Abstract: A storage assembly is provided to include a housing; a floor supported on the housing; an arm supported on the floor and elastically retractable between a retracted position and an extended position along a first direction; a drive member supported on the housing and including a cavity with an opening to receive a portion of the arm in the extended position; and a resistance member supported on the housing and including a shoulder at least partially retractably extendable through the opening to support the arm.

Abstract: A storage assembly is provided to include a housing; a floor supported on the housing; an arm supported on the floor and elastically retractable between a retracted position and an extended position along a first direction; a drive member supported on the housing and including a cavity with an opening to receive a portion of the arm in the extended position; and a resistance member supported on the housing and including a shoulder at least partially retractably extendable through the opening to support the arm.

Abstract: A subject private key that has been encrypted with a session key and a subject public key are received. A storage session key is generated and the subject private key is encrypted with the storage session key. A storage key is retrieved and the storage session key is encrypted with the storage key. The subject private key encrypted with the storage session key and the encrypted storage session key are stored in a memory.

Abstract: A method and system for identity management certificate operations is described.

Abstract: Certificate renewal is described. A processing device searches a certificate authority (CA) database of digital certificates to identify a certificate that satisfies an expiration condition for automatic renewal. The processing device renews the certificate as a renewed certificate without any user interaction. The processing device is to renew the certificate in view of the expiration condition. The expiration condition includes an expiration of the certificate. When renewing of the certificate, the processing device reuses a key of the certificate for the renewed certificate and sets a new expiration date for the renewed certificate.

Abstract: A method and system for key recovery for a private key of a digital certificate for a client.

Abstract: A method and system for renewal of expired certificates is described. In one embodiment, a method, implemented by a computing system programmed to perform operations, includes receiving, at a certificate manager of a computing system from a requester, a certificate renewal request for an original digital certificate that has already expired, and renewing the expired certificate as a renewed certificate by the certificate manager when the certificate renewal request is approved. The renewed certificate comprises the same key pair as the original certificate, but includes a new expiration date, and wherein the renewed certificate is functionally identical to the original certificate.

Abstract: A method and system for automatically generating a certificate operation request is described.

Abstract: A Security Domain Access System (SDAS) provides highly available security domain data. The SDAS receives a request pertaining to a security domain. The request includes credentials for accessing a security domain manager server. The SDAS selects one of a plurality of security domain manager servers to process the request based on the credentials and the availability of each of the plurality of security domain manager servers. The SDAS forwards the request to the selected security domain manager server.

Abstract: Certificate renewal is described. A processing device searches a certificate authority (CA) database of digital certificates to identify a certificate that satisfies an expiration condition for automatic renewal. The processing device renews the certificate as a renewed certificate without any user interaction. The processing device is to renew the certificate in view of the expiration condition. The expiration condition includes an expiration of the certificate. When renewing of the certificate, the processing device reuses a key of the certificate for the renewed certificate and sets a new expiration date for the renewed certificate.

Abstract: User interface generation in view of constraints of a certificate profile is described.

Abstract: A method and system for server-side key generation for non-token clients is described.

Abstract: A method and system for automatic certificate renewal is described.

Abstract: A method and system for renewing certificates stored on tokens is described.

Abstract: Systems and methods for generating credentials are described. A subject private key that has been encrypted with a session key and a subject public key are received. A storage session key is generated and the subject private key is encrypted with the storage session key. A storage private key is retrieved and the storage session key is encrypted with the storage private key. The subject private key encrypted with the storage session key and the encrypted storage session key are stored in a memory.

Abstract: A method and system for generating credentials for a token. A server detects a token, determines that the token is to be enrolled, and generates a subject key pair that includes a subject public key and subject private key. The server encrypts the subject private key with a key transport session key to obtain a wrapped private key and forwards the wrapped private key to the token.

Abstract: Embodiments of the present invention provide a profile framework for handling enrollment requests. In particular, when a token processing system receives an enrollment request, it selects an applicable profile based on information in the request. The profile may indicate a variety of parameters for fulfilling the enrollment request, such as the locations of the applicable certificate authority, token key service, and the like. The profile may also indicate items, such as the number of keys to generate on a token, a token label, and connection information to securely communicate with other components and the client making the enrollment request.

Abstract: A method and system for managing role-based access control of token data using token profiles having predefined roles is described. In one method, a token processing system (TPS) assigns a TPS client a token profile for a group of multiple tokens, the token profile being stored in a profile data structure. The token profile specifies at least one of multiple predefined roles for the TPS client, each role associated with predefined access to entries of a token database. The TPS receives a request from the TPS client over a network to perform an operation on the entries of the token database that correspond to the group, and allows the TPS client access to the token database to perform the operation when permitted by the predefined roles specified in the token profile on the entries of the token database that correspond to the group identified by the token profile.

Abstract: A method A method and system for managing role-based access control of token data using token profiles is described. In one method, a token processing system (TPS) receives a request from a TPS client over a network to perform an operation on entries of a token database. The TPS identifies a subset of the multiple groups that corresponds to the entries indicated in the request of the TPS client, determines to which of the identified groups the TPS client belongs using token profiles. For each group the TPS client belongs, the TPS determines a corresponding role for the TPS client from the token profiles. For each group the TPS belongs, the TPS allows the TPS client access to the entries of the respective group to perform the operation when the TPS client has the appropriate role assigned within the respective group.

Abstract: Methods, systems and computer readable mediums are provided for recovering subject keys and/or certificates for a token. A unique identifier associated with the token is obtained. The token is associated with subject keys and with a first status of statuses, the statuses including a lost status state and an other status state. In response to the token being in the lost status state, a key recovery plan is determined to recover at least one of the subject keys and the certificates associated with the token.