Abstract: A method and computer program to assign certificates/private keys to a token. This method and computer program allows a user to access a certificate authority and have certificates/private keys that are used for signature, encryption and role purposes generated and downloaded to the token. The use of secure communication lines and computers is not necessary since the token contains a unique token ID and private key, while the certificate authority contains the associated public key for the token. The certificate generated is wrapped in the public key and only the token, having the associated private key, may activate the certificate.

Abstract: A method and computer program to revoke and update a token (130) having several encryption, signature and role certificates/private keys contained in the token (130). The certificates/private keys in the token 130 are transmitted wrapped by a public key and may only be activated by a private key contained in the token (130). The activation of any certificate/private key requires the entry of a passphrase by a user (132). Further, all certificates/private keys contained in a token (130) are stored in an authoritative database 104. In the event that a token (130) is lost then all certificates/private keys associated with the token (130) are revoked. Further, when new certificates/private keys are issued to a user (132) these certificates/private keys are encrypted using the token's (130) public key and downloaded to the token (130).

Abstract: A token issuance and binding process includes providing a plurality of tokens, each token having a unique ID number stored therein. A unique public/private key pair is generated for each token and each token ID number and corresponding public key is stored in a directory/database. Each private key is stored in its respective token and a unique ID number of a user is bound to a corresponding one of the plurality of tokens by storing the correspondence there between in the directory/database.

Abstract: Method and apparatus for centralized processing of hardware tokens for a public key infrastructure (PKI). A commercially available token is received at a secure processing facility. An operating system is installed on the token. A unique key encipherment certificate is created that includes a public key for the token. The unique key encipherment certificate is written onto the token. A Root Certificate Authority certificate is also written onto the token. A unique private key is written onto the token where the unique private key is the matching key for the unique key encipherment certificate. A software package is loaded onto the token. The software package is capable of cryptologically validating future keys and certificates, decrypting the keys and certificates, and installing the keys and certificates in the token.

Abstract: A method and computer program to assign certificates/private keys to a token (130). This method and computer program allows a user (132) to access a certificate authority (110) and have certificates/private keys that are used for signature, encryption and role purposes generated and downloaded to the token (130). The use of secure communication lines and computers is not necessary since the token (132) contains a unique token ID and private key, while the certificate authority (110) contains the associated public key for the token (130). The certificate generated is wrapped in the public key and only the token (130), having the associated private key, may activate the certificate.

Abstract: A method and computer program to revoke and update a token (130) having several encryption, signature and role certificates/private keys contained in the token (130). The certificates/private keys in the token 130 are transmitted wrapped by a public key and may only be activated by a private key contained in the token (130). The activation of any certificate/private key requires the entry of a passphrase by a user (132). Further, all certificates/private keys contained in a token (130) are stored in an authoritative database 104. In the event that a token (130) is lost then all certificates/private keys associated with the token (130) are revoked. Further, when new certificates/private keys are issued to a user (132) these certificates/private keys are encrypted using the token's (130) public key and downloaded to the token (130).