Profile framework for token processing system
First Claim
1. A method of generating credentials for a token, the method comprising:
- detecting the token and the server determining that the token is to be enrolled;
selecting a profile for a request of the token;
generating a subject key pair within the server, wherein the subject key pair includes a subject public key and the subject private key;
encrypting the subject private key with a key transport session key to arrive at a wrapped private key; and
forwarding the wrapped private key to the token.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a profile framework for handling enrollment requests. In particular, when a token processing system receives an enrollment request, it selects an applicable profile based on information in the request. The profile may indicate a variety of parameters for fulfilling the enrollment request, such as the locations of the applicable certificate authority, token key service, and the like. The profile may also indicate items, such as the number of keys to generate on a token, a token label, and connection information to securely communicate with other components and the client making the enrollment request.
138 Citations
17 Claims
-
1. A method of generating credentials for a token, the method comprising:
-
detecting the token and the server determining that the token is to be enrolled; selecting a profile for a request of the token; generating a subject key pair within the server, wherein the subject key pair includes a subject public key and the subject private key; encrypting the subject private key with a key transport session key to arrive at a wrapped private key; and forwarding the wrapped private key to the token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for generating credentials for a token, the system comprising:
-
a token; a security client configured to manage the token; and a security server configured to interface with the security client, wherein the security server is configured to detect the token to be enrolled by the security server, select a profile for enrolling the token, generate a subject key pair within the security server, wherein the subject key pair includes a subject public key and the subject private key;
encrypt the subject private key with a key transport session key to arrive at a wrapped private key; and
forward the wrapped private key to the token. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification