CERTIFICATE GENERATION

US 20180109390A1
Filed: 04/06/2015
Published: 04/19/2018
Est. Priority Date: 04/06/2015
Status: Abandoned Application

First Claim

Patent Images

1. A non-transitory machine-readable storage medium including instructions for certificate generation which, when executed by a processor, cause the processor to:

create a key pair comprising a private key and a public key;

receive a signing certificate associated with the public key comprising a configurable signing window;

create an end user certificate according to the signing certificate;

determine whether the configurable signing window has expired; and

in response to determining that the configurable signing window has expired, discard the private key of the key pair.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples disclosed herein comprise certificate generation instructions to create a key pair comprising a private key and a public key, receive a signing certificate associated with the public key comprising a configurable signing window, create an end user certificate according to the signing certificate, determine whether the configurable signing window has expired, and in response to determining that the configurable signing window has expired, discard the private key of the key pair.

27 Citations

View as Search Results

15 Claims

1. A non-transitory machine-readable storage medium including instructions for certificate generation which, when executed by a processor, cause the processor to:
- create a key pair comprising a private key and a public key;
  
  receive a signing certificate associated with the public key comprising a configurable signing window;
  
  create an end user certificate according to the signing certificate;
  
  determine whether the configurable signing window has expired; and
  
  in response to determining that the configurable signing window has expired, discard the private key of the key pair.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The non-transitory machine-readable medium of claim 1, wherein the signing certificate further comprises a validity window.
  - 3. The non-transitory machine-readable medium of claim 2, wherein the end user certificate comprises a second validity window and wherein the second validity window is less than the validity window of the signing certificate.
  - 4. The non-transitory machine-readable medium of claim 2, wherein the instructions cause the processor to retain the signing certificate for the duration of the validity window.
  - 5. The non-transitory machine-readable medium of claim 1 wherein the instructions cause the processor to retain the private key in a volatile memory.
  - 6. The non-transitory machine-readable medium of claim 1 wherein the signing certificate is received from a root certificate authority.

7. A computer-implemented method for certificate generation comprising:
- initializing a delegated certificate authority service;
  
  generating a key pair comprising a public key and a private key;
  
  requesting a first signing certificate associated with the public key from a root certificate authority, wherein the signing certificate comprises a configurable signing window;
  
  creating a first end user certificate according to the first signing certificate;
  
  validating a second end user certificate according to a second signing certificate, wherein the second signing certificate comprises an expired signing window;
  
  determining whether the configurable signing window has expired; and
  
  in response to determining that the configurable signing window has expired, discarding the private key of the generated key pair.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The computer-implemented method of claim 7, wherein the second end user certificate is validated according to a second public key associated with the second signing certificate.
  - 9. The computer-implemented method of claim 8, wherein the public key of the generated key pair and the second public key are stored in a non-volatile memory.
  - 10. The computer-implemented method of claim 8, further comprising providing the public key of the generated key pair and the second public key to the root certificate authority.
  - 11. The computer-implemented method of claim 7, wherein validating the second end user certificate comprises determining whether the second end user certificate is associated with a certificate revocation list.
  - 12. The computer-implemented method of claim 11, further comprising receiving the certificate revocation list from the root certificate authority.
  - 13. The computer-implemented method of claim 7, wherein the private key of the generated key pair is stored in a volatile memory.
  - 14. The computer-implemented method of claim 13, wherein the private key of the generated key pair is discarded upon a shutdown of the delegated certificate authority service.

15. A system for certificate generation, comprising:
- a root certificate authority engine to;
  
  receive requests for signing certificates from a plurality of delegated certificate authorities,receive a notice of compromise associated with a plurality of end user certificates from a compromised delegated certificate authority, anddistribute a certificate revocation list associated with the plurality of end user certificates to each of the plurality of delegated certificate authorities; and
  
  the delegated certificate authority engine to;
  
  generate a key pair comprising a public key and a private key,request a signing certificate from the root certificate authority engine according to the public key,receive the signing certificate comprising the public key from the root certificate authority engine, wherein the signing certificate comprises a configurable signing window,store a copy of the public key in a non-volatile memory,store the private key in a volatile memory,create a first end user certificate according to the first signing certificate,validate a second end user certificate according to a second signing certificate, wherein the second signing certificate comprises an expired signing window,determine whether the configurable signing window has expired, andin response to determining that the configurable signing window has expired, discard the private key of the generated key pair from the volatile memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
SPRATTE, Michael, ROSCIO, Steve, VENCEL, Paul D

Application Number

US15/564,737
Publication Number

US 20180109390A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

CERTIFICATE GENERATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

CERTIFICATE GENERATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links