Profile framework for token processing system
First Claim
1. A method of generating credentials for a programmable token, the method comprising:
- receiving, by a server, a token request and an identifier for the programmable token;
generating a key encryption key based on a server master key and the identifier for the programmable token;
encrypting a key transport session key with the key encryption key to create a wrapped key transport session key;
generating a subject key pair within the server, wherein the subject key pair includes a subject public key and a subject private key;
encrypting the subject private key with the key transport session key to create a wrapped private key; and
forwarding the wrapped private key and the wrapped key transport session key to the programmable token.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a profile framework for handling enrollment requests. In particular, when a token processing system receives an enrollment request, it selects an applicable profile based on information in the request. The profile may indicate a variety of parameters for fulfilling the enrollment request, such as the locations of the applicable certificate authority, token key service, and the like. The profile may also indicate items, such as the number of keys to generate on a token, a token label, and connection information to securely communicate with other components and the client making the enrollment request.
211 Citations
20 Claims
-
1. A method of generating credentials for a programmable token, the method comprising:
-
receiving, by a server, a token request and an identifier for the programmable token; generating a key encryption key based on a server master key and the identifier for the programmable token; encrypting a key transport session key with the key encryption key to create a wrapped key transport session key; generating a subject key pair within the server, wherein the subject key pair includes a subject public key and a subject private key; encrypting the subject private key with the key transport session key to create a wrapped private key; and forwarding the wrapped private key and the wrapped key transport session key to the programmable token. - View Dependent Claims (2, 3, 4, 5, 7)
-
-
6. A method of generating credentials for a programmable token, the method comprising;
-
receiving, by a server, a token request and an identifier for the programmable token; selecting a profile for the programmable token based on the token request; generating a key encryption key based on a server master key and the identifier for the programmable token; encrypting a key transport session key with the key encryption key to create a wrapped key transport session key; generating a subject key pair within the server, wherein the subject key pair includes a subject public key and a subject private key; encrypting the subject private key with the key transport session key to create a wrapped private key; forwarding the wrapped private key and the wrapped key transport session key to the programmable token; identifying a data recovery manager from the profile; and storing a wrapped storage private key and a wrapped storage public key in the data recovery manager.
-
-
8. A non-transitory computer-readable medium including computer executable instructions for performing a method comprising:
-
receiving, by a server, a token request and an identifier for the programmable token; generating a key encryption key based on a server master key and the identifier for the programmable token; encrypting a key transport session key with the key encryption key to create a wrapped key transport session key; generating a subject key pair within the server, wherein the subject key pair includes a subject public key and a subject private key; encrypting the subject private key with the key transport session key to create a wrapped private key; and forwarding the wrapped private key and the wrapped key transport session key to the programmable token. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
9. A system for generating credentials for a programmable token, the system comprising:
-
a programmable token; a security client configured to manage the programmable token; and a security server configured to interface with the security client, wherein the security server is configured to receive a token request and a token identifier, generate a key encryption key based on a server master key and the token identifier, encrypt the key transport session key with the key encryption key to create a wrapped key transport session key, generate a subject key pair within the security server, wherein the subject key pair includes a subject public key and a subject private key, encrypt the subject private key with a key transport session key to create a wrapped private key, and forward the wrapped private key and the wrapped key transport session key to the programmable token. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
Specification