Assignment of user certificates/private keys in token enabled public key infrastructure system

US 7,475,250 B2
Filed: 12/19/2001
Issued: 01/06/2009
Est. Priority Date: 12/19/2001
Status: Active Grant

First Claim

Patent Images

1. A method for assigning certificates and associated private keys to a token, comprising:

accessing the token through a token reader connected to a computer system by a certificate authority;

reading a token ID and a user-signature certificate from the token;

searching for a match for the token ID and the user signature certificate in an authoritative database;

creating a certificate and an associated private key, wherein the certificate and the associated private key are wrapped with a public key associated with the token ID and digitally signing the certificate and the associated private key using a signature certificate of the certificate authority if a match for the token ID and the user signature certificate is found in the authoritative database;

downloading the certificate and the associated private key to the token; and

decrypting the certificate and the associated private key using a private key stored in the token, such that the token stores at least the token ID, the private key, the user signature certificate and the certificate and the associated private key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and computer program to assign certificates/private keys to a token. This method and computer program allows a user to access a certificate authority and have certificates/private keys that are used for signature, encryption and role purposes generated and downloaded to the token. The use of secure communication lines and computers is not necessary since the token contains a unique token ID and private key, while the certificate authority contains the associated public key for the token. The certificate generated is wrapped in the public key and only the token, having the associated private key, may activate the certificate.

72 Citations

View as Search Results

16 Claims

1. A method for assigning certificates and associated private keys to a token, comprising:
- accessing the token through a token reader connected to a computer system by a certificate authority;
  
  reading a token ID and a user-signature certificate from the token;
  
  searching for a match for the token ID and the user signature certificate in an authoritative database;
  
  creating a certificate and an associated private key, wherein the certificate and the associated private key are wrapped with a public key associated with the token ID and digitally signing the certificate and the associated private key using a signature certificate of the certificate authority if a match for the token ID and the user signature certificate is found in the authoritative database;
  
  downloading the certificate and the associated private key to the token; and
  
  decrypting the certificate and the associated private key using a private key stored in the token, such that the token stores at least the token ID, the private key, the user signature certificate and the certificate and the associated private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method recited in claim 1, wherein the certificate and the associated private key is a plurality of certificates and associated private keys wherein at least one of the plurality of certificates and associated private keys is a signature certificate for the user, an encryption certificate and associated private key for the user, and a role certificate and associated private key for the user wherein the role certificate includes at least one policy.
  - 3. The method recited in claim 2, wherein the wrapping of the certificate and the associated private key with the public key of the token encrypts the certificate and the associated private key.
  - 4. The method recited in claim 3, wherein the token is a smart card.
  - 5. The method recited in claim 4, wherein the token ID is assigned by a token manufacturer at the time the token is created and stored in the authoritative database when assigned to a user.
  - 6. The method recited in claim 5, wherein downloading the certificate and the associated private key to the token is done through an unsecured communications line.
  - 7. The method recited in claim 6, wherein decrypting the certificate and the associated private key using the private key stored in the token requires the entry of a passphrase by a user.
  - 8. The method recited in claim 7, further comprising:
    - authenticating, by the signing of the certificate and the associated private key using a signature certificate of the certificate authority, that the certificate and the associated private key were issued by the certificate authority.

9. A computer program embodied on a computer readable medium and executable by a computer for assigning certificates and associated private keys to a token, comprising:
- accessing the token through a token reader connected to a computer system by a certificate authority;
  
  reading a token ID and a user signature certificate from the token;
  
  searching for a match for the token ID and the user signature certificate in an authoritative database;
  
  creating a certificate and an associated private key, wherein the certificate and the associated private key are wrapped with a public key associated with the token ID and digitally signing the certificate and the associated private key using a signature certificate of the certificate authority if a match for the token ID and the user signature certificate is found in the authoritative database;
  
  downloading the certificate and the associated private key to the token; and
  
  decrypting the certificate and the associated private key using a private key stored in the token, such that the token stores at least the token ID, the private key, the user signature certificate and the certificate and the associated private key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program recited in claim 9, wherein the certificate and associated private key is a plurality of certificates and associated private keys wherein at least one of the plurality of certificates and associated private keys is a signature certificate for the user, an encryption certificate and associated private key for the user, and a role certificate and associated private key for the user, wherein the role certificate includes at least one policy.
  - 11. The computer program recited in claim 10, wherein the wrapping of the certificate with the public key of the token encrypts the certificate and the associated private key.
  - 12. The computer program recited in claim 11, wherein the token is a smart card.
  - 13. The computer program recited in claim 12, wherein the token ID is assigned by a token manufacturer at the time the token is created and stored in the authoritative database when assigned to a user.
  - 14. The computer program recited in claim 13, wherein downloading the certificate and the associated private key to the token is done through an unsecured communications line.
  - 15. The computer program recited in claim 14, wherein the decrypting the certificate and the associated private key using the private key stored in the token requires the entry of a passphrase by a user.
  - 16. The computer program recited in claim 15, further comprising:
    - authenticating by the signing the certificate and the associated private key using a signature certificate of the certificate authority that the certificate and the associated private key was issued by the certificate authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Northrop Grumman Systems Corporation (Northrop Grumman Corporation)
Original Assignee
Northrop Grumman Corporation
Inventors
Bellmore, Mark A., Kerr, Thomas C., Freeman, William E., Aull, Kenneth W.
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
Khoshnoodi; Nadia

Application Number

US10/027,622
Publication Number

US 20030115468A1
Time in Patent Office

2,575 Days
Field of Search

713/159, 713172-173, 380/258
US Class Current

713/173
CPC Class Codes

G06F 21/33   using certificates

H04L 63/04   for providing a confidentia...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0897   involving additional device...

Assignment of user certificates/private keys in token enabled public key infrastructure system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Assignment of user certificates/private keys in token enabled public key infrastructure system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links