In the relevant art, digital certificate generation in enterprise and government operating environments may require an entity to be supervised by a security officer to firstly verify the identity of the entity and secondly to provide a trusted computer system for generation and registration of public key infrastructure (PKI) keys within the secure domain of the security token. The trusted computer system is provided to ensure that any PKI keys are actually generated by the security token rather than by another source. This process physically requires the user to present credentials such as a driver's license or passport to the security officer who then oversees the PKI key generation process. This supervised mechanism, while relatively secure, is expensive to maintain and is inconvenient to an individual who may simply want to replace an expired digital certificate or has already been verified.
Alternative certificate generation mechanisms are known in the relevant art but generally do not provide the critical assurance that the key pair is actually installed inside the security token rather than a rogue application impersonating the security token. For example, a virtual token emulator virus could cause a PKI key pair to be generated externally on a host computer system in which the public key from the illicit PKI key pair generation becomes incorporated into a digital certificate, registered and stored inside the security token.
In most cases, security token are designed to prevent unauthorized injection of private keys. However, the user, having unintentionally stored a bogus digital certificate, will lack the ability to utilize security token services and will likely have to go through the process of invalidating the bogus digital certificate which may have already become widely distributed. Furthermore, if the virtual token emulator virus were to become widespread, the resulting damage and loss of productivity could potentially be as disruptive to an enterprise or other organization as if legitimate private keys were compromised.
A number of mechanisms are available in the relevant art which attempt to address illicit certificate generation. For example, in a traditional mechanism, U.S. Pat. No. 5,721,781 to Deo, et al., provides an authentication system in which a security token is assigned its own digital certificate. The digital certificate contains a digital signature from a trusted certifying authority and a unique public key. In another example, U.S. patent application US 2002 0026578 to Hamann, et al., provides a mechanism for secure usage of digital certificates and related PKI keys on a security token. The arrangement provided by Hamann et al., allows secure importation of digital certificates into the security token. However, neither the latter nor the former mechanisms provide proof that the PKI keys are installed inside the security token.
In another mechanism, WIPO application WO0079724A2, to Immonen, provides a manufacturer's digital certificate. The digital certificate is stored inside the security token which permits a Certification Authority to verify the creation and storage of a PKI key pair within the secure domain of the security token. Lastly, U.S. patent application US2003/0005317 (Ser. No. 09/892,904) to Audebert, et al., provides an alternate mechanism for generating and verifying a key protection certificate. U.S. patent application US 2003 0005317 is to a common assignee which is herein incorporated by reference and not admitted as prior art. Both of these mechanisms provide added assurances that the PKI key pair is actually installed inside the secure domain of a secure token.
Therefore, a trusted security token PKI key pair generation and verification arrangement which prevents unauthorized digital certificate generation and does not require security officer oversight is a highly desirable security feature.