Some applications that run on a computing device employ a cryptographic system to provide security for the application. One such cryptosystem involves a certificate-key pair. An application that requires a certificate-key pair may include a certificate-key pair in an application download package, or the device may be instructed to download the certificate-key pair from a server when the application is downloaded to the device (e.g., from a Device Management Server, or DMS). For example, for a newly-downloaded application, a device may download provisioning parameters from a DMS, and the provisioning parameters may include a certificate-key pair. When the DMS receives a request from a client device for a certificate-key pair as part of the provisioning request, the DMS is responsible for generating a certificate-key pair for the device. One example of a certificate-key pair is an RSA key-pair.
Certificate-key pair request traffic at the server may vary over time. Causes of traffic variability may include a public release of a new application package and certificate revocation, both of which may cause a spike in requests for new certificate-key pairs from the server. Also, demands for certificate-key pairs may also vary by time of day or day of week due to normal business cycles. Generating certificate-key pairs when they are requested is computationally intensive since it involves generating large k-bit prime numbers and testing them for primality. For example, generating RSA 2048 bit keys may take greater than one second. When requests for certificate-key pairs become sufficiently numerous, a server may be unable to generate sufficient certificate-key pairs to meet the demand within a required time period.