Token renewal
First Claim
Patent Images
1. A method, implemented by a computing system programmed to perform operations, comprising:
- receiving, by the computing system, a token renewal request for renewing an original digital certificate stored on a token, wherein the original digital certificate comprises an original key and an original expiration date; and
renewing, by the computing system, the original digital certificate as a renewed certificate when the token renewal request is approved, wherein the renewed certificate comprises the original key and a new expiration date, wherein the renewed certificate is functionally identical to the original digital certificate, and wherein renewing the original digital certificate comprises;
authenticating the token and a user associated with the token,determining whether a token policy allows renewal of the token,when the token policy allows token renewal, sending a certificate renewal request to obtain the renewed certificate, andwhen the token policy does not allow token renewal, sending a re-enrollment request to a certificate manager to issue a new certificate comprising a new key pair.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for renewing certificates stored on tokens is described.
-
Citations
22 Claims
-
1. A method, implemented by a computing system programmed to perform operations, comprising:
-
receiving, by the computing system, a token renewal request for renewing an original digital certificate stored on a token, wherein the original digital certificate comprises an original key and an original expiration date; and renewing, by the computing system, the original digital certificate as a renewed certificate when the token renewal request is approved, wherein the renewed certificate comprises the original key and a new expiration date, wherein the renewed certificate is functionally identical to the original digital certificate, and wherein renewing the original digital certificate comprises; authenticating the token and a user associated with the token, determining whether a token policy allows renewal of the token, when the token policy allows token renewal, sending a certificate renewal request to obtain the renewed certificate, and when the token policy does not allow token renewal, sending a re-enrollment request to a certificate manager to issue a new certificate comprising a new key pair. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, implemented by a computing system programmed to perform operations, comprising:
-
receiving, by the computing system, a token renewal request for renewing an original digital certificate stored on a token, wherein the original digital certificate comprises an original key and an original expiration date, wherein the token stores a plurality of digital certificates, including the original digital certificate; and renewing the plurality of digital certificates as a plurality of renewed certificates, wherein renewing the plurality of digital certificates comprises; finding a record of the token in a token database of the computing system, authenticating the token and a user associated with the token, determining whether a token policy in the record allows renewal of the token, when the token policy allows renewal of the token, determining a number of the plurality of digital certificates stored on the token from the record, determining whether the token policy in the record allows renewal of each of the plurality of digital certificates stored on the token, sending a certificate renewal request for each of the plurality of digital certificates in the record to a certificate manager to approve the respective certificate renewal request and to issue a renewed certificate when the respective certificate renewal request is approved. - View Dependent Claims (12)
-
-
13. A method, implemented by a computing system programmed to perform operations, comprising:
-
receiving, by the computing system, a token renewal request for renewing an original digital certificate stored on a token, wherein the original digital certificate comprises an original key and an original expiration date, wherein the token stores a plurality of digital certificates, including the original digital certificate; and renewing the plurality of digital certificates as a plurality of renewed certificates, wherein renewing the plurality of digital certificates comprises; finding a record of the token in a token database of the computing system, authenticating the token and a user associated with the token, determining whether a token policy in the record allows renewal of the token, determining a number of the plurality of digital certificates stored on the token by requesting information for each of the plurality of digital certificates from a client application that communicates with the token, sending a certificate renewal request for each of the plurality of digital certificates with the information received from the client application to a certificate manager to approve the respective certificate renewal request and to issue a renewed certificate when the respective certificate renewal request is approved, and sending each of the plurality of renewed certificates back to the token to store each of the plurality of renewed certificates.
-
-
14. A method, implemented by a computing system programmed to perform operations, comprising:
-
receiving, by the computing system, a token renewal request for renewing an original digital certificate stored on a token, wherein the original digital certificate comprises an original key and an original expiration date, wherein the token stores a plurality of digital certificates, including the original digital certificate; and renewing the plurality of digital certificates as a plurality of renewed certificates, wherein renewing the plurality of digital certificates comprises; finding a record of the token in a token database of the computing system, authenticating the token and a user associated with the token, for each of the plurality of digital certificates, determining whether a token policy in the record allows renewal of the respective certificate, wherein the token policy allows renewal of a first type of certificate, but requires re-enrollment of a second type of certificate, for each of the plurality of digital certificates of the first type, sending a certificate renewal request with information from the respective certificate to a certificate manager to approve the respective certificate renewal request and to issue a renewed certificate when the respective certificate renewal request is approved, for each of the plurality of digital certificates of the second type, sending a re-enrollment request to the certificate manager to generate a new certificate comprising a new key pair for the respective certificate, and sending each of the renewed certificates and each of the new certificates back to the token to be stored.
-
-
15. A certificate system, comprising:
-
a data storage device to store token data associated with a plurality of tokens that store at least one digital certificate; and a first server, comprising a token processing system (TPS), coupled to the data storage device, wherein the TPS is to receive a token renewal request for renewing an original digital certificate stored on a token, and to renew the original digital certificate as a renewed certificate when the token renewal request is approved using the token data, wherein the original digital certificate comprises an original key and an original expiration date, wherein the renewed certificate comprises the original key and a new expiration date, wherein the renewed certificate is functionally identical to the original digital certificate, and wherein to renew the original digital certificate comprises; authenticating the token and a user associated with the token, determining whether a token policy allows renewal of the token, when the token policy allows token renewal, sending a certificate renewal request to obtain the renewed certificate, and when the token policy does not allow token renewal, sending a re-enrollment request to a certificate manager to issue a new certificate comprising a new key pair. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A non-transitory machine-readable storage medium having instructions, which when executed, cause a token processing system (TPS) of a computing system to perform operations comprising:
-
receiving a token renewal request for renewing an original digital certificate stored on a token, wherein the original digital certificate comprises an original key and an original expiration date; and renewing, by the TPS, the original digital certificate as a renewed certificate when the token renewal request is approved, wherein the renewed certificate comprises the original key and a new expiration date, wherein the renewed certificate is functionally identical to the original digital certificate, wherein renewing the original digital certificate comprises; authenticating the token and a user associated with the token, determining whether a token policy allows renewal of the token, when the token policy allows token renewal, sending a certificate renewal request to obtain the renewed certificate, and when the token policy does not allow token renewal, sending a re-enrollment request to a certificate manager to issue a new certificate comprising a new key pair. - View Dependent Claims (21, 22)
-
Specification