Abstract: A method of renewing a plurality of digital certificates includes receiving, at a first time, a request from a user to renew a first digital certificate and determining an expiration date for the first digital certificate. The method also includes receiving, at a second time, a request from the user to renew a second digital certificate and determining an expiration date for the second digital certificate. The expiration date for the second certificate is later than the expiration date for the first certificate. The method further includes determining a new expiration date occurring after the first time and the second time and renewing the first digital certificate. An expiration date for the renewed first digital certificate is equal to the new expiration date. Moreover, the method includes renewing the second digital certificate. An expiration date for the renewed second digital certificate is equal to the new expiration date.

Abstract: A method for managing payment of digital certificates includes receiving a request to issue a digital certificate to a subscriber, capturing and saving payment information of the subscriber, performing a first authentication and verification of the subscriber at a first time, and performing at least one additional authentication and verification of the subscriber at least once every authentication period. A long-lived certificate is issued to the subscriber provided the subscriber is authenticated and verified. The long-lived certificate is valid for an expiration period. However, the long-lived certificate is revoked if (1) the additional authentications and verification produce invalid results, or (2) if payment is not received during a payment period. The authentication period is shorter than the expiration period and there are at least a first and a second authentication period within the expiration period. The expiration period is longer than the authentication period.

Abstract: A method for forming a digital certificate includes receiving contact information associated with the digital certificate. The contact information includes at least a name, a mailing address, and an email address. The method also includes receiving billing information associated with the digital certificate and receiving a Certificate Signing Request (CSR) for the digital certificate. The method further includes receiving a first name for use in forming the digital certificate and receiving a second name for use in forming the digital certificate. Moreover, the method includes receiving an indication of a vendor of web server software, receiving an indication of a service period for the digital certificate, and forming the digital certificate. The first name is stored in a Subject field of the digital certificate and the second name is stored in the SubjectAltName extension of the digital certificate.

Abstract: A method of provisioning a first digital certificate and a second digital certificate based on an existing digital certificate includes receiving information related to the existing digital certificate. The existing digital certificate includes a first name listed in a Subject field and a second name listed in a SubjectAltName extension. The method also includes receiving an indication from a user to split the existing digital certificate and extracting the first name from the Subject field and the second name from the SubjectAltName extension of the existing digital certificate. The method further includes extracting the public key from the existing digital certificate, provisioning the first digital certificate with the first name listed in a Subject field of the first digital certificate and the public key, and provisioning the second digital certificate with the second name listed in a Subject field of the second digital certificate and the public key.

Abstract: A method of restricting access to private keys in a public key infrastructure provides for storage of an encrypted private key at a primary site. A masked session key is stored at a secondary site, where the masked session key enables recovery of the private key. By using distributed storage architecture for recovery data, simplification can be achieved without sacrificing security.

Abstract: A method of restricting access to private keys in a public key infrastructure provides for storage of an encrypted private key at a primary site. A masked session key is stored at a secondary site, where the masked session key enables recovery of the private key. By using distributed storage architecture for recovery data, simplification can be achieved without sacrificing security.

Abstract: A public key management infrastructure (104) is shared by at least two users (102). A method (300) for managing risk arising from a user's use of the shared public key management infrastructure (104) includes the following steps. The user (102) is associated (301) with a digital certificate (200) which is issued and digitally signed by a certification authority (CA). The digital certificate (200) represents that the user (102) is bound to a public key (210) corresponding to a private key held by the user (102); the public key (210) and the private key form a key pair for use in public-key cryptography. The digital certificate (200) further includes an access label (216), which may identify the domain (105) within the public key management infrastructure (104) which the user (102) is authorized to access and/or the privileges which the user (102) is authorized to exercise. The user's identity and the validity of the digital certificate (200) are established (303,305).

Abstract: Unique identifications are assigned to entities in a network and items in a database. In general, unique identifications are assigned to entities or data items within a network by a plurality of server entities, each server entity capable of obtaining a unique subset of identifications from other server entities, assigning an identification from its subset to another server entity, subdividing its own subset to form other unique subsets and assigning a unique subset to another server entity. Each server entity receives its own server entity identification when it is installed and also may request to receive a unique subset of entity identifications. A subset of entity identifications, also referred to interchangeably herein as a "block" of entity identifications, comprises one or more entity identifications. Each server entity controls the assignment of the entity identifications within the subsets it receives.