Client side public key authentication method and apparatus with short-lived certificates

摘要

An authentication system with an ability to effectively implement a system for providing short-lived certificates is described. A key distribution center (KDC) (116) generates and stores public private key pairs and certificate templates. A user is assigned a user public private key pair which is stored in the KDC (116). A user (114) who authenticates to the KDC (e.g. using a password according to, e.g., a kerberos system) prompts the system to recertify the user's public key by generating and signing a short-lived certificate.