CERTIFICATE GENERATION
First Claim
Patent Images
1. A non-transitory machine-readable storage medium including instructions for certificate generation which, when executed by a processor, cause the processor to:
- create a key pair comprising a private key and a public key;
receive a signing certificate associated with the public key comprising a configurable signing window;
create an end user certificate according to the signing certificate;
determine whether the configurable signing window has expired; and
in response to determining that the configurable signing window has expired, discard the private key of the key pair.
2 Assignments
0 Petitions
Accused Products
Abstract
Examples disclosed herein comprise certificate generation instructions to create a key pair comprising a private key and a public key, receive a signing certificate associated with the public key comprising a configurable signing window, create an end user certificate according to the signing certificate, determine whether the configurable signing window has expired, and in response to determining that the configurable signing window has expired, discard the private key of the key pair.
27 Citations
15 Claims
-
1. A non-transitory machine-readable storage medium including instructions for certificate generation which, when executed by a processor, cause the processor to:
-
create a key pair comprising a private key and a public key; receive a signing certificate associated with the public key comprising a configurable signing window; create an end user certificate according to the signing certificate; determine whether the configurable signing window has expired; and in response to determining that the configurable signing window has expired, discard the private key of the key pair. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method for certificate generation comprising:
-
initializing a delegated certificate authority service; generating a key pair comprising a public key and a private key; requesting a first signing certificate associated with the public key from a root certificate authority, wherein the signing certificate comprises a configurable signing window; creating a first end user certificate according to the first signing certificate; validating a second end user certificate according to a second signing certificate, wherein the second signing certificate comprises an expired signing window; determining whether the configurable signing window has expired; and in response to determining that the configurable signing window has expired, discarding the private key of the generated key pair. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for certificate generation, comprising:
-
a root certificate authority engine to; receive requests for signing certificates from a plurality of delegated certificate authorities, receive a notice of compromise associated with a plurality of end user certificates from a compromised delegated certificate authority, and distribute a certificate revocation list associated with the plurality of end user certificates to each of the plurality of delegated certificate authorities; and the delegated certificate authority engine to; generate a key pair comprising a public key and a private key, request a signing certificate from the root certificate authority engine according to the public key, receive the signing certificate comprising the public key from the root certificate authority engine, wherein the signing certificate comprises a configurable signing window, store a copy of the public key in a non-volatile memory, store the private key in a volatile memory, create a first end user certificate according to the first signing certificate, validate a second end user certificate according to a second signing certificate, wherein the second signing certificate comprises an expired signing window, determine whether the configurable signing window has expired, and in response to determining that the configurable signing window has expired, discard the private key of the generated key pair from the volatile memory.
-
Specification