Methods and systems for server-side key generation
First Claim
Patent Images
1. A method comprising:
- transmitting, by a computer system, a request for a subject key pair;
receiving by the computer system, in response to the request, a subject private key that has been encrypted with a session key, and a subject public key;
transmitting to a token, by the computer system, (i) the encrypted subject private key, and (ii) the session key encrypted with a symmetric key that is based on the token and a master key;
transmitting to a certificate authority, by the computer system, a certificate enrollment request with information pertaining to the subject public key;
receiving, by the computer system, a certificate in response to the certificate enrollment request;
generating a storage session key;
encrypting the subject private key with the storage session key;
retrieving a storage private key;
encrypting the storage session key with the storage private key; and
storing (i) the subject private key encrypted with the storage session key, and (ii) the encrypted storage session key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for generating credentials for a token. A server detects a token, determines that the token is to be enrolled, and generates a subject key pair that includes a subject public key and subject private key. The server encrypts the subject private key with a key transport session key to obtain a wrapped private key and forwards the wrapped private key to the token.
-
Citations
18 Claims
-
1. A method comprising:
-
transmitting, by a computer system, a request for a subject key pair; receiving by the computer system, in response to the request, a subject private key that has been encrypted with a session key, and a subject public key; transmitting to a token, by the computer system, (i) the encrypted subject private key, and (ii) the session key encrypted with a symmetric key that is based on the token and a master key; transmitting to a certificate authority, by the computer system, a certificate enrollment request with information pertaining to the subject public key; receiving, by the computer system, a certificate in response to the certificate enrollment request; generating a storage session key; encrypting the subject private key with the storage session key; retrieving a storage private key; encrypting the storage session key with the storage private key; and storing (i) the subject private key encrypted with the storage session key, and (ii) the encrypted storage session key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising:
-
a memory to store a session key; and a processor to; transmit a request for a subject key pair, receive, in response to the request, a subject private key that has been encrypted with the session key, and a subject public key, transmit to a token (i) the encrypted subject private key and (ii) the session key encrypted with a symmetric key that is based on the token and a master key, transmit to a certificate authority a certificate enrollment request with information pertaining to the subject public key; receive a certificate in response to the certificate enrollment request, generate a storage session key, encrypt the subject private key with the storage session key, retrieve a storage private key, encrypt the storage session key with the storage private key; and store in the memory (i) the subject private key encrypted with the storage session key, and (ii) the encrypted storage session key. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium comprising instructions for causing a computer system to perform operations comprising:
-
transmitting, by the computer system, a request for a subject key pair; receiving by the computer system, in response to the request, a subject private key that has been encrypted with a session key, and a subject public key; transmitting to a token, by the computer system, (i) the encrypted subject private key, and (ii) the session key encrypted with a symmetric key that is based on the token and a master key; transmitting to a certificate authority, by the computer system, a certificate enrollment request with information pertaining to the subject public key; and receiving, by the computer system, a certificate in response to the certificate enrollment request; generating a storage session key; encrypting the subject private key with the storage session key; retrieving a storage private key; encrypting the storage session key with the storage private key; and storing (i) the subject private key encrypted with the storage session key, and (ii) the encrypted storage session key. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification