Trusted and unsupervised digital certificate generation using a security token
First Claim
1. A method for issuing a trustworthy digital certificate comprising the steps of:
- a. performing at least one security transaction between a security token and at least a registration authority which at least confirms that a pre-established critical security parameter is operatively stored within said security token, b. operatively storing a PKI key pair inside said security token, and c. responsively returning a public key associated with said PKI key pair from said security token to at least said registration authority.
4 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer program product for ensuring PKI key pairs are operatively installed within a secure domain of a security token prior to generating a digital certificate. The public key component of the PKI key pair is incorporated into a digital certificate which is returned to the security token for storage. The arrangement included herein incorporates the use of a critical security parameter to ensure a chain of trust with an issuing entity such as a registration authority. Furthermore, the arrangement does not require security officer or system administrator oversight during digital certificate generation as the critical security parameter provides a sufficient level of trust to ensure that digital certificate generation is being performed in conjunction with a designated security token rather than a rogue application. Lastly, separate inventive embodiments allow alternate communications and verification arrangements to be implemented.
-
Citations
33 Claims
-
1. A method for issuing a trustworthy digital certificate comprising the steps of:
-
a. performing at least one security transaction between a security token and at least a registration authority which at least confirms that a pre-established critical security parameter is operatively stored within said security token, b. operatively storing a PKI key pair inside said security token, and c. responsively returning a public key associated with said PKI key pair from said security token to at least said registration authority. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 33)
-
-
13. A method for issuing a trustworthy digital certificate comprising the steps of:
-
a. sending a first command from a registration authority to a security token which causes a PKI key pair to be operatively installed inside said security token, b. enciphering at least a second command using a critical security parameter associated with said security token by said registration authority forming a cryptogram, c. sending said cryptogram to said security token, d. deciphering said cryptogram using a pre-established critical security parameter operatively stored inside said security token, and e. returning to at least said registration authority at least one datagram derived from said cryptogram. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for issuing a trustworthy digital certificate comprising:
-
a security token functionally coupled to a computer system and in processing communications with at least a registration authority via said computer system wherein said security token is adapted to at least operatively store a PKI key pair and perform at least one security transaction which incorporates at least a pre-established critical security parameter;
a computer system adapted to at least receive input from an entity, initiate a digital certification generation process between said security token and said at least a registration authority and exchange communications between said security token and said least at least a registration authority; and
a registration authority adapted to at least cause said PKI key pair to be stored in said security token, cause said security token to perform said at least one security transaction and confirm that said pre-established critical security parameter is operatively stored within said security token. - View Dependent Claims (22, 23, 24)
-
-
25. A system for issuing a trustworthy digital certificate comprising:
-
a security token including;
a token processor, a token memory coupled to said token processor, a pre-established critical security parameter operatively stored in at least a portion of said token memory, and one or more token applications operatively stored in a second portion of said token memory having instructions executable by said token processor to at least;
operatively store a PKI key pair in a third portion of said token memory, and perform at least one security transaction which incorporates at least said pre-established critical security parameter. a local computer system including;
a computer processor, a computer memory coupled to said computer processor, a token interface coupled to said computer processor and operative to functionally couple said security token to said computer system, a computer communications interface coupled to said computer processor and operative to facilitate communications with at least a registration authority, and one or more computer applications operatively stored in a portion of said computer memory having instructions executable by said computer processor to at least;
initiate a digital certification generation process between said security token and said registration authority, exchange communications between said security token and at least a registration authority; and
a registration authority including;
an authority processor, a authority memory coupled to said authority processor, a data store coupled to said authority processor, said data store including at least one critical security parameter associated with said pre-established critical security parameter, an authority communications interface coupled to said authority processor and operative to facilitate communications with at least said computer system, and one or more authority applications operatively stored in a portion of said authority memory having instructions executable by said authority processor to at least;
cause said PKI key pair to be stored in said token memory, cause said security token to perform said at least one security transaction, and confirm that said pre-established critical security parameter is operatively stored within said security token. - View Dependent Claims (26, 27, 28)
-
-
29. A computer program product embodied in a tangible form readable by a first processing system having executable instructions stored thereon for causing said first processing system to;
-
perform at least one security transaction with a security token which at least confirms that a pre-established critical security parameter is operatively stored within said security token, cause a PKI key pair to be operatively stored in said security token, and cause said security token to responsively return a public key associated with said PKI key pair from said security token. - View Dependent Claims (30, 31, 32)
-
Specification