Abstract: Embodiments of the present invention provide an automated process for enrolling and logging in with a token. In particular, a security client detects when the user has inserted their token. In response, the security client then notifies the enterprise security system and provides information about the token. The enterprise security system performs a profile lookup and authorizes use of the token.

Abstract: A subject private key that has been encrypted with a session key and a subject public key are received. A storage session key is generated and the subject private key is encrypted with the storage session key. A storage key is retrieved and the storage session key is encrypted with the storage key. The subject private key encrypted with the storage session key and the encrypted storage session key are stored in a memory.

Abstract: An embodiment relates generally to a method of binding a token to a user. The method includes receiving a token embedded with an address and inserting the token into a computer. The method also includes connecting to the address stored on the token and binding a user to the token based on information from the address.

Abstract: Embodiments of the present invention provide identity management security domains that may be used in an enterprise security system. A security domain provides a centralized registry of services provided by the enterprise security system. For example, certificate authorities and other services, such as key archives, and the like, in the enterprise security system may register information about themselves in the security domain. Authorized users can then discover the location of these services. In some embodiments, the security domain may provide an interface that indicates a topology between services of the enterprise security system. The security domain may also serve as a distribution point for security policies. A security policy may comprise information that indicates, for example, a set of trusted certificate authorities, certificate templates, certificate revocation lists, and the locations of the services in the enterprise security system.

Abstract: Systems and methods for generating credentials are described. A subject private key that has been encrypted with a session key and a subject public key are received. A storage session key is generated and the subject private key is encrypted with the storage session key. A storage private key is retrieved and the storage session key is encrypted with the storage private key. The subject private key encrypted with the storage session key and the encrypted storage session key are stored in a memory.

Abstract: A method and system for generating credentials for a token. A server detects a token, determines that the token is to be enrolled, and generates a subject key pair that includes a subject public key and subject private key. The server encrypts the subject private key with a key transport session key to obtain a wrapped private key and forwards the wrapped private key to the token.

Abstract: Embodiments of the present invention provide a profile framework for handling enrollment requests. In particular, when a token processing system receives an enrollment request, it selects an applicable profile based on information in the request. The profile may indicate a variety of parameters for fulfilling the enrollment request, such as the locations of the applicable certificate authority, token key service, and the like. The profile may also indicate items, such as the number of keys to generate on a token, a token label, and connection information to securely communicate with other components and the client making the enrollment request.

Abstract: Methods, systems and computer readable mediums are provided for recovering subject keys and/or certificates for a token. A unique identifier associated with the token is obtained. The token is associated with subject keys and with a first status of statuses, the statuses including a lost status state and an other status state. In response to the token being in the lost status state, a key recovery plan is determined to recover at least one of the subject keys and the certificates associated with the token.

Abstract: An embodiment relates generally to a method of managing a token. The method includes marking a token to be killed and detecting a presence of the token. The method also includes disabling the token in response to the marking of the token.

Abstract: A method and apparatus for cross-platform generation of new software packages. The method may include generating a list of software packages having a first format associated with a first operating system, generating new support files for entries on the list, and generating new software packages from the new support files and code of corresponding software packages. The new software packages are generated in the format associated with a second operating system.

Abstract: An embodiment pertains generally to a method of delivering keys in a server. The method includes generating a subject key pair, where the subject key pair includes a subject public key and a subject private key. The method also includes retrieving a storage key and encrypting the subject private key with the storage key as a wrapped storage private key. The method further includes storing the wrapped storage private key.

Abstract: A method and apparatus for invoking actions on data in a Lightweight Directory Access Protocol (LDAP) repository. In one embodiment, the method includes receiving a request pertaining to data in the LDAP repository. The request indicates at least one action identified in the definition of the LDAP repository. The method further includes causing the action to be performed with respect to one or more data items in the LDAP repository.

Abstract: Methods, systems and computer readable mediums are provided for recovering keys. A key transport session key is generated, and a key encryption key is derived based on a server master key and an identification associated with a token. The key transport session key is encrypted with the key encryption key as a first wrapped key transport session key. An encrypted storage session key and an encrypted private key are retrieved from an archive. The encrypted storage session key is decrypted with a server storage key as a storage session key. The encrypted private key is decrypted with the storage session key. The decrypted private key is encrypted with the key transport session key as a wrapped private key. The wrapped private key and the first wrapped key transport session key are forwarded.

Abstract: A device, method and/or computer-readable medium for testing an application within a test framework includes a framework controller associated with the test framework installed on a master device and a test driver associated with the test framework installed on one or more client devices. The master device is connected to the one or more client devices and a virtual machine (VM) module is installed on each of the one or more client devices. VMs can be created on the client devices and the application is installed on at least one of the VMs. The application is executed on the VMs according to a test scenario file. The framework controller collects data to generate an output result.

Abstract: A device, method and/or computer-readable medium for testing an application within a test framework includes a framework controller associated with the test framework installed on a master device and a test driver associated with the test framework installed on one or more client devices. The master device is connected to the one or more client devices and a virtual machine (VM) module is installed on each of the one or more client devices. VMs can be created on the client devices and the application is installed on at least one of the VMs. The application is executed on the VMs according to a test scenario file. The framework controller collects data to generate an output result.

Abstract: A method and apparatus for cross-platform generation of new software packages. The method may include generating a list of software packages having a first format associated with a first operating system, generating new support files for entries on the list, and generating new software packages from the new support files and code of corresponding software packages. The new software packages are generated in the format associated with a second operating system.

Abstract: An embodiment relates generally to a method of binding a token to a user. The method includes receiving a token embedded with an address and inserting the token into a computer. The method also includes connecting to the address stored on the token and binding a user to the token based on information from the address.

Abstract: An embodiment relates generally to a method of managing a token. The method includes marking a token to be killed and detecting a presence of the token. The method also includes disabling the token in response to the marking of the token.

Abstract: A method and apparatus for invoking actions on data in a Lightweight Directory Access Protocol (LDAP) repository. In one embodiment, the method includes receiving a request pertaining to data in the LDAP repository. The request indicates at least one action identified in the definition of the LDAP repository. The method further includes causing the action to be performed with respect to one or more data items in the LDAP repository.

Abstract: Methods, systems and computer readable mediums are provided for recovering subject keys and/or certificates for a token. A unique identifier associated with the token is obtained. The token is associated with subject keys and with a first status of statuses, the statuses including a lost status state and an other status state. In response to the token being in the lost status state, a key recovery plan is determined to recover at least one of the subject keys and the certificates associated with the token.