TOKEN RENEWAL

US 20110126002A1
Filed: 11/24/2009
Published: 05/26/2011
Est. Priority Date: 11/24/2009
Status: Active Grant

First Claim

Patent Images

1. A method, implemented by a computing system programmed to perform operations, comprising:

receiving, by the computing system, a token renewal request for renewing an original digital certificate stored on a token; and

renewing, by the computing system, the original certificate as a renewed certificate when the token renewal request is approved, wherein the renewed certificate comprises the same key as the original certificate, but includes a new expiration date, and wherein the renewed certificate is functionally identical to the original certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for renewing certificates stored on tokens is described.

Citations

22 Claims

1. A method, implemented by a computing system programmed to perform operations, comprising:
- receiving, by the computing system, a token renewal request for renewing an original digital certificate stored on a token; and
  
  renewing, by the computing system, the original certificate as a renewed certificate when the token renewal request is approved, wherein the renewed certificate comprises the same key as the original certificate, but includes a new expiration date, and wherein the renewed certificate is functionally identical to the original certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein said renewing comprises:
    - finding a record of the token in a token database of the computing system;
      
      authenticating the token and a user associated with the token;
      
      sending a certificate renewal request with information from the record to a certificate manager to approve the certificate renewal request and to issue the renewed certificate; and
      
      sending the renewed certificate back to the token to store the renewed certificate.
  - 3. The method of claim 1, wherein said renewing comprises:
    - finding a record of the token in a token database of the computing system;
      
      authenticating the token and a user associated with the token;
      
      determining whether a token policy in the record allows renewal of the token;
      
      when the token policy allows token renewal, sending a certificate renewal request with information from the record to a certificate manager to approve the certificate renewal request and to issue the renewed certificate; and
      
      sending the renewed certificate back to the token to store the renewed certificate.
  - 4. The method of claim 3, wherein the original digital certificate was previously issued by the certificate manager, and wherein the information comprises a serial number identifying the original certificate issued by the certificate manager.
  - 5. The method of claim 3, wherein said authenticating the user associated with the token comprises:
    - receiving user identification information, including at least a password; and
      
      authenticating the user against a user database using the user identification information.
  - 6. The method of claim 3, wherein said authenticating the user associated with the token comprises:
    - receiving a Lightweight Directory Access Protocol (LDAP) user identifier and a password to access a LDAP directory; and
      
      authenticating the token against the LDAP directory using the LDAP user identifier and password.
  - 7. The method of claim 3, wherein said authenticating the token sets up a secure channel with which the token and the TPS can communicate securely.
  - 8. The method of claim 3, further comprising:
    - when the token policy does not allow token renewal,sending a re-enrollment request to a certificate manager to issue a new certificate having a new key pair; and
      
      sending the new certificate to a client application to store the new certificate on the token.
  - 9. The method of claim 8, further comprising instructing the client application to store the new certificate and the original certificate on the token, wherein the original and new certificates are encryption certificates.
  - 10. The method of claim 1, wherein said renewing comprises:
    - finding a record of the token in a token database of the computing system;
      
      determining whether a token policy in the record allows renewal of the token;
      
      determining whether the original certificate is eligible for renewal, wherein the token is eligible for renewal when the token policy allows renewal of the token and the certificate expiration date is not outside a grace period to renew the original certificate;
      
      when the token is eligible for renewal, sending a certificate renewal request with information from the record to a certificate manager to approve the certificate renewal request and to issue the renewed certificate; and
      
      sending the renewed certificate back to the token to store the renewed certificate.
  - 11. The method of claim 1, wherein the token stores a plurality of digital certificates, including the original digital certificate, and wherein said renewing comprises renewing the plurality of digital certificates as a plurality of renewed certificates.
  - 12. The method of claim 11, wherein said renewing the plurality of digital certificates comprises:
    - finding a record of the token in a token database of the computing system;
      
      when the token policy allows token renewal,determining the number of the plurality of digital certificates stored on the token from the record;
      
      determining whether a token policy in the record allows renewal of each of the plurality of digital certificates stored on the token;
      
      sending a certificate renewal request for each of the plurality of digital certificates in the record to a certificate manager to approve the respective certificate renewal request and to issue the renewed certificate when the respective certificate renewal request is approved; and
      
      sending each of the plurality of renewed certificates back to the token to store each of the plurality of renewed certificates.
  - 13. The method of claim 12, wherein said renewing the plurality of digital certificates comprises:
    - finding a record of the token in a token database of the computing system;
      
      determining whether a token policy in the record allows renewal of the token;
      
      determining the number of the plurality of digital certificates stored on the token by requesting information for each of the plurality of digital certificates from a client application that communicates with the token;
      
