Computer system and method for generating a digital certificate
First Claim
1. A method in a computer system for employing a digital certificate, for use only within said computer system, to authenticate operations internal to said computer system, said method comprising:
- storing a master key pair and data specifying an authentication code in a protected storage within a security subsystem, wherein said master key pair comprises a first private key and a first public key and said first private key and said authentication code are inaccessible outside of said security subsystem;
receiving a request to generate a digital certificate at said security subsystem;
generating a user prompt for said authentication code in response to a receipt of said request to generate said digital certificate;
receiving a reply from a user in response to a generation of said user prompt; and
processing said request to generate said digital certificate in response to a receipt of said reply, wherein said processing comprisesgenerating said digital certificate utilizing said first private key only if said reply is determined to correctly specify said authentication code, whereinsaid digital certificate comprises data specifying a second public key of a target key pair.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer system and method are disclosed for generating a certificate that can be validated against a trusted hardware subsystem within a computer system. A security subsystem is established within the computer system. A master key pair including a master public key and master private key are established. The master private key is stored in protected storage within the security subsystem such that the master private key is inaccessible outside of the security subsystem. Generation of a self-verifying certificate is requested. A user of the computer system is then prompted to enter an authentication code in response to the request for generation of the certificate. A certificate is generated utilizing the master key pair only in response to a correct entry of the authentication code. The certificate is used only internally within the computer system.
47 Citations
18 Claims
-
1. A method in a computer system for employing a digital certificate, for use only within said computer system, to authenticate operations internal to said computer system, said method comprising:
-
storing a master key pair and data specifying an authentication code in a protected storage within a security subsystem, wherein said master key pair comprises a first private key and a first public key and said first private key and said authentication code are inaccessible outside of said security subsystem; receiving a request to generate a digital certificate at said security subsystem; generating a user prompt for said authentication code in response to a receipt of said request to generate said digital certificate; receiving a reply from a user in response to a generation of said user prompt; and processing said request to generate said digital certificate in response to a receipt of said reply, wherein said processing comprises generating said digital certificate utilizing said first private key only if said reply is determined to correctly specify said authentication code, wherein said digital certificate comprises data specifying a second public key of a target key pair. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer system for employing a digital certificate for use only within said computer system to authenticate operations internal to said computer system, said computer system comprising:
-
means for storing a master key pair and data specifying an authentication code in a protected storage within a security subsystem, wherein said master key pair comprises a first private key and a first public key and said first private key and said authentication code are inaccessible outside of said security subsystem; means for receiving a request to generate a digital certificate at said security subsystem; means for generating a user prompt for said authentication code in response to a receipt of said request to generate said digital certificate; means for receiving a reply from a user in response to a generation of said user prompt; and means for processing said request to generate said digital certificate in response to a receipt of said reply, wherein said means for processing comprises means for generating said digital certificate utilizing said first private key only if said reply is determined to correctly specify said authentication code, wherein said digital certificate comprises data specifying a second public key of a target key pair. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-readable medium encoded with a computer program, which when executed by a processor, causes said processor to implement a method in a computer system for employing a digital certificate, for use only within said computer system, to authenticate operations internal to said computer system, said method comprising:
-
storing a master key pair and data specifying an authentication code in a protected storage within a security subsystem, wherein said master key pair comprises a first private key and a first public key and said first private key and said authentication code are inaccessible outside of said security subsystem; receiving a request to generate a digital certificate at said security subsystem; generating a user prompt for said authentication code in response to a receipt of said request to generate said digital certificate; receiving a reply from a user in response to a generation of said user prompt; and processing said request to generate said digital certificate in response to a receipt of said reply, wherein said processing comprises generating said digital certificate utilizing said first private key only if said reply is determined to correctly specify said authentication code, wherein said digital certificate comprises data specifying a second public key of a target key pair. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification