Token-Based Management System for PKI Personalization Process

US 20090031131A1
Filed: 07/17/2008
Published: 01/29/2009
Est. Priority Date: 07/27/2007
Status: Active Grant

First Claim

Patent Images

1. A system for token-based management of a PKI personalization process comprising:

a token request and management system (TRMS) configured to gather request information from a requester;

a token personalization system (TPS) configured to personalize a hardware token such that usage of said hardware token is constrained by said request information; and

a workstation configured to receive said hardware token and use data contained within said hardware token to request PKI data from a PKI server;

said workstation personalizing a manufactured product with said PKI data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for token-based management of a PKI personalization process includes a token request and management system (TRMS) configured to gather request information from a requestor; and a token personalization system (TPS) configured to personalize a hardware token such that usage of the hardware token is constrained by the request information. A method for token-based management of a PKI personalization process includes: requesting a hardware token; personalizing a hardware token such that the hardware token is confined to operation within limiting parameters; binding the hardware token to a workstation which is configured receive the hardware token and use credentials within the hardware token to request and download PKI data from a PKI server, the workstation being further configured to personalize an end user product by loading the PKI data into internal memory contained within the end user product; and monitoring usage of the hardware token and the PKI data.

Citations

20 Claims

1. A system for token-based management of a PKI personalization process comprising:
- a token request and management system (TRMS) configured to gather request information from a requester;
  
  a token personalization system (TPS) configured to personalize a hardware token such that usage of said hardware token is constrained by said request information; and
  
  a workstation configured to receive said hardware token and use data contained within said hardware token to request PKI data from a PKI server;
  
  said workstation personalizing a manufactured product with said PKI data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein said request information comprises a PKI data type, said hardware token being restricted from downloading any additional PKI data types.
  - 3. The system of claim 1, wherein said request information comprises a trust domain, said hardware token being personalized with a certificate authority corresponding to said trust domain, said hardware token being restricted from downloading any PKI data from outside said trust domain.
  - 4. The system of claim 3, wherein said trust domain is a location based trust domain.
  - 5. The system of claim 1, wherein said TPS personalizes said hardware token with keys and certificates, said certificates binding a workstation identifier to a trust domain, said hardware token being further bound to a said workstation corresponding to said workstation identifier.
  - 6. The system of claim 1, further comprising a token validator tool, said token validator tool verifying that said hardware token is connected to said workstation corresponding to said workstation identifier.
  - 7. The system of claim 2, wherein said PKI server compares credential information supplied by said hardware token to an access control list.
  - 8. The system of claim 7, wherein said access control list is updated as additional hardware tokens are requested through said TRMS.
  - 9. The system of claim 1, further comprising a token monitor server (TMS), said TMS monitoring actual usage of said hardware token.
  - 10. The system of claim 9, wherein said TMS creates a global active connection list that is congruent from active connection lists retrieved from PKI servers, said active connection list recording use of said hardware tokens by said PKI server, said global active connection list being compared to said access control list to identify lapsed hardware tokens, said lapsed tokens having been inactive for a specified period of time, said lapsed tokens suspended from being used to making connections.
  - 11. The system of claim 9, wherein a said workstation attempting to make a connection to said PKI server with outdated credentials triggers a revocation request for said outdated credentials, said revocation request being submitted to TRMS and a updated certificate revocation list being populated back to said PKI server to reject a connection initiated by said workstation with outdated credentials.
  - 12. The system of claim 11, wherein said revocation request was triggered based on a global blacklist maintained by said TMS, said TMS being used to retrieve a local blacklist from a said PKI server and verify that portions of global blacklist contained on said PKI server are congruent with said global blacklist.
  - 13. The system of claim 1, wherein a requester logs into said TRMS, said TRMS providing a user interface for selecting said token request information from available options, said TRMS restricting availability of said options according to the according to an identity of said requester.
  - 14. The system of claim 13, wherein said token request information is restricted to a trust domain corresponding to a location of said requester;
    - said token request information being restricted according to PKI types used at said location.

15. A system for token-based management of a PKI personalization process comprising:
- a token request and management system (TRMS) configured to gather request information from a requester;
  
  options for selecting said request information being limited by said requester'"'"'s identity and location;
  
  said request information comprising a location based trust domain, PKI data type, and a workstation identifier;
  
  a token personalization system (TPS) configured to personalize a hardware token such that usage of said hardware token is constrained by said request information;
  
  a workstation corresponding to said workstation identifier being configured to receive said hardware token and using credentials contained within said hardware token to request PKI data from a PKI server, said workstation personalizing a manufactured product with said PKI data;
  
  wherein said PKI server compares credential information supplied by said hardware token to an access control list, said access control list comprising a list of workstations authorized to download said PKI data type;
  
  a token monitor server (TMS), said TMS monitoring actual usage of said hardware token, said TMS maintaining a global active connection list and a global blacklist of tokens that have been suspended or revoked;
  
  wherein connections requested by workstations using credentials of a said hardware token that has been suspended or revoked are rejected.

16. A method for token-based management of a PKI personalization process comprising:
- requesting a hardware token;
  
  personalizing said hardware token such that the use of credentials contained within said hardware token is confined within limiting parameters;
  
  binding said hardware token to a workstation within a product personalization facility, said workstation being configured receive said hardware token and use said credentials within said hardware token to request and download PKI data from a PKI server, said workstation being further configured to personalize an end user product by loading said PKI data into internal memory contained within said end user product; and
  
  monitoring usage of said hardware token and said PKI data.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein requesting a hardware token further comprises:
    - logging into a token request and management system (TRMS);
      
      said TRMS being configured to present options for selecting request information based on a requester identity;
      
      said request information comprising trust domain, PKI data type, and a workstation identifier;
      
      said request information being used to create said credentials, said credentials being stored within said hardware token, usage of said credentials being constrained by said request information.
  - 18. The method of claim 16, wherein said credentials used by said workstation to request PKI data from said PKI server are checked against an access control list by said PKI server.
  - 19. The method of claim 16, wherein monitoring usage of said hardware token comprises identifying lapsed hardware tokens, said lapsed hardware tokens having been inactive for a specified period of time.
  - 20. The method of claim 19, wherein monitoring usage of said hardware token and said PKI data comprises checking said credentials used by said workstation against a blacklist by said PKI server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Pasion, Jason, Qiu, Xin, Chen, Liqiang, Sprunk, Eric

Granted Patent

US 8,392,702 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/172
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/101   Access control lists [ACL]

H04L 63/123   received data contents, e.g...

H04L 63/166   at the transport layer

H04L 9/006   involving public key infras...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

Token-Based Management System for PKI Personalization Process

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Token-Based Management System for PKI Personalization Process

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links