Browse Prior Art Database

Method and Process To Concurrently Release Trusted Replacement Public Key Certificates On A Computing System Disclosure Number: IPCOM000199381D
Publication Date: 2010-Aug-31
Document File: 3 page(s) / 49K

Publishing Venue

The Prior Art Database


In the event that the private key used to digitally sign software distributions is compromised, this invention securely and concurrently recovers the compromise situation and continues to deliver future software distributions now using a new private key for signing the distribution.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 3

Method and Process To Concurrently Release Trusted Replacement Public Key Certificates On A Computing System

A second certificate (containing a public key) is always pre-shipped. to be utilized in the event of a private key compromise situation . The recovery method includes delivering
a new certificate via secure packaging signed by the second private key and digitally verified by the pre-shipped second certificate. This compromise situation is identified and recovered concurrent to ongoing operations. No other known solutions can recover from similar situations without having to disrupt customer operations.

A certificate is used to digitally verify software distributions sent to the computing system. This certificate contains a public key which is part of a public/private key pair generated on separate (i.e. separate from the computing system), secure, public/private key pair generation system. The initial code load of the computing system will contain two such, what are considered , valid and trusted certificates. Any software distribution package sent to the computing system is normally digitally signed by the first private key (again, on a separate system) and then digitally verified at the computing system. This verification process on the computing system will always initially attempt to use the first certificate and if that verification fails, the second certificate is used.

     There may be cases in which it is determined that the first certificate on the computing system is compromised. This can include, but not limited to, the compromise of the certificate's associated private key which was part of the original public/private key pair generation which ultimately is used to generate the certificate. When this compromise situation is determined, a replacement (third) public/private key pair is generated at the secure key pair generation system and a new, replacement certificate is generated.

     The replacement certificate itself is then digitally signed by the original second private key . It is then sent to the computing system along with special instructions.

     When this replacement certificate package is received at the computing system, as with all software distributions sent to the computing system, it must pass digital verification for security purposes. It will fail digital verification via the existing first certificate. This is because the replacement certificate package is digitally signed by the second private key. As described before, since the first certificate verification fails, the second certificate is used and in this case the digital verification will be successful. The special instructions in the replacement certificate package will then disable the compromised first certificate and enable the use of the replacement certificate in future software distribution digital verification on the computing system.

     This methodology allows the computing system to replace a compromised certificate and continue uninterrupted...