Trusted and unsupervised digital certificate generation using a security token

What is claimed: 1. A method for issuing a trustworthy digital certificate comprising: functionally coupling a security token to a computer system, the security token being in processing communications with at least a registration authority via the computer system; sending from the computer system a digital certificate generation request to the registration authority, wherein the digital certificate generation request includes at least one of: an entity identifier or a security token identifier, and wherein: upon reception of the digital certificate generation request, the registration authority both: performs a security transaction with the security token using a critical security parameter securely stored in the security token, wherein information included in the digital certificate generation request is used to identify the critical security parameter and wherein the critical security parameter includes at least one of: authentication data, passwords, PINs, secrets, symmetric and private cryptographic keys which are to be entered into or output from a cryptographic module using a secure mechanism, and sends a PKI key pair generation command to the security token, the security token receives the PKI key pair generation command and generates a PKI key pair that includes a public key; after completion of the PKI key pair generation, the PKI key pair is operatively stored in the security token and the public key of the PKI key pair is sent to the registration authority along with a value based on a proof of token key, wherein the value provides assurances to the registration authority that the PKI key pair was generated within a secure domain of the security token; establishing a secure end-to-end communications channel between the security token and the registration authority; and upon successfulness of the security transaction including confirmation of the value, the registration authority activates the generation of the digital certificate by a certificate authority using the public key, wherein the registration authority sends the PKI key pair generation command to the security token which causes the security token to generate the PKI key pair and return the public key of the PKI key pair to the registration authority after the secure end-to-end communications channel is established. 2. The method according to claim 1 , wherein the proof is a keyed hash message authentication code of the public key using the critical security parameter. 3. The method according to claim 1 , wherein the proof is a digital signature of the public key using the private key of the PKI key pair, and wherein the public key and the proof are sent to the registration authority in encrypted form using the critical security parameter. 4. The method according to claim 1 , further including establishing the secure end-to-end communications channel using the critical security parameter. 5. The method according to claim 1 , wherein the digital certificate includes the public key. 6. The method according to claim 1 , wherein the digital certificate is stored in the security token. 7. The method according to claim 1 , wherein the PKI key pair is generated internally by the security token. 8. The method according to claim 1 , wherein the security transaction comprises a challenge/response protocol, a keyed hashed message authentication code, a digital signature or a combination thereof. 9. The method according to claim 1 , wherein the certificate authority and the registration authority are separate entities. 10. The method according to claim 1 , wherein the certificate authority and the registration authority is a unified entity. 11. The method according to claim 1 , wherein, upon reception of the digital certificate generation request: the registration authority sends a first command to the security token which causes the PKI key pair to be operatively installed inside the security token; the registration authority sends a second command using a critical security parameter associated with the security token to form a cryptogram, and sends the cryptogram to the security token; the security token deciphers the cryptogram using a pre-established critical security parameter operatively stored inside the security token, and returns to at least the registration authority at least one datagram derived from the cryptogram. 12. The method according to claim 11 , wherein the second command includes a digital signature of the public key of the PKI key pair. 13. The method according to claim 11 , wherein the at least one datagram includes a public key associated with the PKI key pair and a digital signature of the public key. 14. The method according to claim 13 , further including verifying the digital signature by at least the registration authority. 15. The method according to claim 11 , wherein the second command includes a retrieve public key command. 16. The method according to claim 11 , further comprising: enciphering the at least one datagram using the pre-established critical security parameter by the security token; deciphering the at least one datagram using the critical security parameter by at least the registration authority. 17. The method according to claim 1 , wherein the value is provided by hashing the proof of token key with the public key. 18. A system for issuing a trustworthy digital certificate, comprising: a security token; a computer system; and a registration authority, wherein: the security token is functionally coupled to the computer system and in processing communications with at least the registration authority via the computer system, and the computer system is adapted to at least receive input from an entity and initiate a digital certification generation process between the security token and the registration authority by sending a digital certificate generation request to the registration authority, wherein the digital certificate generation request includes at least one of: an entity identifier or a security token identifier, and characterized in that: the registration authority, upon reception of the digital certificate generation request, both: performs a security transaction with the security token using a critical security parameter securely stored in the security token, wherein information included in the digital certificate generation request is used to identify the critical security parameter and wherein the critical security parameter includes at least one of: authentication data, passwords, PINs, secrets, symmetric and private cryptographic keys which are to be entered into or output from a cryptographic module using a secure mechanism, and sends a PKI key pair generation command to the security token, the security token receives the PKI key pair generation command and generates a PKI key pair that includes a public key; the security token, after completion of the PKI key pair generation, stores the PKI key pair and sends the public key of the PKI key pair to the registration authority along with a value based on a proof of token key, wherein the value provides assurances to the registration authority that the PKI key pair was generated within a secure domain of the security token; establishing a secure end-to-end communications channel between the security token and the registration authority; and the registration authority, upon successfulness of the security transaction including confirmation of the value, activates the generation of the digital certificate by a certification authority using the public key, wherein the re