public key of the token encrypts the certificate.
  - 4. The method recited in claim 3, wherein the token is a smart card.
  - 5. The method recited in claim 4, wherein the token ID is assigned by a token manufacturer at the time the token is created and stored in the authoritative database when assigned to a user.
  - 6. The method recited in claim 5, wherein downloading the certificate/private key to the token is done through an unsecured communications line.
  - 7. The method recited in claim 6, wherein decrypting the certificate/private key using a private key stored in the token requires the entry of a passphrase by a user.

9. A computer program embodied on a computer readable medium and executable by a computer for assigning certificates/private keys to a token, comprising:
- accessing the token through a token reader connected to a computer system by a certificate authority;
  
  reading a token ID and a user signature certificate from the token;
  
  searching for a match for the token ID and the signature certificate in an authoritative database;
  
  creating a certificate, wherein the certificate is wrapped with a public key associated with the token ID and digitally signing the certificate/private key using a signature certificate of the certificate authority;
  
  downloading the certificate/private key to the token; and
  
  decrypting the certificate/private key using a private key stored in the token.
- View Dependent Claims (8, 10, 11, 12, 13, 14, 15, 16)
- - 8. The method recited in claim 11, further comprising:
    - authenticating, by the signing of the certificate/private key using a signature certificate of the certificate authority, that the certificate/private key was issued by the certificate authority.
  - 10. The computer program recited in claim 9, wherein the certificate/private key is a plurality of certificates/private keys that at least one certificate/private key is a signature certificate for the user, encryption certificate/private key for the user, and role certificate/private key for the user.
  - 11. The computer program recited in claim 10, wherein the wrapping of the certificate with the public key of the token encrypts the certificate/private key.
  - 12. The computer program recited in claim 11, wherein the token is a smart card.
  - 13. The computer program recited in claim 12, wherein the token ID is assigned by a token manufacturer at the time the token is created and stored in the authoritative database when assigned to a user.
  - 14. The computer program recited in claim 13, wherein downloading the certificate/private key to the token is done through an unsecured communications line.
  - 15. The computer program recited in claim 14, wherein the decrypting the certificate/private key using a private key stored in the token requires the entry of a passphrase by a user.
  - 16. The computer program recited in claim 15, further comprising:
    - authenticating by the signing the certificate/private key using a signature certificate of the certificate authority that the certificate/private key was issued by the certificate authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Northrop Grumman Systems Corporation (Northrop Grumman Corporation)
Original Assignee
Northrop Grumman Corporation
Inventors
Aull, Kenneth W., Bellmore, Mark A., Kerr, Thomas C., Freeman, William E.

Granted Patent

US 7,475,250 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

G06F 21/33   using certificates

H04L 63/04   for providing a confidentia...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0897   involving additional device...

Assignment of user certificates/private keys in token enabled public key infrastructure system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

120 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Assignment of user certificates/private keys in token enabled public key infrastructure system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links