      sending a certificate renewal request for each of the plurality of digital certificates with the information received from the client application to a certificate manager to approve the respective certificate renewal request and to issue the renewed certificate when the respective certificate renewal request is approved; and
      
      sending each of the plurality of renewed certificates back to the token to store each of the plurality of renewed certificates.
  - 14. The method of claim 12, wherein said renewing the plurality of digital certificates comprises:
    - finding a record of the token in a token database of the computing system;
      
      for each of the plurality of digital certificates, determining whether a token policy in the record allows renewal of the respective certificate, wherein the token policy allows renewal of a first type of certificate, but requires re-enrollment of a second type of certificate;
      
      for each of the plurality of digital certificates of the first type, sending a certificate renewal request with information from the respective certificate to a certificate manager to approve the respective certificate renewal request and to issue the renewed certificate when the respective certificate renewal request is approved;
      
      for each of the plurality of digital certificates of the second type, sending a re-enrollment request to the certificate manager to generate a new certificate having a new key pair for the respective certificate; and
      
      sending each of the renewed certificates and each of the new certificates back to the token to be stored.

15. A certificate system, comprising:
- a data storage device to store token data associated with a plurality of tokens that store at least one digital certificate; and
  
  a first server, comprising a token processing system (TPS), coupled to the data storage device, wherein the TPS is configured to receive a token renewal request for renewing an original digital certificate stored on a token, and to renew the original certificate as a renewed certificate when the token renewal request is approved using the token data, wherein the renewed certificate comprises the same key as the original certificate, but includes a new expiration date, and wherein the renewed certificate is functionally identical to the original certificate.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The certificate system of claim 15, further comprising a second server, comprising a certificate manager, coupled to the first server, wherein the TPS is configured to send a certificate renewal request to the certificate manager to approve the certificate renewal request and to issue the renewed certificate, and to send the renewed certificate back to the token to store the renewed certificate.
  - 17. The certificate system of claim 15, wherein the data storage device manages a token database that stores a record for the token and associates the token with the original certificate stored on the token and with a user, wherein the TPS is configured to find the record of the token in the token database in response to receipt of the token renewal request, and to authenticate the token and a user associated with the token, and wherein the TPS is configured to send a certificate renewal request with information from the record to a certificate manager to approve the certificate renewal request and to issue the renewed certificate.
  - 18. The certificate system of claim 17, wherein the token database is managed by a Lightweight Directory Access Protocol (LDAP) directory server coupled to the first server, and wherein the record of the token comprises a token policy that specifies whether the original certificate stored on the token can be renewed, and a serial number identifying the original certificate issued by a certificate manager.
  - 19. The certificate system of claim 15, wherein the TPS comprises a token renewal module that comprises:
    - a TPS engine coupled to receive the token renewal request from a client application that manages the token; and
      
      a token database manager coupled to the TPS engine and the data storage device, wherein the TPS engine is configured to find a record of the token via the token database manager, and wherein the TPS engine is further configured to send a certificate renewal request with information from the record to a second server, comprising a certificate manager to approve the certificate renewal request and to issue the renewed certificate, and to send the renewed certificate back to the token to store the renewed certificate.

20. A machine-readable storage medium having instructions, which when executed, cause a token processing system (TPS) of a computing system to perform a method, the method comprising:
- receiving a token renewal request for renewing an original digital certificate stored on a token; and
  
  renewing the original certificate as a renewed certificate when the token renewal request is approved, wherein the renewed certificate comprises the same key as the original certificate, but includes a new expiration date, and wherein the renewed certificate is functionally identical to the original certificate.
- View Dependent Claims (21, 22)
- - 21. The machine-readable storage medium of claim 20, wherein said renewing comprises:
    - finding a record of the token in a token database of the computing system;
      
      authenticating the token and a user associated with the token;
      
      determining whether a token policy in the record allows renewal of the token;
      
      when the token policy allows token renewal, sending a certificate renewal request with information from the record to a certificate manager to approve the certificate renewal request and to issue the renewed certificate; and
      
      sending the renewed certificate back to the token to store the renewed certificate.
  - 22. The machine-readable storage medium of claim 20, wherein said renewing comprises:
    - finding a record of the token in the token database;
      
      determining whether a token policy in the record allows renewal of the token;
      
      determining whether the original certificate is eligible for renewal, wherein the token is eligible for renewal when the token policy allows renewal of the token and the certificate expiration date is not outside a grace period to renew the original certificate;
      
      when the token is eligible for renewal, sending a certificate renewal request with information from the record to a certificate manager to approve the certificate renewal request and to issue the renewed certificate; and
      
      sending the renewed certificate back to the token to store the renewed certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Magne, John Garraye, Fu, Christina

Granted Patent

US 8,683,196 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

TOKEN RENEWAL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

TOKEN RENEWAL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links