SERVER-SIDE KEY GENERATION FOR NON-TOKEN CLIENTS
First Claim
Patent Images
1. A method, implemented by a computing system of a certificate system programmed to perform the following, comprising:
- receiving, at a certificate manager of the computing system from a requester, a certificate enrollment request for a digital certificate for a non-token client;
determining that certificate enrollment request includes a server-side key indicator to generate a key pair, including a public key and a private key, for the digital certificate;
generating the key pair for the digital certificate by a server-side key generation engine of the computing system when the certificate enrollment request includes the server-side key indicator;
encrypting the private key by the server-side key generation engine; and
delivering the encrypted private key to the requester.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for server-side key generation for non-token clients is described.
-
Citations
23 Claims
-
1. A method, implemented by a computing system of a certificate system programmed to perform the following, comprising:
-
receiving, at a certificate manager of the computing system from a requester, a certificate enrollment request for a digital certificate for a non-token client; determining that certificate enrollment request includes a server-side key indicator to generate a key pair, including a public key and a private key, for the digital certificate; generating the key pair for the digital certificate by a server-side key generation engine of the computing system when the certificate enrollment request includes the server-side key indicator; encrypting the private key by the server-side key generation engine; and delivering the encrypted private key to the requester. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A certificate system, comprising:
-
a data storage device to store data concerning key pairs of digital certificates issued by a certificate authority (CA); a certificate manager, coupled to the data storage device, to receive from a requester a certificate enrollment request for a digital certificate for a non-token client and to determine that the certificate enrollment request includes a server-side key indicator to generate a key pair, including a public key and a private key, for the digital certificate; and a server-side key generation engine, coupled to the certificate manager, to generate the key pair for the digital certificate when the certificate enrollment request includes the server-side key indicator, and to deliver the digital certificate and key pair to the requester. - View Dependent Claims (17, 18, 19)
-
-
20. A machine-readable storage medium having instructions, which when executed, cause a computing system to perform a method, the method comprising:
-
receiving, at a certificate manager of the computing system from a requester, a certificate enrollment request for a digital certificate for a non-token client; determining that certificate enrollment request includes a server-side key indicator to generate a key pair, including a public key and a private key, for the digital certificate; generating the key pair for the digital certificate by a server-side key generation engine of the computing system when the certificate enrollment request includes the server-side key indicator; encrypting the private key by the server-side key generation engine; and delivering the encrypted private key to the requester. - View Dependent Claims (21, 22, 23)
-
Specification